Traefik in docker on Proxmox for lxc containers

T

Tao-Lee

New Member
Oct 11, 2023
4
0
1
Hi all, how can I make this setup work so I can use Traefik for the lxc containers for my (sub)domains?
I hope someone can help me out with this after a week of breaking my head over it...

My setup:
1 Proxmox v8.04 at a hosting provider
ip Proxmox: xxx.xxx.xxx.40
internal network is: 10.10.10.0/24
Bridge name of internal network:vmbr0
Gateway: 10.10.10.1

On the Proxmox I am running:
1 lxc container with Easypanel in Docker where Traefik is running in out of the box.
ip lxc container where Docker is running in with Easypanel and Traefik: 10.10.10.42
ip range in Docker: 10.0.1.0/24
Then I have the following containers
1 lxc container(no docker) with ip: 10.10.10.2
1 lxc container(no docker) with ip: 10.10.10.3
1 lxc container(no docker) with ip: 10.10.10.4

When logging in the Traefik container console in Docker I can ping all the lxc containers.
When logging in the console of the lxc containers I can ping 10.0.1.1 and 10.0.1.11 (and other Docker containers)

I am not able both way's to ping with the hostnames.
When I am using Pihole and pointing the dns to that(all the lxc containers), I am able to ping hostnames in the Traefik container console in Docker.
I am not able to ping hostnames in Docker from the lxc containers.

In Proxmox I edit: /etc/network/interfaces
and added:
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443

With kind regards,
Charles
 
Tao-Lee said:
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.42:80
post-up iptables -t nat -A PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443
post-down iptables -t nat -D PREROUTING -i ens6 -p tcp --dport 443 -j DNAT --to-destination 10.10.10.42:443
Click to expand...
I would add the destination ip to not filter other packages. Have you enabled routing? Have you setup your gateway 10.10.10.1, is routing and natting enabled there?
 
  • Like
Reactions: Tao-Lee
I think I did...

Here is the rest of: /etc/network/interfaces

auto lo
iface lo inet loopback

auto ens6
iface ens6 inet static
address xxx.xxx.xxx.40/32
gateway xxx.xxx.xxx.1

auto vmbr0
iface vmbr0 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens6 -j MASQUERADE

Is this what you mean?
 
Thank you for your answer!
I have not done that but I just did and I seem to have a little problem when logging.

I made a little bash script:
#!/bin/bash

# Set the filename and path for saving the tcpdump output
OUTPUT_FILE="tcpdump_output_$(date +%Y-%m-%d_%H-%M-%S).pcap"

# Run tcpdump to capture network traffic for 5 seconds and save it to the specified file
sudo tcpdump -i any -w "$OUTPUT_FILE" -G 5 -W 1

echo "Tcpdump capture completed. Output saved to: $OUTPUT_FILE"

When opening with nano I get some clean text but I also get symbols mixed with text and the text part is where I can see my subdomain but the
I see symbols.
 
I managed with tshark to get a clean result now! thanks so far.
Will dive in the log to see at what point it goes wrong.
 
You must log in or register to reply here.
Top Bottom