Static IP for Docker container

[rmont]

Hi all,

I'm trying to give a static address to a docker container on Scale.
I tried 2 solutions, but haven't been able to make either work.

Solution 1: set a static IP for the container.

When I set this, the container still takes the main IP of the interface.
I alo tried to set the IP as an alias for interface br0 in the network configuration of the server.

Solution 2: use DHCP and set the IP on the router.

The issue I have here is that the MAC address of the container is not static, so I need to change the DHCP configuration of the router every time the container restarts.
I can't find a way to use the --mac-address parameter via the Truenas interface.

Any suggestion?

Thanks!

 

[ragametal]

I'm not an expert on these things but i managed to assign a static IP to at least one app using your Solution #1 (Kind of).
These are my settings for TVHeadend which i have assigned the IP 10.0.0.4

I think that the main difference between your setup and mine is that you are using a "bridge" for your 2 NICS which i haven't done.

In my setup, the first NIC is used to access truenas. It is set as DHCP and i set an IP reservation for it on my router.

The second NIC is NOT set as either DHCP nor static IP. It is just there with a cable plugged into the switch. This allows me to use it as a dedicated NIC for apps.

While this solution worked for this particular app, i noticed it doesn't always work. For instance, webnut will not work with this solution.

I hope this helps.

 

[rmont]

Thanks for helping.
In fact I only have one NIC on my server.
That's why I was trying to set 2 IP addresses on the same interface hoping I could then set the IP to use when I create the container.

 

[sfatula]

Thanks for helping.
In fact I only have one NIC on my server.
That's why I was trying to set 2 IP addresses on the same interface hoping I could then set the IP to use when I create the container.

You can do that. Here's what I did, I made a bridge interface. Figure out how to make a bridge interface, useful for vms also, and assign the static IP to it on the launch docker screen instead of the nic, no need for aliases. Then assign static route, and a nameserver. I also changed the dns policy for my own reasons to kubernetes first but you shouldn't need to do that unless using kubernetes internal domain names.

You can't (as you found out) use --mac-address at this time in the UI. Therefore, DHCP doesn't work.

Static IPs for containers work great and can be used for many purposes. It also allows using any port number, so, < 9000, maybe the normal port(s) for the app. I don't bother with reverse proxies et al as there is no need, it runs just as if it was a unique machine. Uisng Emby, even dlna then works (without static IP dlna works only on the kubernetes network).

I used a few static IPs in my setup, for Emby, Nextcloud, Mariadb, and a VM. These services tend to work better on normal ports.

 

[Gnome]

Thanks for helping.
In fact I only have one NIC on my server.
That's why I was trying to set 2 IP addresses on the same interface hoping I could then set the IP to use when I create the container.

You can set two IPs

It appears to me you can set as many IPs as you want.
However I've found the following:
1. You need to bind the UI to one of those IPs, else it will bind to 0.0.0.0 and the TrueNAS UI will be available on all your IPs. Making ports 443 & 80 unavailable
2. If you use port 80/443 on one of your IPs, some apps still have conflicts. For example NGINX would not run on port 443 & 80 with the UI also running on those ports, regardless if I set the IP for both explicitly. I ended up using Traefik which will run on port 80/443 while the UI runs on 443/80 (you have to do the UI first, else it will complain about the ports already being used regardless if they are in use). Note that the IPs differ, I'm not an idiot.
3. You need to obviously use static IPs for the above.

Finally I'd forget about bridge adapters, I have 4 NICs, 2x 1 GbE and 2x 10 GbE, so I created a bridge adapter with all those interfaces together and set the IPs as you see above (ie. I can plug my cable into any of them and I should have the same IP). However it led to problems on startup, bunch of errors that the network isn't available, it appears that some apps will try to use the internet before the bridge is created. TrueNAS I would say doesn't really support bridge adapters, unless you are happy about errors each time you have a reboot. (I was not ok with that)

My suggestion is to bind your Apps to one IP and your UI to another IP then use a Traefik (Truecharts) on port 443/80. You can then create apps and use the ingress option. Using that option you don't need to expose the ports of those apps. (You would still need a DNS entry on your router for each FQDN pointing to the IP you assigned to your Apps).

Alternatively MetalLB (Truecharts) will actually allow you to assign an IP per app using layer 2 (ARP), but it works as a sort of DHCP of its own. You have to dedicate a part of your IP range on your DHCP service to your NAS and then allow your NAS to respond to those APR requests (ie who has 10.0.0.234? And your NAS would respond that it has that if you have an app running on that IP).

I personally found the MetalLB route too hacky for my taste, YMMV.

 

[sfatula]

There is no issue with bridge interfaces when set up correctly. Numerous people here use them and they are required for VMs anyway to have their own IP and other purposes. It's doesn't require any more software/apps, configuration is simpler. Their own documents tell you how to set it up. Only one NIC needed. I use the same ports in many apps, it's not an issue at all. There are no errors when set up right. Hundreds of posts in Scale about using bridge adapters and it's a "normal" linux thing to do. I will provide just one, note IX themselves talk about bridges in this thread which the user initially configured wrong: https://www.truenas.com/community/threads/bridge-connections-not-working.96555/

Here's my Emby network settings (Emby using docker not APP from IX or Truecharts):

 

[Gnome]

There is no issue with bridge interfaces when set up correctly. Numerous people here use them and they are required for VMs anyway to have their own IP and other purposes. It's doesn't require any more software/apps, configuration is simpler. Their own documents tell you how to set it up. Only one NIC needed. I use the same ports in many apps, it's not an issue at all

Well anyway, folks can believe who they want but the behaviour is when Truenas starts up, it'll complain about not being able to download the catalog, which if you've setup emails, will send an error report. It obviously works just fine if re-tried.

 

[sfatula]

Mine does not do that nor should it.

 

[Gnome]

Mine does not do that nor should it. That is a misconfiguration. Been using network bridges for over 10 years.

Here is an article about multiple NICs on the same subnet for you:

Resource - Multiple network interfaces on a single subnet

We've had a number of people over the years bring up the topic of multiple network interfaces on a single subnet. Often done by Windows administrators or storage admins, where it works to varying degrees, this is sadly not proper IP networking...

www.truenas.com

This conversation is going nowhere, this wasn't what I described, nor do I believe you are in a position to rectify it (so pointless to describe it to you). I'm not interested in a d!ck measuring contest. Nor am I interested in trying to convince anyone of what is "best".

I've provided op with two options that, based on my testing of bridge, multiple IPs and L2 advertisement, multiple IPs on the same adapter worked the best overall, but if OP wants to use bridge interfaces, all the power to them.

 

[sfatula]

This conversation is going nowhere, this wasn't what I described

If that is the case then I misunderstood your post, sorry about that. I've removed a few items related to what I misuderstood about your posts.