After using Heroku for a WordPress installation (here and here), Metatooth’s next WordPress installation is running on Linode. Metatooth had been using AWS and Heroku for cloud hosting, the economic conditions of the pandemic made for a budgetary decision. In addition, experiencing the impact of an AWS failure on a business dependent on compute availability, and a desire to not further enrich Jeff Bezos, led to this change.
It always pays to start at the beginning! The desired outcome was Setting Up Multiple WordPress Sites with LXD Containers. The very helpful “Before You Begin” section on each Guide led all the way back to Getting Started with Linode. For this author, the key understanding came when reading A Beginner’s Guide to LXD. After a couple false starts, voila!
tgl@electra:~$ lxc list -c ns4t +--------+---------+----------------------+-----------+ | NAME | STATE | IPV4 | TYPE | +--------+---------+----------------------+-----------+ | db | RUNNING | 10.88.102.185 (eth0) | CONTAINER | +--------+---------+----------------------+-----------+ | nginx1 | RUNNING | 10.88.102.96 (eth0) | CONTAINER | +--------+---------+----------------------+-----------+ | nginx2 | RUNNING | 10.88.102.112 (eth0) | CONTAINER | +--------+---------+----------------------+-----------+ | proxy | RUNNING | 10.88.102.42 (eth0) | CONTAINER | +--------+---------+----------------------+-----------+ tgl@electra:~$
The nginx1 container provides https://electra.growherbert.com and nginx2 provides https://growherbert.com. One stumbling point was that the listen directive for each proxied nginx container must specify both “ssl” and “proxy_protocol”. For example:
ubuntu@proxy:~$ cat /etc/nginx/sites-available/electra.growherbert.com server { listen 80 proxy_protocol; listen [::]:80 proxy_protocol; server_name electra.growherbert.com; return 301 https://$host$request_uri; } server { listen 443 ssl proxy_protocol; server_name electra.growherbert.com; ssl_certificate /root/.acme.sh/growherbert.com/fullchain.cer; ssl_certificate_key /root/.acme.sh/growherbert.com/growherbert.com.key; location / { include /etc/nginx/proxy_params; proxy_pass http://nginx1.lxd; } real_ip_header proxy_protocol; set_real_ip_from 127.0.0.1; } ubuntu@proxy:~$
Lastly was the need to switch DNS providers in order to make use of acme.sh in the proxy container. There was even a helpful Guide for using this script —Secure a Website or Domain with Let’s Encrypt and acme.sh. Switching was easy using Linode’s Domain Manager.
What are you doing with LXD Containers? Tell us about it in the comments!