[6.9.0-rc2] Docker container br0 port mapping

Once you give the app a static IP, all port mappings are ignored as they are at that point irrelevant.  You just forward the applicable WAN port to the applicable LAN port for the IP

@Squid Thank you for the answer. I have a similar issue/requirement. Let me explain.

• I'd like each docker container to run on its own IP address. And its' internal whatever port to be mapped to host's port 443 for HTTPS communication on that unique IP address.
• I do still want to access Unraid GUI on its own IP on port 443 as well. I do not want to enter any port numbers in address bar.

Example:

1. Given Unraid GUI is running on IP=192.168.0.15 and listens on port 443 as I have added Let's Encrypt SSL cert manually
2. And I have a docker container that I want to accesss from a different IP address ( like 192.168.0.20 )and on port 443(default for HTTPS) as well
3. And internally, the container is listens to port 8888

The question: How do I set up that container to be on IP 192.168.0.20? And to map host port 443 onto container's 8888?

 

I have tried:

 

One:

1. -p 192.168.0.20:443:8888
2. Network = eth0

Result: docker selects some port, ignores the IP and port I selected. The container can be accesses only from that selection: eth0 192.168.0.2:8888/TCP192.168.0.2:8888

 

Two:

1. -p 192.168.0.20:443:8888
2. Network = host

Result: docker selects some port, ignores the IP and port I selected. The container can be accesses only from that selection: eth0 192.168.0.2:8888/TCP192.168.0.2:8888

 

Three:

1. Added 192.168.0.20 IP address on host as ip addr add 192.168.10.20/24 dev eth0
2. -p 192.168.0.20:443:8888
3. Network = bridge

Result: Error starting userland proxy: listen tcp 192.168.0.20:443: bind: address already in use.

 

Four:

1. -p 192.168.0.30:443:8888
2. Network = bridge

Result: Error starting userland proxy: listen tcp 192.168.0.30:443: bind: cannot assign requested address.

 

I might miss on smth with respect to networking in docker, any advice how to achieve the given task is appreciated. Or if it cannot be done then a clear answer why is also important, so I move on to another option (I have several spare LAN ports not used but available to UnRaid, so I was considering to set dockers on their own LAN network throw a nginx proxy)

 

Edited February 20, 2021 by RusmanCool

When you give a container it’s own IP address then I think the host port setting is ignored and you can only use the port the container has configured.   I could be wrong about that but that is my understanding.

@RusmanCool - Did you ever get to the bottom of this. I have a similar situation where I want to put swag, nextcloud and bitwarden in a vlan. This only works for one docker because I cannot give swag a custom IP, so only one docker can be accessed on 443. With the 'proxynet' network all the dockers work, but i dont want to use this as i dont want users to have access to the unraid host.

@showstopper, no, I have not. I have to use unraids's IP to map to nginx container, which in turn listens to 1443 port. I did setup DNS names for each of my containers, though each still points to my host unraid IP, but that allows a clean usage of nginx to direct calls to correct containers.

So, with br0 (so the container gets an ip on your network) ALL port mapping is ignored. It doesn't exist anylonger the service has to be accessed at the port the container uses internally.

Example. If you put nginx on br0 and give it a 192.168.10.25 ip address, you could go to http://192.168.10.25 (which would be port 80) or https://192.168.10.25 (which would be on port 443) BUT that only works with those ports. If you had a container that used 8080 and 8443 you would need to add the port to the url.

if you don't want to have to put the port in the address bar, you would need to use a reverse proxy and a subdomain.