access docker UIs via DNS

[nekromantik]

hi

is it possible to have DNS names for .local domain to access docker UIs while in home network?

Instead of remembering IPs.

[ken-ji]

AFAIK, this can be done but has a bunch of depends. Solutions in my preferred order.

• Easiest, but potentially most complicated for the average Joe - is to have a DNS service in your LAN which would serve your custom DNS entries. Some consumer routers, and practically all pro/expert routers like cisco/mikrotik/*-wrt/pfsense have this functionality. Pi-Hole is also another option from what I understand.
• depending on the clients you have at home
  • windows PCs can look for names from a WINS server - so a linux box/vm ; a windows DC can provide this service along with a means to register the new names
  • macs can look for names with the Bonjour service (not too familiar with it as I don't directly have macs, and use the DNS approach) which is something like mDNS; linux box/VM can support this using avahi
  • everything else would be limited to the LAN DNS solution.

 

[nekromantik]

Yeah I use opnsense as my router so can leverage that but how would you get any container that's running to add it's own record automatically? Without using something like consul on a VM.

Sent from my Pixel 2 XL using Tapatalk

[BRiT]

Maybe router setup with static dhcp with dnsmasq that would provide name to ip resolution. Then its just a matter of figuring out how to get dockers to request dhcp with consistent MACs.

[ken-ji]

You can assign each docker with a static IP using the Fixed IP address (optional) field.

Then you make static assignments to the router/DNS server.

 

FYI router-level DHCP has no effect on dockers. that's why the custom docker network IP range needs to be carefully selected to prevent collisions with the LAN IPs

 

[nekromantik]

Yeah for static records it's easy to do.
However I want to automate it.
Will look at running hashicorp consul in VM. Only issue with that is it needs all container to have agent installed.

Sent from my Pixel 2 XL using Tapatalk

[unevent]

For static DHCP to work you need a static MAC address to associate with the IP.  Once you have static MAC assigned to a Docker you then assign the Docker a fixed IP as mentioned above in the Docker config page.  In your router, set up a static DHCP map for the MAC/IP combo and give it a hostname and associate with whatever is used for DNS server on your router.

 

To set a static MAC for each container I just set whatever each running container currently had for MAC address as the permanent then restarted the container.  You can determine the MAC address of a container in a few ways.  Easiest way is to use unRAID terminal at the top of the unRAID GUI (or console, telnet, etc.) issue the following command, replacing the bracketed text with the Docker container name:

docker inspect <container name or id> |grep MacAddress|tr -d ' ,"'|sort -u

I run Linux on another PC so another method is after assigning the Docker a fixed IP in the Docker config restart the container and then ping it from your Linux PC then do "arp -a" from a terminal to see the MAC.  Once you have your fixed IP and MAC address to use, go to the Docker configuration and turn on the advanced view.  In the 'Extra Parameters' box add

--mac-address=<container_mac>

...replacing the bracketed text with the MAC address reported from the docker inspect command or arp -a used above (ex: --mac-address=02:02:02:02:02:02).  If you have other commands in the that box just use a space to separate.  Then procede to your router to set up a static DHCP map and register the static map in the router DNS.  I use pfSense so almost fall-down easy.  Go to DHCP Server, add a static map, enter the IP and MAC address and a desired hostname.  Save and Apply.  If not already done, under DNS Resolver make sure "Register DHCP leases in the DNS Resolver" is ticked.  I use the Resolver, if using Forwarder (why?) Google is your friend, but probably same/similar.  I use 6.5.3 unRAID.  Earlier versions (like 6.3.5) you can use Pipework to accomplish the same thing by specifying MAC/IP combo in the command added to the Extra Parameters box for pipework method.

After all that, you can access your Docker using the hostname you assigned. (ex: sabnzbd:8080) instead of using IP:port.
 

Edited September 20, 2018 by unevent

[ken-ji]

Be advised that since Docker doesn't talk to your DHCP server in any form or fashion, simply having your dockers restart out of order will alter the assigned IP unless you fixed the IP using --ip.

 

I just went with the fixed ip per container approach + static dns records. Didn't bother with mac addresses. Also Docker assigns a mac-address that by default is simply your IP address encoded in hexadecimal.

ie. 

docker inspect ELK | grep ddress
            "IPAddress": "172.17.0.2",
            "MacAddress": "02:42:ac:11:00:02",

observe that 172 = 0xac, 17 = 0x11, 0 = 0x0, and 2 = 0x2

[unevent]

Correct, no Docker DHCP so no leases from DHCP server.  Assign the fixed IP to the Docker as was already mentioned and that will at least reserve the IP to avoid collisions.  The case you mention doesn't reserve the IP for any specific Docker, just for a Docker that you specified (fixed) that IP for.  I had come from Pipework and needed mac for static lease.

[wrobelda]

This is a fairly old thread, but the solution here is to add the docker's built in DNS Resolver to the list of the upstream DNS servers in pfsense/router/opensense. Depending on the settings, you may need to enable forwarding the non-FQDN domain requests. 

[nekromantik]

On 9/15/2019 at 7:00 PM, wrobelda said:

This is a fairly old thread, but the solution here is to add the docker's built in DNS Resolver to the list of the upstream DNS servers in pfsense/router/opensense. Depending on the settings, you may need to enable forwarding the non-FQDN domain requests. 

hi

how would you do this?

can you access the docker dns resolver from outside of containers?