Proxy Everything into a Linux Container with nginx

January 24, 2015 | linux | devops |

I previously wrote about setting up Node.js + Ghost in an Ubuntu LXC container and using Apache to proxy all web requests into that container. This works pretty well for the most part, but it seems like nginx is much better tool for this since it was pretty much designed to be a proxy server. We have a server that we are using for all Bit-Monkeys projects and I recently set up gitlab, along with a development site for openfaqs inside of LXC containers. The main benefit of this approach is that you can isolate the environments, manage upgrades and updates of various pieces separately, and fix issues in one environment without bringing down your entire infrastructure. Setting this up to work with nginx is super easy. First you will need to grab the IP address of your container which you can easily get by running as the root user

lxc-ls --fancy

Once you have the IP address of the container, you will need to install nginx. We are running Ubuntu 14.04 so it is as simple as apt-get install nginx. The last step is to create a virtual host config file for your container.

vim /etc/nginx/sites-available/yoursite

The contents of this file should look something like this:

server {  
listen 80;

server_name dev.openfaqs.com www.dev.openfaqs.com;

location / {

  proxy_pass http://10.0.3.194:5000;

  proxy_set_header Host $host;

  proxy_set_header X-Real-IP $remote_addr;

  proxy_set_header X-Forwarded-for $remote_addr;

  port_in_redirect off;

  proxy_redirect http://10.0.3.194:5000 /;

  proxy_connect_timeout 300;

  }

}

First you should replace the server_name directive with the name of your site. Next you will want to replace the IP address in the proxy_pass and proxy_redirect arguments to the IP address of your container. We are running Flask which is why it is routing to port 5000, you should replace the port with whatever port your application is running on. After this has been completed you should make a symbolic link to the /sites-enabled directory and restart nginx.

ln -s /etc/nginx/sites-available/yoursite /etc/nginx/sites-enabled/yoursite

service nginx restart

If all goes well, you will now be able to enter the name of your site in the browser and be served with whatever content or application is running inside of your container. This is a really great use case for container in my opinion, and nginx makes it easier than ever to get started. UPDATE: You can just as easily add a server block for 443 to proxy all HTTPS requests into the container as well. (Thanks tostmiller via reddit for the question.) Sweet, now that you have mastered nginx proxies with LXC, check out the the complete guide to nginx high performance.

Thank you for reading! Share your thoughts with me on bluesky, mastodon, or via email.

Check out some more stuff to read down below.

Most popular posts this month

Recent Favorite Blog Posts

This is a collection of the last 8 posts that I bookmarked.

Rewrote my blog with Zine from Drew DeVault's blog
A eulogy for Vim from Drew DeVault's blog
Pluralistic: AI "journalists" prove that media bosses don't give a shit (11 Mar 2026) from Pluralistic: Daily links from Cory Doctorow
Avi Alkalay: Uniqlo T-Shirt Bash Script Easter Egg from Fedora People
Offline 23 hours a day from Derek Sivers blog
Pluralistic: California can stop Larry Ellison from buying Warners (28 Feb 2026) from Pluralistic: Daily links from Cory Doctorow
On Alliances from Smashing Frames
Acting ethically in an imperfect world from Smashing Frames

Articles from blogs I follow around the net

“Plain text has been around for decades and it’s here to stay.”

There’s a category of “plain text” or “ASCII” diagramming and UI design tools: Mockdown – works immediately on the web, even on mobile Wiretext – works on the web, but desktop only Monodraw – a Mac app I believe these are used by people who prefer intentio...

via Unsung April 24, 2026

Pluralistic: A free, open visual identity for enshittification (24 Apr 2026)

Today's links A free, open visual identity for enshittification: No mere poop emoji! Hey look at this: Delights to delectate. Object permanence: RIAA v little girl; Portal turret Easter egg; Atari v indie games; Chabon's Phantom Tollbooth intro; The 0.1%;...

via Pluralistic: Daily links from Cory Doctorow April 24, 2026

Nicolas Solerieu

This week on the People and Blogs series we have an interview with Nicolas Solerieu, whose blog can be found at slrncl.com/blog. Tired of RSS? Read this in your browser or sign up for the newsletter. People and Blogs is supported by the "One a Month" club...

via Manuel Moreale — Everything Feed April 24, 2026

Generated by openring