Skip to main content

Publish network services using Systemd machinectl [Resolved]

TL;DR: How to expose network services to the host through machinectl/nspawn containers?

I'm trying to make things perfectfor my setup, i.e. installing my services in separated chroot instances.

To start them, I want to comply with SystemD management with systemd-nspawn and machinectl:

# debootstrap stretch /var/lib/machines/mymachine
# machinectl start mymachine # works well!
# machinectl shell root@mymachine bash

Then I install dummy apache2 on it:

 (jail)# apt install -y apache2 && systemctl enable apache2 && systemctl start apache2
 (jail)# ss -tnlp | grep 80 # yields apache2 running.

However, the 80 port (or even any port whatsoever, say 8080) is not visible on listening on the host. How to make it work ?

Thank you team,

Question Credit: moutonjr
Question Reference
Asked March 13, 2019
Posted Under: Network
1 Answers

You need an nspawn file for the machine that exposes the port.

[Network] Section Options

Port= Exposes a TCP or UDP port of the container on the host. This option corresponds to the --port= command line switch, see systemd-nspawn(1) for the precise syntax of the argument this option takes. This option is privileged (see above).

From systemd-nspawn(1):

-p, --port= If private networking is enabled, maps an IP port on the host onto an IP port on the container. Takes a protocol specifier (either "tcp" or "udp"), separated by a colon from a host port number in the range 1 to 65535, separated by a colon from a container port number in the range from 1 to 65535. The protocol specifier and its separating colon may be omitted, in which case "tcp" is assumed. The container port number and its colon may be omitted, in which case the same port as the host port is implied. This option is only supported if private networking is used, such as with --network-veth, --network-zone= --network-bridge=.

The systemd-nspawn@.service unit uses --network-veth

So something like


should work.

credit: Mark Wagner
Answered March 13, 2019
Your Answer