zerotier-docker icon indicating copy to clipboard operation
zerotier-docker copied to clipboard

Published 20 hours ago verified publisher icon zyclonite

Isolated networking

Open pablofrommars opened this issue 3 years ago • 6 comments

Thanks for your work, this has been very valuable already.

Apologies if this is off topic as it is more a question than an actual issue. I would like to be able to create an isolated network for multiple containers running on the same host along side zerotier-docker. Basically sharing the interface created by your image to a group of containers. Is this a use case you have experimented with before?

pablofrommars avatar Nov 19 '21 21:11 pablofrommars

i have not tried that before but i would play with iptables on the host to forward packages between the docker network and the zt interface

zyclonite avatar Jan 24 '22 15:01 zyclonite

i guess that's possible now with the -router tag of this container, you can simply create a container network and have one zerotier container as a gateway routing only into this virtual network

zyclonite avatar Jul 31 '22 09:07 zyclonite

Rather than open a new issue, I'll just mention here that the main page on DockerHub probably needs updating too.

Paraphraser avatar Jul 31 '22 10:07 Paraphraser

true, i will update it

zyclonite avatar Jul 31 '22 15:07 zyclonite

I have taken a slightly different approach.

  1. Removing --net=host so the container gets isolated inside of its own network
  2. Change default port to away from 9993 to avoid collisions if running multiple instances. Add volume ./zerotier_config:/var/lib/zerotier-one and inside of it create file local.conf and add:
{
  "settings": {
    "primaryPort": 9997
  }
}
  1. In another container that needs access to ZT network set network_mode: container:zerotier_container_name (this step can differ) This way you can have multiple ZT containers running with access to different networks without exposing these networks to the host.

PovilasID avatar Apr 10 '23 18:04 PovilasID

@PovilasID cheers.

---
version: "3.8"

services:
  arma-reforger:
    image: ghcr.io/acemod/arma-reforger:latest
    platform: linux/amd64
    # left here for posterity
    # ports:
    #   - "2001:2001/udp"
    #   - "17777:17777/udp"
    #   - "19999:19999/udp"

    volumes:
      - ./reforger/configs:/reforger/Configs
      - ./reforger/profile:/home/profile
      - ./reforger/workshop:/reforger/workshop

    environment:
      - ARMA_CONFIG
      - SERVER_PUBLIC_ADDRESS

    network_mode: service:zerotier

  zerotier:
    image: zyclonite/zerotier:latest
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - ./zerotier:/var/lib/zerotier-one

preparation zerotier:

  1. create an empty file ./zerotier/networks.d/YOUR_NETWORK_ID.conf
  2. create a file ./zerotier/local.conf with content
{
  "settings": {
    "primaryPort": 9997
  }
}
  1. docker compose run zerotier
  2. login to zerotier
  3. auth the new connection
  4. vis the provided IP address as SERVER_PUBLIC_ADDRESS

preparation arma reforger

  1. start Arma Reforger (the client) > Multiplayer > Host
  2. pick mods
  3. set public and bind ip address to same as #4
  4. press Save (note the saved file) as ARMA_CONFIG
  5. move that file to ./reforger/configs/

start:

  1. ARMA_CONFIG=Config_CombatOpsEveronRHSUSMC.json SERVER_PUBLIC_ADDRESS=1.2.3.4 docker compose up

airtonix avatar Apr 25 '24 00:04 airtonix