Jump to content
Nano-uk

Can dockers have their own IP address?

27 posts in this topic Last Reply

Recommended Posts

Hi,

 

I am trying to figure out how (if possible) to assign a dedicated IP address to my Plex docker. The reason for this is that I am running a pfsense router at home and this server is including all the traffic from my UNRAID server into a VPN and I'd like to have different IP addressees for my dockers so I can assign specific fiewall and NAT rules for them individually. I know I can do this using port mapping for incoming connections, but I want to be able to manage outgoing connections as well, for example if I want some specific docker to use a different default gateway to go out of my network or stuff like that.

 

Is it possible to assign a different IP address to dockers at all?

 

Thank you!

Ignacio.

Share this post


Link to post
Just now, Nano-uk said:

Hi,

 

I am trying to figure out how (if possible) to assign a dedicated IP address to my Plex docker. The reason for this is that I am running a pfsense router at home and this server is including all the traffic from my UNRAID server into a VPN and I'd like to have different IP addressees for my dockers so I can assign specific fiewall and NAT rules for them individually. I know I can do this using port mapping for incoming connections, but I want to be able to manage outgoing connections as well, for example if I want some specific docker to use a different default gateway to go out of my network or stuff like that.

 

Is it possible to assign a different IP address to dockers at all?

 

Thank you!

Ignacio.

 

It is possible in unraid 6.4, currently in beta.

 

I was in the exact same situation as you and it works like a charm now.. Plex has its own IP address and is now bypassing the outgoing VPN. 

Share this post


Link to post
9 minutes ago, Helmonder said:

 

It is possible in unraid 6.4, currently in beta.

 

I was in the exact same situation as you and it works like a charm now.. Plex has its own IP address and is now bypassing the outgoing VPN. 

Hi, thanks for the quick reply!

 

Is the beta stable enough to justify upgrading the whole server? (I only have this one Unraid server with all my data).

 

Thanks!

Share this post


Link to post
2 hours ago, Nano-uk said:

Is the beta stable enough to justify upgrading the whole server? (I only have this one Unraid server with all my data).

 

I've been running it on my production server with no problems.  I don't however use the new features of encryption / SSL access though (don't trust them yet in a production environment B|)

Share this post


Link to post
3 hours ago, Nano-uk said:

Hi,

 

I am trying to figure out how (if possible) to assign a dedicated IP address to my Plex docker. The reason for this is that I am running a pfsense router at home and this server is including all the traffic from my UNRAID server into a VPN and I'd like to have different IP addressees for my dockers so I can assign specific fiewall and NAT rules for them individually. I know I can do this using port mapping for incoming connections, but I want to be able to manage outgoing connections as well, for example if I want some specific docker to use a different default gateway to go out of my network or stuff like that.

 

Is it possible to assign a different IP address to dockers at all?

 

Thank you!

Ignacio.

 

As mentioned by the others it is supported in the latest beta.  If you don't want to go the beta route yet you can use Pipework Docker to accomplish what you are after.  Install the correct version for your unRAID version then for each Docker you want to assign an IP, enable advanced mode, change network to 'none' and add the code below to the 'extra parameters' box specifying a unique IP/gateway and a unique valid fake MAC address.  In pfSense, create a static DHCP lease for the MAC and IP configuration.  Create an Alias in pfSense that contains all the IP addresses for the stuff you want to go through VPN and create your rules based on the Alias.

 

extra parameters:

-e 'pipework_cmd=br0 @CONTAINER_NAME@ 192.168.1.247/24@192.168.1.1 fd:de:b4:99:56:1d'

Copy in exactly as shown, including the '   ' and the "@CONTAINER_NAME@".  Change the IP and gateway IP and the MAC address for your specific configuration.  Best to have Pipework set to auto-start and verify it is started  - view the log tail and verify 'start' is in the last entry.  If not started, stop then start and verify again.  After that you can crank up the remaining Dockers that use Pipework.

Edited by unevent

Share this post


Link to post

The beta is running fine for many weeks over here.. However it IS still a beta.. So if you are cautious with that just hold on a little longer.. In a week or so I am expecting this to be released and you will have no more problems.. I just killed off my latest KVM and running Docker only.. No problems whatsoever.

Share this post


Link to post
6 minutes ago, Helmonder said:

In a week or so I am expecting this to be released and you will have no more problems.

 

I think you're being optimistic..... :)

Share this post


Link to post

I have been waiting patiently for this as well as I will far prefer having each docker have its own IP as opposed to having to remember all of the ports required whenever I want to access the web UI for a docker.  What was 8080 vs 7080 vs 6080?  IP addresses will be easier, at least IMHO.  And then you can enter all of the IPs in a hosts file and just use the docker name if you want

Share this post


Link to post

I am running 6.4.0rc14. I would also love to assign a dedicated IP to one of the dockers? Possible and if so, how?

Share this post


Link to post
4 hours ago, steve1977 said:

I am running 6.4.0rc14. I would also love to assign a dedicated IP to one of the dockers? Possible and if so, how?

Click on 'Network Type' in the docker settings (may need advanced view) and then enter an IP address in the new field that appears below.  Very simple.

 

If you have a VLAN capable switch, you can also create VLANs in Settings/Network settings and then choose different VLANs e.g. I have deluge going down my VPN VLAN and nzbget not, as usenet is encrypted so I'm not wasting CPU cycles pushing it down the VPN

Share this post


Link to post

thanks. i run a router vpn, so everything runs over vpn unless i exclude the ip. let me describe what i want to do:

 

* sanzbd docker (want to exclude from vpn, but maybe remote access as web server)

 

* nextcloud docker (need to forward port 80/443 to get this running)

 

* in the future i may want to add deluge docker

 

 

i have a reasonably modern asus router.

 

is it possible to achieve?

Share this post


Link to post

If your router can decide to route via ip address then yes.

 

For your remotely access needs look into the letsencrypt docker

Share this post


Link to post

Yes.  I'd use letsencrypt for remote access, rather than opening ports for nextcloud

Share this post


Link to post

true true. to be precise, letsencrypt is the one listening on port 80/443. so, i need to open the ports for letsencrypt.

 

for different reasons, i prefer not to run letsencrypt on 81/444. with unraid beta, i can now set it to 80/443 and give it its own IP.

Share this post


Link to post

Two related questions:

 

1) Can I have two dockers share the same IP (a different one from unraid)?

 

2) Can I stop Unraid from listening on 80/443 and instead have Unraid listen on different ports?

Share this post


Link to post

1.  No and things would get messy if you did

2. Yes, go to settings/identification to change unraid ports.  However, there's no need as unraid would listen on say 192.168.1.100:443 and le on whatever IP you assign e.g 192.168.1.101:443

Edited by DZMM
Correction

Share this post


Link to post

thanks. helpful as always.

 

i followed some other advice on this forum to change the “go” file to change the unreif port. somehow didn’t do it right though. upon restart, i can no longer access the unraid gui. i can still ssh into it though. any thought what i bricked?

Share this post


Link to post

i changed it with nano and then changed it back. is there some command to “restart” the gui?

 

actually, i followed the advice in the official unraid wiki. outdated?

Share this post


Link to post
5 hours ago, steve1977 said:

i changed it with nano and then changed it back. is there some command to “restart” the gui?

 

actually, i followed the advice in the official unraid wiki. outdated?

 

With unRAID 6.4 port settings are no longer set in the go file, but under Settings -> Identification.

 

Also unRAID 6.4 supports macvlan, which allows to assign different IP addresses to docker containers from the GUI.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.