Last active
October 16, 2022 20:25
-
-
Save antifessional/2ba5f7192a8ae2acf7122fb166210bf7 to your computer and use it in GitHub Desktop.
How to set up traefik on docker to listen to multiple ip addresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Why | |
| ==================== | |
| For example, so that your firewall can apply different rules to different services | |
| based on ip | |
| What is the problem: | |
| ==================== | |
| docker allows you to have one ip address per network interface. | |
| Solution | |
| ==================== | |
| 1. change the downstream network of the traefik container to a macvlan network. | |
| docker network create --drive=macvlan --subnet=X.X.X.0/24 YOUR_NET_NAME | |
| 2. download and modify <entrypoint.sh> from https://github.com/traefik/traefik/ | |
| note the change to the shebang to !#/bin/ash | |
| add the following at the top: | |
| #!/bin/ash | |
| if [ -n "$ADD_ADDRESSES" ]; then | |
| for ipaddr in $ADD_ADDRESSES ; do | |
| ip address add $ipaddr dev eth0 | |
| done | |
| fi | |
| 3. create in the same directory a local dockerfile with at least these commands | |
| FROM traefik:v2.5 | |
| RUN apk update && apk add iproute2 | |
| COPY ./entrypoint.sh / | |
| and build local image of traefik | |
| 4. make changes to your docker-compose file | |
| a. change the image to the local image built in step 3. above | |
| b. add the following to the traefik service: | |
| cap_add: | |
| - NET_ADMIN | |
| environment: | |
| - ADD_ADDRESSES=X.X.X.Y/24 X.X.X.Z/24 | |
| c. make sure to specify the correct network (step 1) in the docker-compose file | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment