Webserver using snaps and reverse proxy

A typical scenario for a webserver is a setup with serveral services (like Nextcloud, Collabora, Gitlab) and a reverse proxy for TLS and to have everything running on port 80/443. This can be easily achieved using docker-compose, creating internal networks for the connections between the proxy and the services and only having the proxy listen on the external IP interface. But we all know docker containers are not as lightweight as snaps.

So can something similar be done with snaps? Maybe using interfaces for the connections between the proxy and the services?

Today most snaps use the network-bind interface to listen on the external IP using non priviledged ports by default (exception is Nextcloud) to be able to run several services at the same time. The scenario above can probably be achieved by some configuration steps after the installation of the snaps. But can we do this more user friendly, like only having to connect interfaces after the install step and you’re done?

Nothing forces you to use the external IP … just have the services listen on and only your proxy on the external IP (talking to the services via localhost)…

I know that it can be done via SSH login, changing some settings with snap set port <xxxx> and setting up the reverse proxy config in a file. The question is, can we get to a state where the user just installs snaps via snapweb and the reverse proxy can somehow figure out from the available interfaces (new http interface?) how to route everything via port 80 using either different subdomains or paths?

Imagine a company selling a box with one service snap preinstalled (like Nextcloud). Since the box is shipped with Ubuntu Core I’d expect that I can install further snaps from the store without the need to configure anything on the console. Having every service on a different port is not really what a user expects.

Well, i’m not sure an interface would help here, you would rather need to coordinate with the upstreams of the respective packages that they provide configuration hooks for the necessary options (each service will handle its own config different from each other, an interface would not be of much help to get them on the right track) so that alll of them allow you to point to localhoast and a specific port …

then you can use your own gadget snap (which you should do anyway if you provide your own hardware) and in there use the “defaults:” option to pre-define defaults for all snaps the user can install (that indeed limits the set, snaps not covered would still use their own defaults)


Maybe if interfaces could communicate some parameters from slot to plug and vice versa this would help.