January 20, 20251 yr After changing cache SSDs and switching the docker folder to a directory (it was an image), I redownloaded all the containers throught CA Store. All my containers were missing a networking (it was to none), i had to open portainer, create the networks again and re-assigned a network to each container (I had to change to none and then back to the desired network for it to stick). I probably messed up here, I'm not sure how. I returned to the docker image (btrfs) and while the containers go up, I can't access them too. Anyway I think my network settings are seriously wrong. I mean, I have duplicate Routes, that doesn't right to me. How should I proceed? I don't want to delete stuff willy nilly and then have to reattach networks to each container one by one again... though I will probably have to do it again unraid-diagnostics-20250120-1703.zip Edited January 20, 20251 yr by Nirvash
January 20, 20251 yr Community Expert You will need to use unraids terminal get a list of what unraid sees and not use portainer to add and edit the docker networks. Your docker networks may have been wiped due to other settings not set or a misconfiguration... Verify: Under docker settings, you need to ensure these settings are set: what is the output of: docker network ls what network are you setting to your dockers in container?
January 20, 20251 yr Community Expert I don't see a issue for your routes... Each BR-#### is a docker that is using that network bridge. You may benefit from: AS it appears, you are using portainer on top of unraid to manage dockers... As each level is differnet: unraid uses dockerman compose plugin for docker compose uses composeman protainer is using a different manger... To me this is a clear docker netwrok misconfiguration...
January 20, 20251 yr Author 3 hours ago, bmartino1 said: You will need to use unraids terminal get a list of what unraid sees and not use portainer to add and edit the docker networks. Your docker networks may have been wiped due to other settings not set or a misconfiguration... --- AS it appears, you are using portainer on top of unraid to manage dockers... As each level is differnet: unraid uses dockerman compose plugin for docker compose uses composeman protainer is using a different manger... To me this is a clear docker netwrok misconfiguration... In that case what is the most appropriate way to edit docker networks in unraid? Just terminal? "Preserve user defined networks" is set to YES, "Host access to custom networks" is set to NO and Network type is ipvlan Output of 'docker network ls' is: root@Unraid:~# docker network ls NETWORK ID NAME DRIVER SCOPE 4eaeba1c156c automation_tools bridge local e473615f0345 br0 ipvlan local c0cae28b6b0e bridge bridge local 8fc65039b40a host host local dfc9f141d5b1 nirvnet bridge local 4bed22827dc2 none null local b2e98f3780c0 secure bridge local 3 hours ago, bmartino1 said: what network are you setting to your dockers in container? I'm using a combination of the ones named "nirvnet", "automation_tools" and "secure", if that's what you are asking. I'll watch that video and read your linked post now. Thank you for the help! Update: I watched the video and, sure, great refresher on docker networks but I didn't see anything that would help me here. I'm just using bridges, nothing fancy. And about the linked script I also don't see why would it help me; I don't have any issues with my hosts file and I don't use IP v6. Edited January 20, 20251 yr by Nirvash
January 20, 20251 yr Community Expert Yes, Unraid from my experience is terminal only for their docker networks... Using container to make a docker network will not write the docker network to unraids files, as it is a mutable os and may not survive a reboot if not created via unraid... Thank you for listing your current docker networks. as it seems, you made multiple standard docker bridges... The point for those types of bridging is to isolate dockers from other dockers on the host. So automation_tools and nirvnet will never talk to each other... This is what I'm asking more on as the question, "what network are you setting to your dockers in container?" In unraid yes, you should be using unraids template and edit features: You should be using unraids edit feature via the web UI: What networks do you see? You should see this : Quote 3 hours ago, Nirvash said: Output of 'docker network ls' is: root@Unraid:~# docker network ls NETWORK ID NAME DRIVER SCOPE 4eaeba1c156c automation_tools bridge local e473615f0345 br0 ipvlan local c0cae28b6b0e bridge bridge local 8fc65039b40a host host local dfc9f141d5b1 nirvnet bridge local 4bed22827dc2 none null local b2e98f3780c0 secure bridge local Correct terminal only to add and make networks... The WebUI only makes a default docker bridge, host network, nul/none network, and depending on docker setting the ipvlan custom network... Review post: Edited January 20, 20251 yr by bmartino1 Typo
January 20, 20251 yr Community Expert Pulling from the unif post I made.... Was More interested in Docker custom network type: and host access. This is my configuration for a proper custom bridge IP settings for macvlan network access. Depending on how you want to use the docker network and how you want to access dockers from unraid we will need this information to know what type of network setup you are using. read about docker network types here: https://docs.docker.com/network/ and https://docs.docker.com/network/drivers/ Custom br0 is a type of bridge driver... By default, Unraid has bridging enabled and wants docker network to use ipvlan. This changes how docker setups and communicates network traffic to the docker network. If we run a docker image and set the network to host. The ip to access that docker if it has a webUI will be the same ip as the unraid system. Any ports the docker has will replace unraids ports and is more for items like clam av to scan itself or databases you want on the LAN to be accessible via your local network. Bridge network mode uses the Unraids Default 172.x.x.x dhcp server and creates a switch port bridge to communicate via sharing your unraids network adapter. your docker is asigned a 172.x.x.x address in bridge mode and how it communicates depends on unraid docker setting, ie macvlan or ipvlan. But more to do with host network access. Custom br0 means to bridge/bond the eth0 of your unraid and have it share a LAN ip address from your router. In my case my router dhcp is 192.168.1.x meaning the docker will get a 192.168.1.x unless I tell it otherwise. macvlan will make a random mac address to facilitate this, and some firewall/routers will see that your unriads ip is being duplicated or assigned to multiple devices sharing the same ip. (This is why the switch to ipvlan to fix layer 3 networking issues, buts only a problem with vlan network traffic controls... If I run a macvlan network I can add an extra option and set a custom mac address to help router traffic. (this was required in older settings before "private mac" and phones were connecting to the internet to guarantee a network path access. macvlan extra parm in docker : --mac-address 02:42:C0:A8:01:XX ->hexadecimal (0123456789abcdefgh) replace xx with a combination of a hexadecimal group... Then the router can static assign. Unfi has a host adopt feature that looks for a dns name unifi on the network you want the unfi network application to have a dns name set to unifi. So I also run macvlan to add hostname: extra parameters: --mac-address 02:42:C0:A8:01:0A --hostname unifi * using Exrta Parameter for setting a mac address Is know Bug as Docker decided to move configuration to have docker networks handle mac address and not container variables... ^This now give me the ability to statically assign an ip address. Via dhcp on custom br0 network which is the LAN DHCP IP from my router... Unraid to use custom br0 it is recommended to static client assign an ip address. So custom br0 will be 192.168.1.x this mean I can access the unif application at 192.168.1.x Basic network that is dependent on what you run and how you run it. We need more info for troubleshooting network like these.
January 20, 20251 yr Author 16 minutes ago, bmartino1 said: Using container to make a docker network will not write the docker network to unraids files, as it is a mutable os and may not survive a reboot if not created via unraid... I see, I'll keep it in mind for next time. 16 minutes ago, bmartino1 said: Thank you for listing your current docker networks. as it seems, you made multiple standard docker bridges... The point for those types of bridging is to isolate dockers from other dockers on the host. So automation_tools and nirvnet will never talk to each other... Yup, that's exactly the intention. 16 minutes ago, bmartino1 said: This is what I'm asking more on as the question, "what network are you setting to your dockers in container?" In unraid yes, you should be using unraids template and edit features: You should be using unraids edit feature via the web UI: What networks do you see? I point some containers to one network and other containers to another... For instance databases and the services that use them to nirvnet Simple home automation stuff, bots and homepages that doesn't use a database use automation_tools, etc. Yes, I'm using unraid's edit to assign the network to the container: And the network is seemingly attached to it: And yet, I can't access any WebUI. Edited January 20, 20251 yr by Nirvash
January 20, 20251 yr Community Expert this is because every docker bride is using unraid webui to immich container for nirvnet is port 8080 of unraids web UI. to access immich you would need to go to your unriads ip address http://192.168.0.254:8080 since you have mutiple default docker based networks your have port conflicts between all the dockers running. Please watch the video... he goes over this quite well for all docker networks...
January 20, 20251 yr Community Expert bye default docker bridge netwrok you can set ip subnet docker network create \ --driver bridge \ --subnet=192.168.200.0/24 \ --gateway=192.168.200.1 \ custom-bridge Docker automatically creates a default bridge network. However, if you want to create another custom bridge network This is why the container sees a 172.x.x.x address It acts as a virtural switch form br0 and to travers to 172.x.x.x you mus go to the ip address of br0 Otherwise you need to LXC / VM isolate and install dockers so teh interface has a single IP address. or make a ipvlan/macvlan... docker network create \ --driver macvlan \ --subnet=192.168.0.0/24 \ --gateway=192.168.0.1 \ --ip-range=192.168.0.100/28 \ -o parent=br0 \ macvlan-net docker network create \ --driver ipvlan \ --subnet=192.168.0.0/24 \ --gateway=192.168.0.1 \ --ip-range=192.168.0.200/28 \ -o parent=br0 \ ipvlan-net
January 20, 20251 yr Community Expert Reluctant to share as it can be breaking if you don't know what you are doing and this can get into advanced network settings and break communication... BUT!... --As I would use VLAN at that point... you could docker isolate the networks to a custom ip so going to IP x.x.x.x will go to nirvnet and be separated by still using docker bridge... I'm against this as its not how I would set up and isolate this.... but will post... for examples. ################# To configure Docker networks (nirvnet, automation_tools, etc.) so that specific IPs on the host are used to access containers within those networks, you'll need to set up host-based IP routing or bind individual networks to specific IPs on the Docker bridge. Here's how to achieve this: Step 1: Identify or Configure the Host IPs for Each Network Assign static IPs on the host that will act as gateways for the Docker networks. For example: 192.168.10.1 for nirvnet 192.168.20.1 for automation_tools # Assign IPs to the Docker bridge sudo ip addr add 192.168.10.1/24 dev br0 sudo ip addr add 192.168.20.1/24 dev br0 So br0 will have 192.168.0.x and the above ip address. * A user script at boot will need to be created to add them... With br0 having multiple assigned IP address... as 192.168.0.0 is accessible to the internet... *You may need to delete those networks and assign the ip range and new dockers... Step 2: Update or Create Docker Networks with the New Subnets Each Docker network must be configured to use its corresponding subnet. Update nirvnet example: docker network create \ --driver bridge \ --subnet=192.168.10.0/24 \ --gateway=192.168.10.1 \ nirvnet Update automation_tools: docker network create \ --driver bridge \ --subnet=192.168.20.0/24 \ --gateway=192.168.20.1 \ automation_tools *As a network was removed... so were the dockers attached to the network (so yes each docker will need edited and reassigned back to a network...) *Note the ip address. Going to 192.168.20.1 and 192.168.10.1 will access that network latter... Step 3: Assign Containers to Specific Networks For existing containers, disconnect them from the old network and reconnect them to the updated network: *Temp testing you should edit each docker and template using to update and keep them running... Example: docker network disconnect nirvnet <container_name> docker network connect --ip 192.168.10.100 nirvnet <container_name> or docker network disconnect automation_tools <container_name> docker network connect --ip 192.168.20.100 automation_tools <container_name> Step 4: Ensure Port Access Through Host IPs When accessing services, use the specific host IP for the corresponding network. For example: Use 192.168.10.1 for nirvnet containers. Use 192.168.20.1 for automation_tools containers. You can also map specific ports on these IPs to Docker container ports to avoid conflicts: -- This Means that if you have a docker with port 8080 in use on nirvnet it can't be in use across the default docker -- Example: Bind nirvnet Container to a Specific Host IP docker run --name nirvnet-container \ -p 192.168.10.1:8080:8080 \ --network nirvnet \ <image> ... Step 5: Configure Host-Based IP Routing (Optional) *In your case a must to access and grant routes... sudo ip route add 192.168.10.0/24 via 192.168.10.1 sudo ip route add 192.168.20.0/24 via 192.168.20.1 *This is where a swag / npm proxy running host network makes sense to have multiple access from one ip... Step 6: Test the Setup Verify access to each network: For a container in nirvnet, navigate to http://192.168.10.1:8080. For a container in automation_tools, navigate to http://192.168.20.1:9090. If routing or access fails, double-check the assigned IPs, Docker network settings, and any existing firewall rules. As you have multiple dockers uisng the same ports from teh same ip I'm not surprised that you are unable to access via the default bridge... Edited January 21, 20251 yr by bmartino1 Typo
January 21, 20251 yr Author Solution Well, turns out all these strange extra routing table entries were the issue. Delete them with ip link delete <interface name> And done.
January 22, 20251 yr Author I'll further expand on what I did to finally fix my issue for completeness sake: After I saw i had a bunch of br-**** Routing Table entries in the "Network Settings", i opened the console and typed ip addr show docker network ls To show all my interfaces and docker networks and noted them down. I then deleted every non-default docker network with `docker network rm {network name}` docker network rm {network_name} After that I did the previous two commands again and I manually deleted all the br-*** interfaces left. ip link delete br-{interface name} Until you are with just your lo, tunl0, br0, eth0 and docker0. Depending on your configuration you should not have anything else. Then create your docker network again. docker network create --driver bridge --subnet=172.20.1.0/16 --gateway=172.20.0.1 --ip-range 172.20.1.255/16 {network_name} And now the shitty part: go to each container through the UI, change the network to none, save, go back, change the network to {network_name} and save again. I had to do this to my 33 containers. There might be a command to do this through the command line but I'm not aware of it, if there is a way and anyone knows, I'll update this to reflect that. Maybe "docker network connect {network_name} {container_name}" works but I didn't personally try. That fixed it for me. I hope this helped. Edited January 25, 20251 yr by Nirvash
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.