Reputation: 819
Giving a docker container a routable ip address
I am running this on ubuntu 14.04 and have set docker0 to a static ip which is then routed to from the public ip through the firewall. I am trying to set up my backend API to run in a docker container and am confused by a couple things.
1.) How would I map docker0's ip to the container's ip such that docker0 would know to send the incoming packets to the container (dynamically if possible).
2.) If not already done in such a way, how could I make it so that I don't have to set this up every time I do a fresh run of that docker container?
Thanks in advance!
Upvotes: 25
Views: 58358
Answers (2)
Reputation: 2296
I assume you want to have an IP assigned to your docker container outside of docker.
First, create a new IP and assign it to your host's interface (we assume your interface is called eth0.
$> ip addr add 10.0.0.99/8 dev eth0
Now, when you fire up the container, specify that address and link it to your docker container:
$> docker run -i -t --rm -p 10.0.0.99:80:8080 base
The -p argument will make docker create an iptables NAT rule which will nat all the traffic matching the destination 10.0.0.99:80 to your docker container on port 8080.
If you need to automate the process and scale it out, consult this resource: https://github.com/jpetazzo/pipework
The docker documentation is a good start: https://docker.github.io/engine/userguide/networking/
Upvotes: 40
Reputation: 1998
Recently I had the same problem and solved it using Network Containers:
- Start my 'service' container that I want to be available on the public IP
- Create a new 'network' container that is linked with the service container and does routing to the ports exposed by the service container. This container will have an extra network interface bridged with the host so it can acquire an IP from DHCP.
- Create a network bridge from the Docker host to the container using jpetazzo's Pipework (https://github.com/jpetazzo/pipework)
- The network container acquires an address from DHCP.
From this point on the network container is available on the network and routes the ports to the service container. The main advantage is that the 'service' container does not have to know about the public IP, DHCP, etc. This way every running container can be made public on the network.
For convenience, I created a script that does all of this at once. Making a running container available on a public IP is as simple as:
create-network-container.sh webserver ens32
In this case you would need to have a running container called 'webserver', and a network interface on the host 'ens32'. The interface is needed in order to create the bridge into the network container.
The script, more detailed info and examples are available on: https://github.com/jeroenpeeters/docker-network-containers
Upvotes: 9
Related Questions
- Assign static IP to Docker container
- Obtaining the ip address of a docker container
- Exposing a Docker container port
- How can I access a docker container via ip address
- How to give a docker container its own routable IP (different from the host's)?
- How to assign specific IP to container and make that accessible outside of VM host?
- Docker container IP address
- Docker-machine - IP address conflict
- how to properly specify an IP for a docker container
- Why does boot2docker ip fail?