search

zyclonite / zerotier-docker

ZeroTier One as Docker Image
MIT License
305 stars 74 forks source link

Isolated networking #5

Open pablofrommars opened 2 years ago

pablofrommars commented 2 years ago

Thanks for your work, this has been very valuable already.

Apologies if this is off topic as it is more a question than an actual issue. I would like to be able to create an isolated network for multiple containers running on the same host along side zerotier-docker. Basically sharing the interface created by your image to a group of containers. Is this a use case you have experimented with before?

zyclonite commented 2 years ago

i have not tried that before but i would play with iptables on the host to forward packages between the docker network and the zt interface

zyclonite commented 1 year ago

i guess that's possible now with the -router tag of this container, you can simply create a container network and have one zerotier container as a gateway routing only into this virtual network

Paraphraser commented 1 year ago

Rather than open a new issue, I'll just mention here that the main page on DockerHub probably needs updating too.

zyclonite commented 1 year ago

true, i will update it

PovilasID commented 1 year ago

I have taken a slightly different approach.

  1. Removing --net=host so the container gets isolated inside of its own network
  2. Change default port to away from 9993 to avoid collisions if running multiple instances. Add volume ./zerotier_config:/var/lib/zerotier-one and inside of it create file local.conf and add: 
    {
"settings": {
"primaryPort": 9997
}
}
  3. In another container that needs access to ZT network set network_mode: container:zerotier_container_name (this step can differ) This way you can have multiple ZT containers running with access to different networks without exposing these networks to the host.
airtonix commented 2 months ago

@PovilasID cheers.

---
version: "3.8"

services:
  arma-reforger:
    image: ghcr.io/acemod/arma-reforger:latest
    platform: linux/amd64
    # left here for posterity
    # ports:
    #   - "2001:2001/udp"
    #   - "17777:17777/udp"
    #   - "19999:19999/udp"

    volumes:
      - ./reforger/configs:/reforger/Configs
      - ./reforger/profile:/home/profile
      - ./reforger/workshop:/reforger/workshop

    environment:
      - ARMA_CONFIG
      - SERVER_PUBLIC_ADDRESS

    network_mode: service:zerotier

  zerotier:
    image: zyclonite/zerotier:latest
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - ./zerotier:/var/lib/zerotier-one

preparation zerotier:

  1. create an empty file ./zerotier/networks.d/YOUR_NETWORK_ID.conf
  2. create a file ./zerotier/local.conf with content
{
  "settings": {
    "primaryPort": 9997
  }
}
  1. docker compose run zerotier
  2. login to zerotier
  3. auth the new connection
  4. vis the provided IP address as SERVER_PUBLIC_ADDRESS

preparation arma reforger

  1. start Arma Reforger (the client) > Multiplayer > Host
  2. pick mods
  3. set public and bind ip address to same as #4
  4. press Save (note the saved file) as ARMA_CONFIG
  5. move that file to ./reforger/configs/

start:

  1. ARMA_CONFIG=Config_CombatOpsEveronRHSUSMC.json SERVER_PUBLIC_ADDRESS=1.2.3.4 docker compose up