One Traefik RP for several LXC instances

M

Mato

New Member
Nov 24, 2023
3
0
1
Hi & Thank you for your time!
I'am a beginer with Proxmox, but hosting services since a few years.
So far i used to have 1 crapy old PC what managed to host all services in the same virtual environment.
About a week ago i moved to Proxmox and rebuilding my setup now.
My question is:
I setup for simplicity sake 2 LXC containers.
- 1st LXC Running dockerised services what are required to run 0-24:
( Traefik, UptimeKuma, SearXNG etc. )
- 2nd LXC is lets say a simple web server what is not required to run always or temporary experimental services.
I'am looking for some idea or documentation how to "route" traffic from the CT running Traefik to the web server running in the 2nd CT.
Or i have to learn docker swarm....i realy dont know

Clearly i cant even really ask the right question for now, so any help, experience is appreciated to point me into the right direction to start my learning process.
Ty
 
Last edited:
Guillaume Delanoy said:
Hello,

See https://bobcares.com/blog/proxmox-traefik-container/

Installation help with Ansible is available here:
https://github.com/briandipalma/proxmox-services/blob/main/ansible/roles/traefik/tasks/main.yml


Kind regards,

--
Guillaume Delanoy
Click to expand...
Ty for your kind reply!

I checked out both the traefik documentation which is a really basic traefik setup guide.
The github .yml example was a bit overwhelming due to lack of experience..

Could you please help me to understand the concept of it?
What exactly makes the 2 separate LXC containers connect?
I only have speculations so far:
a: Is it a network "discovery" funcion of Traefik
b: Is it the Proxmox host docker.sock
c: Is it some "magic" ip routing what Proxmox sets up for the containers
d: Is it something totally else

Or you just have to add the IP and port for the other container/service to the traefik.yml like u did here:
```
services:
sonarr:
loadBalancer:
servers:
- url: http://192.168.1.22:8989
```

Sorry for my incompetence and lack of knowledge i'm really trying to find the logic so can start to understand and learn it.
Thank you!
 
Last edited:
Mato said:
Ty for your kind reply!

I checked out both the traefik documentation which is a really basic traefik setup guide.
The github .yml example was a bit overwhelming due to lack of experience..

Could you please help me to understand the concept of it?
What exactly makes the 2 separate LXC containers connect?
I only have speculations so far:
a: Is it a network "discovery" funcion of Traefik
b: Is it the Proxmox host docker.sock
c: Is it some "magic" ip routing what Proxmox sets up for the containers
d: Is it something totally else

Or you just have to add the IP and port for the other container/service to the traefik.yml like u did here:
```
services:
sonarr:
loadBalancer:
servers:
- url: http://192.168.1.22:8989
```

Sorry for my incompetence and lack of knowledge i'm really trying to find the logic so can start to understand and learn it.
Thank you!
Click to expand...

Hello,

> What exactly makes the 2 separate LXC containers connect?
> I only have speculations so far:
> a: Is it a network "discovery" funcion of Traefik

I don't think so. I'm no Traefik specialist but last time I used it, there was no discovery function.

> b: Is it the Proxmox host docker.sock

No, the docker.sock is a simple socket awaiting connections. Besides, I would advise *against* installing docker directly on Proxmox VE, for security reasons. Installing it inside an LXC Container as you did is the better way to go.


> c: Is it some "magic" ip routing what Proxmox sets up for the containers

Nope. There is no "magic" in systems administration :D

> d: Is it something totally else

If you set up your Traefik reverse proxy with two separate network interfaces, each connected to the external vmbr of your hypervisor (usually vmbr0) and an internal vmbr where your other container reside, the reverse proxy simply routes (probably with a NAT rule) the traffic allowed in its .YAML configuration from the external interface to the internal one, and the other way for the traffic in response. This is the typical function of a reverse proxy.

I suggest you read some documentation about routing and Network Address Translation (NAT) in order to get to a better comprehension of these mechanisms (this is slightly outdated but accessible: https://www.iptables.org/documentation/HOWTO/de/NAT-HOWTO.txt).

Kind regards,

--
Guillaume Delanoy
 
Guillaume Delanoy said:
Hello,

> What exactly makes the 2 separate LXC containers connect?
> I only have speculations so far:
> a: Is it a network "discovery" funcion of Traefik

I don't think so. I'm no Traefik specialist but last time I used it, there was no discovery function.

> b: Is it the Proxmox host docker.sock

No, the docker.sock is a simple socket awaiting connections. Besides, I would advise *against* installing docker directly on Proxmox VE, for security reasons. Installing it inside an LXC Container as you did is the better way to go.


> c: Is it some "magic" ip routing what Proxmox sets up for the containers

Nope. There is no "magic" in systems administration :D

> d: Is it something totally else

If you set up your Traefik reverse proxy with two separate network interfaces, each connected to the external vmbr of your hypervisor (usually vmbr0) and an internal vmbr where your other container reside, the reverse proxy simply routes (probably with a NAT rule) the traffic allowed in its .YAML configuration from the external interface to the internal one, and the other way for the traffic in response. This is the typical function of a reverse proxy.

I suggest you read some documentation about routing and Network Address Translation (NAT) in order to get to a better comprehension of these mechanisms (this is slightly outdated but accessible: https://www.iptables.org/documentation/HOWTO/de/NAT-HOWTO.txt).

Kind regards,

--
Guillaume Delanoy
Click to expand...
Awesome! Ty i dig right in to it.
I really struggling to even ask the right questions yet.
TY
 
You must log in or register to reply here.
Top Bottom