Would it make sense for each Docker container to have its own IP?


Recommended Posts

I have about a dozen different docker containers running and it is a pain figuring out what ports to use when you add a new docker.  There is a button where you can see the ports used but that doesn't show every port used as often the docker containers use other ports in the background for stuff other than a web UI.

 

Wouldn't it be easier if every Docker got its own virtual IP address on your subnet, just like a full VM?  That way you could use port 80,443 or 8080 for every container, rather than having to futz around using port 7080, 6080, etc?  Instead you would just assign a static IP for each docker or use DHCP reservation.

 

Is there any way to do this?

Link to comment
3 hours ago, wayner said:

I have about a dozen different docker containers running and it is a pain figuring out what ports to use when you add a new docker.  There is a button where you can see the ports used but that doesn't show every port used as often the docker containers use other ports in the background for stuff other than a web UI.

 

Wouldn't it be easier if every Docker got its own virtual IP address on your subnet, just like a full VM?  That way you could use port 80,443 or 8080 for every container, rather than having to futz around using port 7080, 6080, etc?  Instead you would just assign a static IP for each docker or use DHCP reservation.

 

Is there any way to do this?

 

unRAID 6.4 prelease version is available, which allows you to do this from the GUI.

Link to comment
50 minutes ago, CHBMB said:

I wouldn't want all the containers on different ports personally.  Just as many IPs to remember as ports.

 

The WebUI entry with "http://[IP]:[PORT:8080]" is automatically substituted with the corresponding IP address. You don't need to remember the IPs, just select WebUI from the dropdown menu :)

 

Link to comment
1 minute ago, bonienl said:

 

The WebUI entry with "http://[IP]:[PORT:8080]" is automatically substituted with the corresponding IP address. You don't need to remember the IPs, just select WebUI from the dropdown menu :)

 

Oh wow, that is impressive, still don't need individual IPs for containers though.... :D

Link to comment

I can see the use for them I really can, but I've got my setup pretty much exactly where I want it, a large part of that was migrating to pfsense as my router/firewall.  If this had existed back in the V6.0 days I definitely can see myself having used it more.

 

I still think it's bloody impressive mind, please don't think I'm dismissing the feature, you've done some stellar work there bonie!

Link to comment
6 minutes ago, CHBMB said:

I can see the use for them I really can, but I've got my setup pretty much exactly where I want it, a large part of that was migrating to pfsense as my router/firewall.  If this had existed back in the V6.0 days I definitely can see myself having used it more.

 

I still think it's bloody impressive mind, please don't think I'm dismissing the feature, you've done some stellar work there bonie!

 

you had me at pfsense

Link to comment

Doesn't independent IPs mean that we are now relying upon the individual maintainers to ensure that their containers have any / all appropriate security patches in place?  Isn't simply having them utilizing different ports and a private IP isolated from each other a more secure system?  Asking because I truly don't know.

Link to comment

Or you could just use the Let's Encrypt - Nginx docker to handle external access to your IPs via Reverse Proxy.  I really like the idea of not having to use all of these funky port assignments since, at least IMHO, it creates a decent probability of having multiple dockers using the same port.  And if you set up a hosts file or DNS then you need need to remember neither IP addresses nor ports.

 

I started playing around with pfSense but decided to add a Ubiquiti Unifi USG router to go along with my Unifi Access Points since they integrate so well with the Unifi Controller - and can be managed together by the Unifi Controller Docker on unRAID.

Link to comment
3 hours ago, Squid said:

Doesn't independent IPs mean that we are now relying upon the individual maintainers to ensure that their containers have any / all appropriate security patches in place?  Isn't simply having them utilizing different ports and a private IP isolated from each other a more secure system?  Asking because I truly don't know.

I build my dockers so Linux updates/patches and security updates are applied whenever they start.  This keeps them current without having to build a new docker image whenever updates are issued.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.