Installation d'un reverse proxy sous LXD

Distribution de travail : Ubuntu 21.10

I/ Configuration du serveur hôte.

1/ Configuration du serveur hôte.

  • Connexion au serveur hôte :
util01@station66:~$ ssh ubuntu@146.59.154.144
...
ubuntu@146.59.154.144's password: 
...
ubuntu@vps-c49a29aa:~$ 
  • Mise-à-jour :
ubuntu@vps-c49a29aa:~$ sudo apt update 
ubuntu@vps-c49a29aa:~$ sudo apt --fix-broken install
ubuntu@vps-c49a29aa:~$ sudo apt upgrade
  • Installation des applications de base :
ubuntu@vps-c49a29aa:~$ sudo apt install vim htop links screen
  • Redémarrer le serveur :
ubuntu@vps-c49a29aa:~$ sudo reboot

2/ Installation de Snap.

Lien :
https://snapcraft.io/docs/installing-snap-on-ubuntu

  • Installation de Snapd :
ubuntu@vps-c49a29aa:~$ sudo apt install snapd
  • Déconnecter et se reconnecter.

  • Installation du core :

ubuntu@vps-c49a29aa:~$ sudo snap install core
core 16-2.54.3 from Canonical✓ installed
  • Test :
ubuntu@vps-c49a29aa:~$ sudo snap install hello-world
hello-world 6.4 from Canonical✓ installed
ubuntu@vps-c49a29aa:~$ 
ubuntu@vps-c49a29aa:~$ hello-world
Hello World!

3/ Installation de LXD.

Liens :
https://linuxcontainers.org/lxd/getting-started-cli/
https://www.tecmint.com/install-lxc-ubuntu-ubuntu/
https://www.linode.com/docs/guides/beginners-guide-to-lxd/

  • Installation de la version stable :
ubuntu@vps-c49a29aa:~$ sudo snap install lxd --channel=4.0/stable
lxd (4.0/stable) 4.0.8 from Canonical✓ installed
  • Vérification de la version :
ubuntu@vps-c49a29aa:~$ lxd --version
4.23

4/ Configuration de LXD.

  • Configuration :
ubuntu@vps-c49a29aa:~$ sudo lxd init
Would you like to use LXD clustering? (yes/no) [default=no]: no
Do you want to configure a new storage pool? (yes/no) [default=yes]: yes
Name of the new storage pool [default=default]: ilard_pool
Name of the storage backend to use (dir, lvm, zfs, ceph, btrfs) [default=zfs]: zfs
Create a new ZFS pool? (yes/no) [default=yes]: yes
Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]: no
Size in GB of the new loop device (1GB minimum) [default=30GB]: 30GB
Would you like to connect to a MAAS server? (yes/no) [default=no]: no
Would you like to create a new local network bridge? (yes/no) [default=yes]: yes
What should the new bridge be called? [default=lxdbr0]: 
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
Would you like the LXD server to be available over the network? (yes/no) [default=no]: no
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: yes
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: no
  • Vérification :
ubuntu@vps-c49a29aa:~$ sudo lxc profile show default
To start your first container, try: lxc launch ubuntu:20.04
Or for a virtual machine: lxc launch ubuntu:20.04 --vm

config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: ilard_pool
    type: disk
name: default
used_by: []

5/ Vérification du stockage.

  • Listage des stockages :
ubuntu@vps-c49a29aa:~$ sudo lxc storage list
+------------+--------+-----------------------------------------------+-------------+---------+
|    NAME    | DRIVER |                    SOURCE                     | DESCRIPTION | USED BY |
+------------+--------+-----------------------------------------------+-------------+---------+
| ilard_pool | zfs    | /var/snap/lxd/common/lxd/disks/ilard_pool.img |             | 1       |
+------------+--------+-----------------------------------------------+-------------+---------+
  • Vérification :
ubuntu@vps-c49a29aa:~$ sudo lxc storage show ilard_pool
config:
  size: 30GB
  source: /var/snap/lxd/common/lxd/disks/ilard_pool.img
  zfs.pool_name: ilard_pool
description: ""
name: ilard_pool
driver: zfs
used_by:
- /1.0/profiles/default
status: Created
locations:
- none
  • Vérification de l'interface réseau :
ubuntu@vps-c49a29aa:~$ sudo lxc network show lxdbr0
config:
  ipv4.address: 10.168.240.1/24
  ipv4.nat: "true"
  ipv6.address: fd42:9eda:b555:ed18::1/64
  ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/profiles/default
managed: true
status: Created
locations:
- none

II/ Installation d'un Reverse Proxy".

Liens :
https://lxdware.com/simple-nginx-reverse-proxy-in-lxd/
https://www.linode.com/docs/guides/beginners-guide-to-lxd-reverse-proxy/

1/ Création des conteneurs.

  • Création de 2 conteneurs :
ubuntu@vps-c49a29aa:~$ sudo lxc launch ubuntu:20.04 container1
Creating container1
Starting container1
ubuntu@vps-c49a29aa:~$ sudo lxc launch ubuntu:20.04 container2
Creating container2
Starting container2
  • Création d'un conteneur pour le reverse proxy :
ubuntu@vps-c49a29aa:~$ sudo lxc launch ubuntu:20.04 proxy
Creating nginx-proxy
Starting nginx-proxy 
  • Listage des conteneurs :
ubuntu@vps-c49a29aa:~$ sudo lxc list
+------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
|    NAME    |  STATE  |         IPV4          |                     IPV6                      |   TYPE    | SNAPSHOTS |
+------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
| container1 | RUNNING | 10.168.240.200 (eth0) | fd42:9eda:b555:ed18:216:3eff:fe3c:6b14 (eth0) | CONTAINER | 0         |
+------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
| container2 | RUNNING | 10.168.240.198 (eth0) | fd42:9eda:b555:ed18:216:3eff:feff:cd0a (eth0) | CONTAINER | 0         |
+------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
| proxy      | RUNNING | 10.168.240.247 (eth0) | fd42:9eda:b555:ed18:216:3eff:fe43:c198 (eth0) | CONTAINER | 0         |
+------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+

2/ Configuration du conteneur 'container1'.

  • Connexion au conteneur :
ubuntu@vps-c49a29aa:~$ lxc exec container1 -- sudo --user ubuntu --login
To start your first container, try: lxc launch ubuntu:20.04
Or for a virtual machine: lxc launch ubuntu:20.04 --vm

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@container1:~$ 
  • Mise-à-jour du conteneur :
ubuntu@container1:~$ sudo apt update && sudo apt upgrade
  • Installation du serveur web Apache2 :
ubuntu@container1:~$ sudo apt install -y apache2
  • Configuration :

Ouvrir :

/etc/apache2/conf-available/remoteip.conf

Ajouter :

RemoteIPHeader X-Real-IP
RemoteIPTrustedProxy 10.168.240.247 fd42:9eda:b555:ed18:216:3eff:fe43:c198

L'adresse ipv4 et l'adresse MAC sont ceux du proxy.

  • Installation du module 'remoteip' :
ubuntu@container1:~$ sudo a2enmod remoteip
Enabling module remoteip.
To activate the new configuration, you need to run:
  systemctl restart apache2
  • Activer la configuration :
ubuntu@container1:~$ sudo a2enconf remoteip
Enabling conf remoteip.
To activate the new configuration, you need to run:
  systemctl reload apache2
  • Modification de la page par défaut :

Ouvrir :

/var/www/html/index.html

Chercher :

          <div id="about"></div>
          It works!
          </div>

Remplacer par :

          <div id="about"></div>
          Container Apache
          </div>
  • Rechargement de Apache :
ubuntu@container1:~$ sudo systemctl reload apache2
ubuntu@container1:~$ exit
logout
ubuntu@vps-c49a29aa:~$ 

3/ Configuration du conteneur 'container2'.

  • Connexion au conteneur :
ubuntu@vps-c49a29aa:~$ lxc exec container2 -- sudo --user ubuntu --login
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@container2:~$ 
  • Mise-à-jour du système :
ubuntu@container1:~$ sudo apt update
ubuntu@container1:~$ sudo apt upgrade
ubuntu@container1:~$ sudo apt install -y vim screen htop links
ubuntu@container1:~$ sudo apt install -y nginx 
  • Configuration du serveur :

Ouvrir :

/etc/nginx/conf.d/real-ip.conf

Ajouter :

real_ip_header    X-Real-IP;
set_real_ip_from  proxy.lxd;
  • Modification de la page par défaut :

Ouvrir :

/var/www/html/index.nginx-debian.html

Chercher :

<h1>Welcome to nginx!</h1>

Remplacer par :

<h1>Container2 Nginx</h1>
  • Rechargement du serveur :
ubuntu@container2:~$ sudo systemctl reload nginx
  • Sortir du conteneur :
ubuntu@container2:~$ exit
ubuntu@vps-c49a29aa:~$

4/ Configuration du conteneur 'proxy'.

  • Redirection du port 80 :
ubuntu@vps-c49a29aa:~$ sudo lxc config device add proxy myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80 proxy_protocol=true
Device myport80 added to proxy
  • Redirection du port 443 :
ubuntu@vps-c49a29aa:~$ sudo lxc config device add proxy myport443 proxy listen=tcp:0.0.0.0:443 connect=tcp:127.0.0.1:443 proxy_protocol=true
Device myport443 added to proxy
  • Connexion au conteneur :
ubuntu@vps-c49a29aa:~$ lxc exec proxy -- sudo --user ubuntu --login
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@proxy:~$ 
  • Mise-à-jour du système :
ubuntu@proxy:~$ sudo apt update && sudo apt upgrade
  • Installation de Nginx :
ubuntu@proxy:~$ sudo apt install -y nginx
  • Déconnexion :
ubuntu@proxy:~$ logout
ubuntu@vps-c49a29aa:~$ 

5/ Configuration de Nginx comme proxy reverse.

  • Connexion au connexion au conteneur 'proxy' qui est le proxy reverse :
ubuntu@vps-c49a29aa:~$ lxc exec proxy -- sudo --user ubuntu --login
ubuntu@proxy:~$ 
  • Ajout de la configuration pour le nom de domaine 'container1.hacklab.run' vers conteneur 'container1' :

Ouvrir :

/etc/nginx/sites-available/container1.hacklab.run

Ajouter :

server {
        listen 80 proxy_protocol;
        listen [::]:80 proxy_protocol;

        server_name container1.hacklab.run;

        location / {
                include /etc/nginx/proxy_params;

                proxy_pass http://container1.lxd;
        }

        real_ip_header proxy_protocol;
        set_real_ip_from 127.0.0.1;
}
  • Activation de la configuration :
ubuntu@vps-c49a29aa:~$ sudo ln -s /etc/nginx/sites-available/container1.hacklab.run /etc/nginx/sites-enabled/
  • Rechargement de Nginx :
ubuntu@proxy:~$ sudo systemctl reload nginx
  • Déconnexion :
ubuntu@proxy:~$ logout
ubuntu@vps-c49a29aa:~$ 

6/ Test.

  • Sur l'ordinateur local .

Ouvrir :

/etc/hosts

Ajouter :

146.59.154.144 container1.hacklab.run
  • Visualisation de la page par défaut de Apache2 du conteneur 'container1' :
util01@station66:~$ links container1.hacklab.run  
7/ Configuration de Nginx.
  • Connexion au conteneur 'proxy' où est installé le proxy reverse :
ubuntu@vps-c49a29aa:~$ sudo lxc exec proxy -- sudo --user ubuntu --login
ubuntu@proxy:~$ 
  • Configuration du fichier de configuration :

Ouvrir :

/etc/nginx/sites-available/container2.hacklab.run

Ajouter :

server {
        listen 80 proxy_protocol;
        listen [::]:80 proxy_protocol;

        server_name container2.hacklab.run;

        location / {
                include /etc/nginx/proxy_params;

                proxy_pass http://container2.lxd;
        }

        real_ip_header proxy_protocol;
        set_real_ip_from 127.0.0.1;
}
  • Activation de la configuration :
ubuntu@vps-c49a29aa:~$ sudo ln -s /etc/nginx/sites-available/container2.hacklab.run /etc/nginx/sites-enabled/
  • Rechargement de Nginx :
ubuntu@vps-c49a29aa:~$ sudo systemctl reload nginx
  • Déconnexion :
ubuntu@proxy:~$ logout
ubuntu@vps-c49a29aa:~$ 

8/ Test.

  • Sur l'ordinateur local .

Ouvrir :

/etc/hosts

Ajouter :

146.59.154.144 container2.hacklab.run
  • Visualisation de la page par défaut du serveur Nginx du conteneur 'container2' :
util01@station66:~$ links container2.hacklab.run