[6.3.0+] How to setup Dockers without sharing unRAID IP address


ken-ji

Recommended Posts

1 minute ago, CHBMB said:

Errr, I've kinda changed my approach now, doing it all at the firewall level.  But I did enjoy messing around with the macvlan stuff and I can definitely see how it would be very useful for others.

 

Your firewall solution is good, but with macvlan support you can do more... :)

 

E.g. it allows you to give individual dockers their own IP address (either dynamically or statically).

Say you want to run two web servers and both use port 80, this becomes a very easy task.

Docker isolation is also made very easy, e.g. run a docker within its own (local) network segment

  • Upvote 1
Link to comment
13 minutes ago, bonienl said:

Perhaps you would be interested to know that macvlan support is added in the upcoming version of unRAID, it allows you to select additional 'custom' networks from the GUI.

 

 

When is this coming?? I'm excited now :D

Link to comment
1 minute ago, wgstarks said:

This all sounds very interesting but I'm afraid I'm a little short on the background to understand most of this. Could someone point me to a good vlan for dummies guide.

 

Actually macvlan is the solution used by Docker, but from a GUI perspective this is hidden and the user is just presented with some additional network choices and doesn't need to worry about the underlaying translation.

 

Link to comment
 
Your firewall solution is good, but with macvlan support you can do more...
 
E.g. it allows you to give individual dockers their own IP address (either dynamically or statically).
Say you want to run two web servers and both use port 80, this becomes a very easy task.
Docker isolation is also made very easy, e.g. run a docker within its own (local) network segment

Oh yeah, absolutely, I just don't need to.... yet. Never say never.

Sent from my LG-H815 using Tapatalk

Link to comment
18 hours ago, bonienl said:

 

Your firewall solution is good, but with macvlan support you can do more... :)

 

E.g. it allows you to give individual dockers their own IP address (either dynamically or statically).

Say you want to run two web servers and both use port 80, this becomes a very easy task.

Docker isolation is also made very easy, e.g. run a docker within its own (local) network segment

 

The only thing needed is fitting this nicely in the interface, now if we could find someone who would be amazin at that....

Link to comment
  • 3 weeks later...
11 hours ago, zin105 said:

I just can't get this to work. When I try to access the WebUI of my container it times out. 

 

Here's a link to my network page; Picture

 

The IP address details are:
unRAID = 192.168.1.216
Gateway/router = 192.168.1.1
Subnet = 192.168.1.0/24

 

The command I wrote;

docker network create \
-o parent=br1 \
--driver macvlan \
--subnet 192.168.1.0/24 \
--ip-range 192.168.1.128/25 \
--gateway 192.168.1.1 \
docker1

 

Here's a link to the docker settings in question; Picture

 

Update; Here's the output of the commands listed in the OP. And yes, the container is started fully (green play button).

 


root@HTPC:~# docker inspect duplicati | grep IPAddress
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "192.168.1.213",
root@HTPC:~# docker exec duplicati ping www.google.com
rpc error: code = 2 desc = containerd: container not started

 

This is the output of a different container I tried it on. Gives a different result.

 


root@HTPC:~# docker exec observium ping www.google.com
ping: unknown host www.google.com
root@HTPC:~# docker exec observium ping 8.8.8.8
connect: Network is unreachable

Do it like this instead FPA0ZpW.png

 

Link to comment
11 hours ago, zin105 said:

I just can't get this to work. When I try to access the WebUI of my container it times out. 

 

Here's a link to my network page; Picture

 

The IP address details are:
unRAID = 192.168.1.216
Gateway/router = 192.168.1.1
Subnet = 192.168.1.0/24

 

The command I wrote;

docker network create \
-o parent=br1 \
--driver macvlan \
--subnet 192.168.1.0/24 \
--ip-range 192.168.1.128/25 \
--gateway 192.168.1.1 \
docker1

 

Here's a link to the docker settings in question; Picture

 

Update; Here's the output of the commands listed in the OP. And yes, the container is started fully (green play button).

 


root@HTPC:~# docker inspect duplicati | grep IPAddress
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "192.168.1.213",
root@HTPC:~# docker exec duplicati ping www.google.com
rpc error: code = 2 desc = containerd: container not started

 

This is the output of a different container I tried it on. Gives a different result.

 


root@HTPC:~# docker exec observium ping www.google.com
ping: unknown host www.google.com
root@HTPC:~# docker exec observium ping 8.8.8.8
connect: Network is unreachable

 

Can you also show the outputs of

docker ps -a

and

docker exec [container] ip route

 

The errors seem to be related to something else.

 

Also, your unraid server is in the same group of addresses you told docker to use.

This is not a problem yet, but could be when something decides to use the same address by chance (unless all your dockers will have static ips)

Edited by ken-ji
Link to comment
1 hour ago, zin105 said:

The only things I see in that screenshot is that you have a manual WebUI adress and --restart on-failure?

Yes and look at your web ui link, it will not work with the [port] part, its needs a real link like mine. So just remove the brackets and the word port.

Edited by Porkie
Link to comment
  • 3 weeks later...

How would I change the commands in the OP if I wanted the IP range for my dockers to be from 192.168.1.224-192.168.1.254?  Is that possible?  Alternatively, how would the original commands change, and then the docker creation, if I wanted to use a static IP when creating a docker?

 

On May 1 a bunch of this stuff was said to be coming soon - presumably it has landed?  That isn't mentioned in this thread.  If so, in what version?

Link to comment
11 minutes ago, wayner said:

How would I change the commands in the OP if I wanted the IP range for my dockers to be from 192.168.1.224-192.168.1.254?  Is that possible?  Alternatively, how would the original commands change, and then the docker creation, if I wanted to use a static IP when creating a docker?

 

On May 1 a bunch of this stuff was said to be coming soon - presumably it has landed?  That isn't mentioned in this thread.  If so, in what version?

6.4RC2 is the current version.

https://forums.lime-technology.com/topic/57823-unraid-os-version-640-rc-changes/

Edited by wgstarks
Link to comment
2 minutes ago, wayner said:

ok thanks - I need the DVB build for my TV tuners so I will have to wait until it comes out and you get the DVB build done.

 

I thought the dvb builds where done. TBS closed source is dead if that is what you are waiting for. 

Link to comment
6 minutes ago, wayner said:

No, I don't think I need that.  The main thing that I need from that build is the drivers for the Hauppauge HD-PVR and firewire.

 

I haven't updated for a bit so I am on 6.3.1.

 

There was some support for the Hauppauge card in one of the builds. Don't remember if it was the Libreelec or open source TBS. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.