Recent Discussions
Internal docker communication
Unanswered
Black Russian Terrier posted this in #questions
47 messages
0 views
Black Russian TerrierOP
We currently have 2 linux servers. Node1 and Node2
These two can communicate to each other through Tailscale(VPN) and we have a pterodactyl panel that manages these nodes / containers.
The problem we have is the internal communication.
Docker container id's / and the internal ip reset every time we reboot / update / upgrade.
Anyone has any advice on how to deal with internal docker communication between containers?
These two can communicate to each other through Tailscale(VPN) and we have a pterodactyl panel that manages these nodes / containers.
The problem we have is the internal communication.
Docker container id's / and the internal ip reset every time we reboot / update / upgrade.
Anyone has any advice on how to deal with internal docker communication between containers?
@Black Russian Terrier We currently have 2 linux servers. Node1 and Node2
These two can communicate to each other through Tailscale(VPN) and we have a pterodactyl panel that manages these nodes / containers.
The problem we have is the internal communication.
Docker container id's / and the internal ip reset every time we reboot / update / upgrade.
Anyone has any advice on how to deal with internal docker communication between containers?
These two can communicate to each other through Tailscale(VPN) and we have a pterodactyl panel that manages these nodes / containers.
The problem we have is the internal communication.
Docker container id's / and the internal ip reset every time we reboot / update / upgrade.
Anyone has any advice on how to deal with internal docker communication between containers?
Is this a self hosted machine thats why they are internal only and not exposed to the public?
@Tamz Is this a self hosted machine thats why they are internal only and not exposed to the public?
Black Russian TerrierOP
They are both self hosted Hetzner machines
@Black Russian Terrier They are both self hosted Hetzner machines
Why not let them just be public?
Tailscale is nice but it has bandwidth limitations that cause it to be "Eh"
Tailscale is nice but it has bandwidth limitations that cause it to be "Eh"
Bluetick Coonhound
Your panel just needs to be able to reach wings?
IMO using firewall rules to only allow communication between the two wan ips is more solid
@Bluetick Coonhound IMO using firewall rules to only allow communication between the two wan ips is more solid
Black Russian TerrierOP
Do you know any articles that could us exactly what we would have to allow/disallow to secure our machines if we opted to go this route?
Are these hetzner vps's or dedicated machines?
Black Russian TerrierOP
Dedicated machines
@Black Russian Terrier Do you know any articles that could us exactly what we would have to allow/disallow to secure our machines if we opted to go this route?
Bluetick Coonhound
Both iptables and ufw offers a way to allow a specific port from a specific ip
Use either, and it should be a quick google search for the specific command (I can’t remember it)
Remember panels and wings need to have bidirectional communication, so panel needs to be able to reach wings, and the same applies for the other way around
Black Russian TerrierOP
Ah, so basically just let both machines communcate freely with eachother, disallow communication outside of those IPs and then allowing people to SSH to the machines via (in our case) Tailscale would be a good way to secure our machines?
Bluetick Coonhound
If you only have one guy accessing the machines through ssh (perhaps yourself), then I’d just set another conditional firewall rules to permit port 22 from your ip only (in the firewall provided by hetzner, NOT your dedis)
In case your wan IP change, you can go onto hetzner’s website to change the firewall rules configured for ssh, if you do it on the dedis directly, you can very much lock yourself out
This place
image.png
Bluetick Coonhound
That also works for wings/panel comms, in case you don’t want to fiddle with device firewall
Black Russian TerrierOP
Ah, we'll probably just go with whitelisting the machine ips via ufw and using tailscale since we have 2 others beside me that need access to SSH
Could this also be why our panel is acting very slow lately/stuck on loading frequently? It happens on random moments when IO appears to be increased
Bluetick Coonhound
Could be, I don’t use tailscale personally, but as tamz mentioned there is a bandwidth limit
And that can hurt when panel tries to move files to wings
And that can hurt when panel tries to move files to wings
Its defo the method of having tailscale be the only way to connect
Loading...
Loading...