Personal blog and documentation

@aRkadeFR blog and documentation on system and development, the project and infrastructure

First article of the series for, focusing on the infrastructure.

The goal of this series of article aims to keep you up to date with the project This project is built on top of Django web framework.

After couple of months reading articles about Django, and how to scale web application, my turn to implement a solution.

Very simple diagram to explain my view about a good infrastructure for Django project:

Project Infrastructure

Some keywords about the infrastructure:

I wanted to use container for these reason:

Setting up the LXC container

LXC provides a lightweight virtualization, and enable every one under Linux to have the same “box” for development.

To install LXC, I referred to the very good Debian Wikipedia. I installed it under a kimsufi. You have to upgrade the kernel. I’m using the 3.14.7 from OVH. The installation and setup is straightforward.

Create the container

You’ll notice that the Debian basic container that you can create is very empty. To change this, you can go into the LXC template for adding some package to your container (122:/usr/share/lxc/templates/lxc-Debian). Watch out of the LXC cache into /var/cache/lxc/, you need to erase it for your changes to be taken into account.



After starting and stopping your container to test it, you need to setup the network.

The requirements are:

A good article explains how to setup your network with a bridge between the host and the container.

This is exactly what I want. I change the container configuration (/var/lib/#NAME_CONTAINER#/config) with this network setup: = veth = up = br1 = 4a:49:43:49:79:bf = XX.XX.XX.1/24 = XX.XX.XX.254 = XXXX:XXX:X:X:XXXX:XX:XX:XXXX

After restarting, the container will try to find the bridge br1, take the IP XX.XX.XX.1, and have as the default gateway XX.XX.XX.254.


We need to prepare the host. I suggest to do it live, then change the configuration to have the same setup after a reboot.

The tools you will use are:

We create the br1 bridge with brctl. Then we address the IP XX.XX.XX.254 with ip address to the bridge.

Then we need to setup the Debian firewall. This is done with the iptables command.

We tell the kernel to flush all the iptables with iptables -t nat -F && iptables -F. Then setup the eth0 interface as a nat interface:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To forward the port 80 to the container, just add the port forwarding rule:

iptables -t nat -A PREROUTING -p tcp -d XX.XX.XX.XX --dport 80 -j DNAT --to

Checking everything:

root@container1:~# ip route
default via XX.XX.XX.254 dev eth0 

root@host:~# iptables -t nat -L
target     prot opt source               destination         
MASQUERADE  all  --          anywhere  

root@host:~# iptables -t nat -L
XX: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
inet XX.XX.XX.254/24 scope global br1
XX: vethSjT4bq: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP qlen 1000

root@Debian1:~# ping XX.XX.XX.254
PING XX.XX.XX.254 (XX.XX.XX.254) 56(84) bytes of data.
64 bytes from XX.XX.XX.254: icmp_req=1 ttl=64 time=0.200 ms
root@Debian1:~# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=47 time=9.56 ms

We have so far a good basic setup.