(Added in 6.5.1) Docker - user defined bridge networks


aptalca

Recommended Posts

@bonienl

 

I love that unraid now contains a lot of networking functionality especially with regards to docker. Being able to assign separate IPs to containers via macvlan and such is very cool.

 

However, my request is for something much simpler. As you know, by default (with the bridge option) docker containers are put on the default "bridge" network. They are allowed to connect to the host and each other via internal IPs, but not via dns. But the user defined bridge networks also allow for connections via dns, using the container name as the hostname (ie. http://sonarr).

 

Unraid currently does not manage these networks (in fact deletes them unless the option for not deleting is selected in advanced docker settings). It would be nice if unraid supported creating a basic user defined bridge network and presented it as a drop down option for network type in the container settings. 

 

My real motivation behind this is that at linuxserver.io we are trying to create a repo of reverse proxy configs for our letsencrypt image and being able to define the proxy targets as "http://containername" works as a standard way unlike the current method of using "http://unraidip:port" which is different for every user.

 

Thanks

Edited by aptalca
  • Like 4
Link to comment

I added the possibilitty to choose custom bridge networks too in the dropdown list of available networks to a container.

 

It is still required though to create a custom bridge network manually from CLI. E.g I created custom network "my-bridge".

docker network create my-bridge

or if you want a specific subnet for the bridge network

docker network create --subnet=192.168.255.0/24 my-bridge

 

image.thumb.png.8d6cb6be06b3cf92e5df35dc0e7ab088.png

Edited by bonienl
Link to comment

Thanks, this is great.

 

When you say you added it, do you mean it was already added in 6.5.0 or it will be in the next stable? Because on 6.5.0 the custom network I created doesn't show up in the drop down (although I didn't restart the server yet).

 

Thanks

Link to comment
  • 4 weeks later...
  • 2 months later...

Just ran across this thread today while figuring out how to achieve this behavior without `--link` flags.  I noticed I could choose custom networks, but I wasn't sure how to create a persistent custom network.  Thanks for the short write-up.  I'm basically building exactly what OP mentioned with the standard linuxserver.io nginx image.

Link to comment
  • 5 months later...

Can we have the option to join a second network?  I have containers that rely on a mariadb container.  I put that container on a network called "backend_services".  I have a frontend network for the app that is also used by traefik called "pub_proxy".  I need to be able to join both.  My current workaround is to run a portainer container and join the networks from there, only it's not persistent.  

  • Like 1
Link to comment
  • 1 month later...
On 1/30/2019 at 4:39 PM, bender1 said:

Can we have the option to join a second network?  I have containers that rely on a mariadb container.  I put that container on a network called "backend_services".  I have a frontend network for the app that is also used by traefik called "pub_proxy".  I need to be able to join both.  My current workaround is to run a portainer container and join the networks from there, only it's not persistent.  

This! For security options, it would be nice to be able to put fo example MariaDB in a 'gapped' network that is not connect to internet, and have a nginx/apache/django/whatvere webservice that needs a DB have 2 networks

Link to comment
2 hours ago, Tuumke said:

This! For security options, it would be nice to be able to put fo example MariaDB in a 'gapped' network that is not connect to internet, and have a nginx/apache/django/whatvere webservice that needs a DB have 2 networks 

Docker only allows joining one network during container creation. To connect to 2, you need to attach a running container to a network, but it needs to be repeated every time the container is recreated. It's a docker limitation.

Link to comment
2 minutes ago, aptalca said:

Docker only allows joining one network during container creation. To connect to 2, you need to attach a running container to a network, but it needs to be repeated every time the container is recreated. It's a docker limitation.

meh... this is making it tempting to switch to docker-compose, does it not?

 

Link to comment
  • 2 months later...
23 minutes ago, Tuumke said:

Thats cool. Didnt know that. But does the community applications plugin support this?

CA does not do docker compose. CA is basically just filling in the form of the Add Container page for you, and the Add/Edit Container page is just taking the inputs from that form to construct a docker run command.

  • Like 2
Link to comment
  • 1 year later...

I recommand to replace the default bridge with a 'user bridge'.

 

The 'user bridge' is more powerful and safer than the 'default bridge'  as the official docker document describe:

Use the default bridge network

Quote

The default bridge network is considered a legacy detail of Docker and is not recommended for production use. Configuring it is a manual operation, and it has technical shortcomings.

 

The next version Unraid can consider to create a default 'user bridge' with network: 172.18.0.0/16 (disable the old/default 'bridge' network 172.17.0.0/16) on initialized installation and generate an unused ip address automatically when a new docker container is created. It also allow user to assign an IP for a container within the 172.18.0.x.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.