[[6.3.0+] How to setup Dockers without sharing unRAID IP address]

 

Quote

 

Some caveats:

• With only a single NIC, and no VLAN support on your network, it is impossible for the host unRAID to talk to the containers and vice versa; the macvlan driver specifically prohibits this. This situation prevents a reverse proxy docker from proxying unRAID, but will work with all other containers on the new docker network.
• I cannot confirm yet what happens in the case of two or more NICs bridged/bonded together (but it should be the same as a single NIC)

 

 

I've got one docker network for all of my VPN traffic and one docker network for my web server. I'm able to reverse proxy everything on the VPN network using the docker network that my web server uses (meaning: my web server container can talk to all containers on the OTHER docker network). I'm using two NICs for this. Both NICs are bridged separately. I have a static IP set up on my second NIC that's within the docker network I created (named "webby").

 

I followed the OP's thread on making a new docker network (using my network as an example). I set up my network using my second NIC's bridged interface.

# docker network create \
-o parent=br1 \
--driver macvlan \
--subnet 10.10.10.0/24 \
--ip-range 10.10.10.160/31 \
--gateway 10.10.10.1 \
webby

I then went into my letsencrypt container and followed the instructions in the OP's post. I statically assigned an IP address to the container that was contained within the "webby" network (since my interface IP is 10.10.10.160 and I have a /31, I used 10.10.10.161) using --ip 10.10.10.161. I can now use my reverse proxy settings while keeping my other docker containers behind my VPN connection.

 

Thanks for this write up - I've spent at least 20+ hours thinking/researching a solution. I wanted docker to be the answer (and now it finally is!)