0

I would like to set up a reverse proxy (traefik) on a VPS and then give give traefik container a static IP.

This is the network block i want to have in the end:

networks:
  t2_proxy:
    name: t2_proxy
    driver: bridge
    ipam:
      config:
        - subnet: xxx.xxx.xx.0/xx
  default:
    driver: bridge
  socket_proxy:
    name: socket_proxy
    driver: bridge
    ipam:
      config:
        - subnet: xxx.xxx.xx.0/xx

These are the details from the VPS provider. I have edited the IP addresses but maintained a reasonable level of similarity to what I have on my end:

IPv4 address for eth0: 111.221.222.78
IPv4 address for eth0: 10.20.0.6
IPv6 address for eth0: 2676:b880:daz:h0::j6s:b002
IPv4 address for eth1: 10.115.0.2
VPC IP range: 10.115.0.0/20

From the details above, how does one assign a subnet to a network and a static IP to a service like traefik? Most of these ideas are from smarthomebeginner tutorials.

Kranja
  • 331
  • 1
  • 2
  • 8

1 Answers1

1

Delete all of the networks: settings you show. The Docker-internal IP addresses are internal to Docker; they're unreachable from outside a Docker container (and definitely unreachable from other hosts) and they do not specify host IP addresses.

(I'd recommend deleting all of the networks: blocks in the entire file, in fact. Compose provides you a network named default and uses it automatically if no other settings are specified. This single shared network is right for almost all applications at a scale where Compose is the right tool.)

Instead, when you declare ports:, there is an optional part of the port specification that is a host IP address. By default all ports: are published on all host interfaces, but you can restrict a port to be published on a single interface.

For example:

version: '3.8'
services:
  traefik:
    ports:
      # Publish the main HTTP router to all interfaces
      - '80:80'
      # Publish the admin UI only to the internal network and the current machine
      - '10.20.0.6:8080:8080'
      - '127.0.0.1:8080:8080'
  app:
    ports:
      # Only directly accessible from the current host as `localhost`
      - '127.0.0.1:8081:80'
  db:
    # no `ports:` at all
# no `networks:` in the entire file
David Maze
  • 130,717
  • 29
  • 175
  • 215
  • This approach solved my issue. I have not tried the solution using multiple stacks to see whether there might be overlaps between different subnets (and therefore the need for that subnet declaration in the first place, according to the author of that compose file), but I am not comfortable enough to tamper with a working setup at this point. – Kranja Dec 29 '22 at 06:29