On Thu, Mar 30, 2017 at 11:20 PM, John Lewis <[email protected]> wrote: > It is traditional LXC because LXD wasn't out when I set it up > originally. I won't build the packages for LXD if I am not even using > it properly. > > I direct incoming connections using iptables with both the the host and > the virtual router. >
An alternative that I use, is to have a reverse proxy like HAProxy, to direct the connections to the correct containers. HAProxy can be installed either on the server, or in a container itself. In the first case there are no iptables rules, in the second there is a single iptables rule. An added benefit is that you can get HAProxy to work as a TLS termination proxy, and get SSL/TLS (using Let's Encrypt) with no additional configuration in the Web servers. > I am extremely confident about moving my installation. I will use > Ansible for the provisioning and the configuration. I will install all > of the packages I need on a simple VPS. I can still use cgroups to > control the resource usage of the processes. It will be moderately > easier for me to secure because it is easy to see where everything is > and what state everything is in. > > I backup the VPS with rsnapshot that is running on a host that I have > physical access too and I rotate the backup drive to another location. > The LXCs are disk images. > > Could you elaborate on separating data from services? > If you were to backup from your Web server container, you would really need to backup some files from /etc/nginx/, maybe some files from /etc/php/ and the directory /var/www/ It's probably more about separating your data from the "whole container image". Some of the tasks that you are doing, could be simplified with LXD. If you just read https://stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/ it should get you up to speed in no time. I do not see much of a reason for you not to use containers. It gets your job done, you are on top of it, and you can use a single VPS instead of several. Simos > On Thu, 2017-03-30 at 23:07 +0300, Simos Xenitellis wrote: >> Is that the traditional LXC or is it LXD/LXC containers? >> I have a similar set-up (the latter, with LXD/LXC) and there is also a >> vsftpd in the mix. >> >> I think your question is about best practices and whether your >> installation adheres >> to some best practices. >> How do you direct incoming connections to each container? Do you use >> iptables or something else? >> If you where to migrate your installation to another VPS, how >> confident would you be to do that? >> How do you get backups? Do you take snapshots as backups? >> >> I think that if you reach a point where you separate your data from >> the services, the management of the containers >> will become much easier and you will feel more confident with the >> installation. >> >> Simos >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
