I am trying to setup a server where I would be running multiple apps. Mostly internal but could also be open source projects like Redmine. They would all be Rails/Ruby apps/test scripts running on headless browsers. In essence, I am trying to setup a heroku like environment internally and wanted some sort of process isolation between these running processes.
I first stumbled upon chroot jails and then learnt about LXC. LXC seems to offer a better control over plain chroot jails. I have an nginx frontend and I would like to run the webserver app processes (thin/mongrel/webrick) in isolated containers. Usually we simply start off these processes on the local ip address and have nginx proxy to them. What is the best way to get this done? Do people setup a static bridged IP for the container and have nginx point to it? How do I ensure that webservers running in the containers are only accessible to host outside?
Documentation about LXC seems to be a bit sparse. Pointers to some good tutorials or HOWTOs would be greatly appreciated. My target deployment environment is a Lucid 64 bit box.
P.S. I am not a linux guru. So, be gentle.
Best Answer
Let's assume that your own IP is 192.168.1.1, your gateway is 192.168.1.254 and your network is 192.168.1.0/24.
You should make a bridged interface on your host machine, like this in /etc/network/interfaces file
and then install a basic ubuntu in LXC:
create a file /lxc/ubuntu.config with the content
/lxc/ubuntu.fstab with
add to /lxc/ubuntu/etc/rc.local
edit /lxc/ubuntu/etc/resolv.cont according your needs.
Then you can create your machine with
then start
or stop
or finally destroy
Your new virtual machine will have the IP 192.168.1.10 and will be accessible on the network.