Hello gang I have a quite annoying but simple problem, I want my container to be able to access my LAN. It is possible to curl the machine when I use network_mode: host but due to traefik it isnt really feasible. I have not been able to get it to work without it set
I use nftables, and have tried to accept all without any success either.
I’m using ubuntu.
My main goal is for a docker container handled by traefik to be able to perform internal requests to another machine on the LAN.
I’ll give some more description:
I have 2 machines A and B
Machine A 10.10.10.10 runs nginx via docker
Machine B 10.10.10.20 runs an arbitray http service on 8080
I want the nginx container to be able to connect to 10.10.10.20:8080
From my understand and experience per default containers are not able to connect to another machine on the LAN unless network_mode:host is enabled. I’m able to make the connection work
The target service/container needs to publish the port, which should be reachable. Or you use network_mode: host to automatically have all open ports of the container on the host. Or you attach all services/containers to a common Docker Swarm network.
And for Traefik to proxy/forward requests to a different host, you should use loadbalancer.servers.url, like in the example (doc). Or use Docker Swarm and providers.swarm to automatically configure targets by labels.
Machine B is not using docker, just a simple API so I don’t think this applies
And for Traefik to proxy/forward requests to a different host, you should use loadbalancer.servers.url, like in the example (doc). Or use Docker Swarm and providers.swarm to automatically configure targets by labels.
But this sounds promising, I’ll dig through this today, thanks!
You’re missing a lot of the important concepts of docker networking.
First, it’s so much easier to just dockerize _everything! If machine B’s http service was a docker container, nginx would just connect to it directly.
Second, your understanding about network_mode: host is incorrect. There are two ways to put the container on the local network, and you (and almost everyone!) want macvlan.
In a compose file, you would define your VLAN:
networks: vlan: # Reference to the network used in docker compose files name:vlan # A user visible name of the network driver:macvlan # Use the macvlan network driver driver_opts: parent:enp0s31f6 ipam: config: - gateway:10.10.10.1 # Gateway address subnet:10.10.10.0/24 # Specify subnet ip_range: 10.10.10.0/29 # 10.10.10.2-10.10.10.7
Modify gateway if that’s not where your gateway is, parent is the interface name of the container’s host, and ip_range is any range on your LAN that is not being assigned by your DHCP server).
Now, in the configuration for nginx, set networks:
networks:
- vlan
Now, your nginx has an address on your LAN.
extra_hosts only works with docker-desktop, so I have no understanding of it, but I thought it should give you access to the whole LAN.
Thank you for the answer, I really appreciate it! The macvlan solution sounds like the perfect thing. Is it possible to keep my traefik network and append a vlan network using macvlan or is there somehting else I should keep in mind?
Im still having trouble understanding how the service on machine B would be accessible if it was a docker container since my current problem is that I’m not even able to route from the container on machine A.
I tried both of those (and it’s pretty clear on the page, that I have), and then kept adding more and more spaces to the beginning of the line parent:enp0s31f6 and it still keeps trying to align it under driver_opts
