Feature Enhancement: Docker Network types

[brianmiller]

So far, we've only tested Bridge mode. We need to test L2 connectivity and update the readme for more clarity.

[Maxver0]

I have definitely encountered a lot of issues when attempting to implement this server. Although the diagrams do refer some of it, I would definitely clarify it further with a proper step list or requirement list.

My Unraid host is on 10.0.0.100, shared with my home local network, which is where I have deployed the docker image, with all ports set to default, e.g. 8080, 8888, 25000-26000.

In order to make it reachable over the internet, I have set up port forwarding for these ports and that host. Because I have dynamic IP, I had to get a "NoIp" container that periodically updates the DNS entry for my domain at noip.com with my current public ip address.

At first, I tried using private-ip for phvalheimHost and gameDNS, it worked within the internal network when launching the games through the admin page but it didn't work for over-the-internet users, just as described in the readme.

I ended up trying to accommodate the requirement of having an HTTPS domain with SSL cert. For that purpose, I have spun up a https://hub.docker.com/r/jc21/nginx-proxy-manager that uses custom network type, called macvlan in docker.

This proxy container was able to reach any device in the internal network, besides the unraid host 10.0.0.100, which is apparently a security feature of the docker. As you can imagine, it was problematic because mydomain.com was supposed to be redirected to 10.0.0.100:8080, but it wasn't reachable.

I have found two different solutions to this. The less pretty one was to configure mydomain.com to point at my proxy at ports 80 and 443 and then have the proxy forward it to another server (in my case it was a friend with an enterprise-grade network router and firewall), which will forward it back to my public address at port 8080, which go through the port forwarding to host 10.0.0.100 at port 8080. It ended up doing one extra round trip around the internet, just to forward the traffic.

I ended up using another solution, which requires you to create another interface in docker that enables the communication between the 10.0.0.100 docker host and the container that uses macvlan container (10.0.0.101). https://stackoverflow.com/questions/49600665/docker-macvlan-network-inside-container-is-not-reaching-to-its-own-host/64360858#64360858

The remaining issue I still have is that when launching the world, mydomain.com is pointing to my personal public IP at port 2500X and I end up getting timeout because the router can't seem to route it properly. So in order to solve this, I have had to utilize the port forwarder that my friend setup earlier(my friends). I have modified the drivers/etc/hosts file in windows to have the mydomain.com point at my friend's public address, which he forwards to my public address at 2500X.

10.0.0.101 Listening at 443, 88 10.0.0.100 Listening at 8080, 8888, 25000-26000 UDP

Public IP forwards 8080, 8888, 25000-26000 UDP to 10.0.0.100 Public IP forwards 443, 88 to 10.0.0.101 Private 10.0.0.101 forwards to 10.0.0.100:8080

mydomain.com resolves to Public IP. mydomain.com is configured as phvalheimHost and gameDNS

[spoonwzd]

FYI if you set "Host access to custom networks" to enabled in unraid docker advanced options (docker has to be stopped to be able to change) the docker apps can then communicate with the unraid IP.

[brianmiller]

Yeah, this is likely needed for those hosting reverse proxies on the same Unraid host using custom networks.

We're reassessing the internal webserver architecture and believe we can bring everything internal to the container itself.

More to come!

[brianmiller]

Solved by #17

As of phvalheim-server >=2.0

• A reverse proxy is no longer required
• The admin interface listens on a isolated port
• The public interface no longer requires SSL/TLS
• Direct IP connections to public and admin interfaces work