docker-traefik
docker-traefik copied to clipboard
htpcBeginner
Rename socket_proxy to zsocket_proxy
docker-compose v2 had network priority, unfortunately docker-compose v3 does not have this functionality (yet?). See https://github.com/docker/cli/issues/1372
Networks are assigned to containers using alphabetical order, in this case it means that "socket_proxy" is always ordered before "t2_proxy", this in turn means that the default gateway in containers is always the "socket_proxy" gateway and therefore the outgoing IP address to other containers. I believe this is wrong and the outgoing containers' IPs should always be the default networks gateway and respective IP as well as the traefik containers' IP - never the socket-proxy IP.
I recently ran into this problem due to Authelia refusing oauth requests from container-to-container since I didn't allow the socket-proxy network to communicate via Authelia (because why should it, it should always just be container <-> docker sock).
Taking the traefik container as an example:
Before the change
$ docker exec traefik route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.91.1 0.0.0.0 UG 0 0 0 eth0
192.168.90.0 * 255.255.255.0 U 0 0 0 eth1
192.168.91.0 * 255.255.255.0 U 0 0 0 eth0
After the change
(note the assignment of eth0/eth1)
$ docker exec traefik route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.90.1 0.0.0.0 UG 0 0 0 eth0
192.168.90.0 * 255.255.255.0 U 0 0 0 eth0
192.168.91.0 * 255.255.255.0 U 0 0 0 eth1
This could have been changed in docker-compose v2 with the priority attribute (assigning e.g. priority: 10 to the traefik proxy network), but this just doesn't work with docker-compose v3. 😐
Sorry for the delay. The reason i havent' merged this yet is because i will have to modify a whole bunch of documentation to reflect this.
