In the previous lesson, we learned how to set up the LXD and set up the network as well as create a Nginx container and now set up Nginx inside the container:

![](https://steemitimages.com/DQmPwieJhcVLpdXTgWeNn4B4RPDPXftfDUH3EFaMUr87fEL/image.png)
Step 4: Configure the Nginx container
Connect to the webserver and set up the web server. Contact the container with the lxc execname of the container and the execution orders as input:

lxc exec webserver - sudo --login --user ubuntu 
The first "-" sign indicates that the input of the command lxcmust stop and the rest of the line will be passed as a command to be executed inside the container. The command is sudo --login –user Ubuntuwhich will provide a logon shell for the previous ubuntu account setting inside the container. 
Note : If you need to contact the container as root, use the command

lxc exec webserver -- /bin/bash 
Instead of that. After you enter the container, the shell will now look like the following.

ubuntu@webserver:~$
The ubuntu user in the container has sudo pre-configured permissions and can execute root permissions without requiring a password. This shell is limited to container boundaries. Anything you run in this shell will remain in the container and can not be accessed by the host server. Let's set up Nginx in this container. Update the list of ubuntu packages inside the container and confirm Nginx:

sudo apt-get update
sudo apt-get install nginx
Then edit the default web page for this site and add some sentences that make it clear that this site is hosted in the webserver container. 
Open the file:

sudo nano /var/www/html/index.nginx-debian.html
Enter the following change on the file:

The web server works, but we can only access it through your IP. We direct external orders to this container so that the world can access our website.

Step 5: Forward incoming connections to the Nginx container
The last part of the puzzle is to connect the web server container to the Internet. Nginx is installed in a container, and by default can not be accessed from the Internet. We need to set up the host server to redirect any connections it may receive from the Internet on port 80 to the webserver container. To do this we will create an iptables base to redirect communications. Iptables require two IP addresses: the public IP address of your server (your_server_ip) and the IP address of the nginx ( your_webserver_container_ip) container , which you can obtain with the command lxc list. Do this to create the rule:

PORT=80 PUBLIC_IP=your_server_ip CONTAINER_IP=your_container_ip \
sudo -E bash -c 'iptables -t nat -I PREROUTING -i eth0 -p TCP -d $PUBLIC_IP --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT -m comment --comment "forward to the Nginx container"'
Here's an explanation of this:

-t nat I mean we use a nat table to translate the address.
-I PREROUTING This means that we are adding the rule to the PREROUTING series.
-i eth0It means the interface eth0, which is the default public interface in Droplets.
-p TCP Means we are using the TCP protocol.
-d $PUBLIC_IP Specifies the destination IP address.
--dport $PORT : Specifies the destination port (such as 80).
-j DNAT Means that we want to make a jump to the destination NAT (DNAT).
--to-destination $CONTAINER_IP:$PORT Means that we want to go to the IP address of the container listed and destination port.
Note: You can reuse this command to set up forwarding rules simply by setting variables PORT و PUBLIC_IPand CONTAINER_IPat the beginning of the line. 
Just change the color values ​​in red.

You can view IPTables rules by running this command:

sudo iptables -t nat -L PREROUTING 
You'll see a similar exit for this:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             your_server_ip       tcp dpt:http /* forward to this container */ to:your_container_ip:80
...
Now try to access the web server by accessing it from your local computer using the curl command like this:

curl --verbose  'http://your_server_ip' 
You'll see the header of the webpage you created in the container followed by its contents:

* Trying your_server_ip...
* Connected to your_server_ip (your_server_ip) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.10.0 (Ubuntu)

...
This confirms that the orders will go to the container.

Finally, to save the firewall base, the package has proven iptables-persistent protection to be re-applied after restart

sudo apt-get install iptables-persistent
When you install the package, you will be prompted to save the current firewall rules. Accept and save all current rules. When you restart your device, the firewall rule will be present. Additionally, the Nginx service in your container will automatically restart. Now that we have prepared everything to look at how to remove it.

Step 6: Stop and remove the container
You may decide to remove and replace the container. To know how we do this: 
To stop the container, use lxc stop:

  lxc stop webserver
Use the lxc list command to check the status, the output will be:

+-----------+---------+------+------+------------+-----------+
|   NAME    |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+-----------+---------+------+------+------------+-----------+
| webserver | STOPPED |      |      | PERSISTENT | 0         |
+-----------+---------+------+------+------------+-----------+
To remove the container, use lxc delete:

lxc delete webserver
Run the lxc list command again to show you that no container is running:

+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+
Use the lxc help command to see additional options.

To remove a firewall rule that directs traffic to the container, first select the rule in the list of rules with this command, which links a line number with each rule:

sudo iptables -t nat -L PREROUTING --line-numbers
You should see the rule, preceded by a line number, as follows:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       tcp  --  anywhere             your_server_ip      tcp dpt:http /* forward to the Nginx container */ to:your_container_ip
Use this line number to remove the rule:

sudo iptables -t nat -D PREROUTING 1
Be sure to cancel the rule by viewing the rules again by ordering:

`sudo iptables -t nat -L PREROUTING --line-numbers`
You'll see that the rule was removed:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination 
Save the changes now so that the rule does not work after you restart the server:

sudo netfilter-persistent save
You can now create another container with your settings and add a new firewall rule to redirect traffic to it.

summary
You have set up a Web site using Nginx in the LXD container. Here you can set up more websites, each with its own container, and you can also use a reverse proxy to direct traffic to the right container. This article will teach you how  to securely host a group of sites using Nginx and Php-fpm on Ubuntu 14.04

LXD also lets you take snapshots of the full container status, making it easy to create backup copies for later reference. If you install LXD on two different servers, it is possible to connect the containers to each other and migrate them between servers over the Internet.

To learn more about the LXD read these posts about the LXD written by LXD developers 
you can also experience LXD online and follow the tutorial on the web for more practice.