Traefik in docker on Proxmox for lxc containers

Tao-Lee

New Member
Oct 11, 2023
4
0
1
Hi all, how can I make this setup work so I can use Traefik for the lxc containers for my (sub)domains?
I hope someone can help me out with this after a week of breaking my head over it...

My setup:
1 Proxmox v8.04 at a hosting provider
ip Proxmox: xxx.xxx.xxx.40
internal network is: 10.10.10.0/24
Bridge name of internal network:vmbr0
Gateway: 10.10.10.1

On the Proxmox I am running:
1 lxc container with Easypanel in Docker where Traefik is running in out of the box.
ip lxc container where Docker is running in with Easypanel and Traefik: 10.10.10.42
ip range in Docker: 10.0.1.0/24
Then I have the following containers
1 lxc container(no docker) with ip: 10.10.10.2
1 lxc container(no docker) with ip: 10.10.10.3
1 lxc container(no docker) with ip: 10.10.10.4

When logging in the Traefik container console in Docker I can ping all the lxc containers.
When logging in the console of the lxc containers I can ping 10.0.1.1 and 10.0.1.11 (and other Docker containers)

I am not able both way's to ping with the hostnames.
When I am using Pihole and pointing the dns to that(all the lxc containers), I am able to ping hostnames in the Traefik container console in Docker.
I am not able to ping hostnames in Docker from the lxc containers.

In Proxmox I edit: /etc/network/interfaces
and added:
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443

With kind regards,
Charles
 
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443
I would add the destination ip to not filter other packages. Have you enabled routing? Have you setup your gateway 10.10.10.1, is routing and natting enabled there?
 
  • Like
Reactions: Tao-Lee
I think I did...

Here is the rest of: /etc/network/interfaces

auto lo
iface lo inet loopback

auto ens6
iface ens6 inet static
address xxx.xxx.xxx.40/32
gateway xxx.xxx.xxx.1

auto vmbr0
iface vmbr0 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens6 -j MASQUERADE

Is this what you mean?
 
Thank you for your answer!
I have not done that but I just did and I seem to have a little problem when logging.

I made a little bash script:
#!/bin/bash

# Set the filename and path for saving the tcpdump output
OUTPUT_FILE="tcpdump_output_$(date +%Y-%m-%d_%H-%M-%S).pcap"

# Run tcpdump to capture network traffic for 5 seconds and save it to the specified file
sudo tcpdump -i any -w "$OUTPUT_FILE" -G 5 -W 1

echo "Tcpdump capture completed. Output saved to: $OUTPUT_FILE"

When opening with nano I get some clean text but I also get symbols mixed with text and the text part is where I can see my subdomain but the
I see symbols.
 
I managed with tshark to get a clean result now! thanks so far.
Will dive in the log to see at what point it goes wrong.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!