I administer a small cluster which has several different services running, including grafana monitoring as a container, cloud file storage as a container (nextcloud), and a FreeIPA server on bare metal. I want to put the cloud storage service behind a reverse proxy (https://hub.docker.com/r/jwilder/nginx-proxy) to enable https, but I can't use port 80 for this, because it's already being used by the IPA server.
I know it's possible to assign a public IP address to a container (I've used this before to do it https://blog.carroarmato0.be/2020/05/08/exposing-podman-container-on-the-network/), so I'm curious if I could assign a public IP to the reverse proxy, and have the proxy refer to the cloud storage container. But I am not sure if I can have the reverse proxy send traffic to the cloud storage container if the cloud storage container is sitting behind the regular bridge network. But I also don't think I can assign the same IP to the cloud storage container.
When setting up the IPA server I mostly came across people saying it was absurd to try to host your LDAP server on a machine with other services running, but I don't have any other options really. If this was the main LDAP server for our organization that would be true, but this is a cluster used for research, which means justifying an entire dedicated server just for handling logon for ~10 users would be outlandish.
Maybe the solution is to put the IPA server in a container with its own IP address (something I tried before, and never quite got to work), allowing the reverse proxy to use port 80 on the normal machine. Or maybe a VM is a better solution.
But my main question is, can I assign an IP address to some kind of bridge network which would allow me to run a reverse proxy and other containers on a public IP address separate from the IPs for the hardware NICs on the machine?
