Update (03/01/13): the diagram below is hopelessly wrong in regard to the networking for the ‘backend’ containers. I’m leaving the post as is as a reminder of how I worked through the setup. Will add a link here in future when I get the setup right.
I’m currently setting up a Hetzner dedicated server to replace an existing one. While doing this I’m changing the way I do things to make the setup easier to administer. I use a number of web applications at the moment; several instances of WordPress, Gitorious and ThinkUp. Getting all of them to play nicely together can be a pain. In particular, adding another RoR application to the setup is horrid. So I’ve been looking at how bits of the software infrastructure can be separated. While doing this I’ve taken an interest in LXC – Linux Containers akin to chroot or FreeBSD jails or several other server partitioning technologies. There’s various other interesting points on this that aren’t really relevant here and now. Folks at Ubuntu seem to have taken an interest in LXC and have done a massive amount of work to make it easy to use. In particular, Stéphane Graber has written some great content.
So, I’m working on my setup which is going to make use of separate web application containers i.e. multiple Ubuntu containers running Apache and PHP or Ruby talking to a database container. The following diagram represents what I think the setup should look like:
Currently, lxcbr0 exists (it’s in the default conf file for a container) and I have UFW forwarding port 80 connections on eth0 to nginx. Nginx will serve as a reverse proxy communicating with the appropriate Apache servers for the particular site requested. So I expect it to have two network interfaces; one to lxcbr0 (this exists) and one to communicate with the backend Apache servers (this doesn’t exist yet). The backend servers consist of a DB server and multiple Apache servers which I see as being part of a VLAN, communicating with each other and the internet (for the purposes of updates and external services like mail). This is the bit which confuses me currently and which I’m trying to figure out before adding any more configuration or packages. Although I’ve used the term VLAN I’m looking at both VLAN and MACVLAN (and possibly other networking options). I’ll write another post when I get the final setup but if anyone wants to throw in their tuppence worth it’s all welcome :)