wayner Posted June 7, 2017 Share Posted June 7, 2017 I have about a dozen different docker containers running and it is a pain figuring out what ports to use when you add a new docker. There is a button where you can see the ports used but that doesn't show every port used as often the docker containers use other ports in the background for stuff other than a web UI. Wouldn't it be easier if every Docker got its own virtual IP address on your subnet, just like a full VM? That way you could use port 80,443 or 8080 for every container, rather than having to futz around using port 7080, 6080, etc? Instead you would just assign a static IP for each docker or use DHCP reservation. Is there any way to do this? Quote Link to comment
Malykai Posted June 7, 2017 Share Posted June 7, 2017 (edited) You can do it using @ken-jiinfo here: Edited June 7, 2017 by Malykai Bad link Quote Link to comment
bonienl Posted June 7, 2017 Share Posted June 7, 2017 3 hours ago, wayner said: I have about a dozen different docker containers running and it is a pain figuring out what ports to use when you add a new docker. There is a button where you can see the ports used but that doesn't show every port used as often the docker containers use other ports in the background for stuff other than a web UI. Wouldn't it be easier if every Docker got its own virtual IP address on your subnet, just like a full VM? That way you could use port 80,443 or 8080 for every container, rather than having to futz around using port 7080, 6080, etc? Instead you would just assign a static IP for each docker or use DHCP reservation. Is there any way to do this? unRAID 6.4 prelease version is available, which allows you to do this from the GUI. Quote Link to comment
wayner Posted June 7, 2017 Author Share Posted June 7, 2017 46 minutes ago, bonienl said: unRAID 6.4 prelease version is available, which allows you to do this from the GUI. So you no longer have to do the docker network create commands to enable the macvlan from a bash prompt? Quote Link to comment
CHBMB Posted June 7, 2017 Share Posted June 7, 2017 I wouldn't want all the containers on different ports personally. Just as many IPs to remember as ports. Quote Link to comment
bonienl Posted June 7, 2017 Share Posted June 7, 2017 50 minutes ago, CHBMB said: I wouldn't want all the containers on different ports personally. Just as many IPs to remember as ports. The WebUI entry with "http://[IP]:[PORT:8080]" is automatically substituted with the corresponding IP address. You don't need to remember the IPs, just select WebUI from the dropdown menu Quote Link to comment
CHBMB Posted June 7, 2017 Share Posted June 7, 2017 1 minute ago, bonienl said: The WebUI entry with "http://[IP]:[PORT:8080]" is automatically substituted with the corresponding IP address. You don't need to remember the IPs, just select WebUI from the dropdown menu Oh wow, that is impressive, still don't need individual IPs for containers though.... Quote Link to comment
bonienl Posted June 7, 2017 Share Posted June 7, 2017 1 minute ago, CHBMB said: still don't need individual IPs for containers though.... You're a hard man to convince Quote Link to comment
CHBMB Posted June 7, 2017 Share Posted June 7, 2017 I can see the use for them I really can, but I've got my setup pretty much exactly where I want it, a large part of that was migrating to pfsense as my router/firewall. If this had existed back in the V6.0 days I definitely can see myself having used it more. I still think it's bloody impressive mind, please don't think I'm dismissing the feature, you've done some stellar work there bonie! Quote Link to comment
bonienl Posted June 7, 2017 Share Posted June 7, 2017 No worries man, there are several ways to do it now. I fully understand you want to keep your existing set up, nothing wrong with that. Quote Link to comment
ijuarez Posted June 7, 2017 Share Posted June 7, 2017 6 minutes ago, CHBMB said: I can see the use for them I really can, but I've got my setup pretty much exactly where I want it, a large part of that was migrating to pfsense as my router/firewall. If this had existed back in the V6.0 days I definitely can see myself having used it more. I still think it's bloody impressive mind, please don't think I'm dismissing the feature, you've done some stellar work there bonie! you had me at pfsense Quote Link to comment
CHBMB Posted June 7, 2017 Share Posted June 7, 2017 8 minutes ago, ijuarez said: you had me at pfsense It's amazing, wish I'd made the switch years ago. Quote Link to comment
Squid Posted June 7, 2017 Share Posted June 7, 2017 Doesn't independent IPs mean that we are now relying upon the individual maintainers to ensure that their containers have any / all appropriate security patches in place? Isn't simply having them utilizing different ports and a private IP isolated from each other a more secure system? Asking because I truly don't know. Quote Link to comment
wayner Posted June 7, 2017 Author Share Posted June 7, 2017 Or you could just use the Let's Encrypt - Nginx docker to handle external access to your IPs via Reverse Proxy. I really like the idea of not having to use all of these funky port assignments since, at least IMHO, it creates a decent probability of having multiple dockers using the same port. And if you set up a hosts file or DNS then you need need to remember neither IP addresses nor ports. I started playing around with pfSense but decided to add a Ubiquiti Unifi USG router to go along with my Unifi Access Points since they integrate so well with the Unifi Controller - and can be managed together by the Unifi Controller Docker on unRAID. Quote Link to comment
dlandon Posted June 7, 2017 Share Posted June 7, 2017 3 hours ago, Squid said: Doesn't independent IPs mean that we are now relying upon the individual maintainers to ensure that their containers have any / all appropriate security patches in place? Isn't simply having them utilizing different ports and a private IP isolated from each other a more secure system? Asking because I truly don't know. I build my dockers so Linux updates/patches and security updates are applied whenever they start. This keeps them current without having to build a new docker image whenever updates are issued. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.