jazzymc
980df5517d
- Pinned traefik-manager to 172.18.0.4 (was floating in the dynamic pool) - Added Uptime Kuma monitor id=38 "Traefik Container (direct)" — TCP probe at 172.18.0.3:80, decoupled from the routing-layer HTTP probe so a Traefik container failure is distinguishable from a routing breakage - Documented that AutoKuma v2 is silently broken; monitor was created via direct SQL insert as a workaround
3.8 KiB
dockerproxy Docker Network
User-defined Docker bridge on Unraid hosting Traefik and all reverse-proxied services. Defined imperatively (not in any compose file — stacks reference it as external: true).
IPAM
| Property | Value |
|---|---|
| Driver | bridge |
| Subnet | 172.18.0.0/16 |
| Gateway | 172.18.0.1 |
| IP Range (dynamic pool) | 172.18.0.128/25 (.128–.255) |
| Static reservation block | 172.18.0.2 – 172.18.0.127 |
The --ip-range constrains Docker's auto-allocation to .128–.255. Anything pinned via compose ipv4_address outside that range is conflict-free. Set up 2026-05-17 after the collision incident in incidents/2026-05-17-traefik-ip-collision.md.
Recreate Command
If the network is ever lost (Docker reset, accidental docker network rm):
docker network create \
--driver bridge \
--subnet 172.18.0.0/16 \
--gateway 172.18.0.1 \
--ip-range 172.18.0.128/25 \
dockerproxy
After recreating, compose-managed containers reconnect via docker compose up -d. Standalone containers need docker network connect [--ip <static>] dockerproxy <name>.
Static Assignments (2026-05-17)
| IP | Container |
|---|---|
| .1 | (gateway) |
| .3 | traefik |
| .4 | traefik-manager |
| .6 | dockersocket |
| .8 | authentik-worker |
| .9 | authentik |
| .10 | postgresql17 |
| .14 | Redis |
| .15 | vaultwarden |
| .16 | actual-budget |
| .18 | Uptime-Kuma-API |
| .19 | AutoKuma |
| .20 | UptimeKuma |
| .21 | speedtest-tracker |
| .22 | obsidian-livesync |
| .23 | SeekAndWatch |
| .25 | karakeep |
| .26 | transmission |
| .31 | gitea |
| .32 | woodpecker-server |
| .33 | woodpecker-agent |
| .43 | radarr |
| .44 | sonarr |
| .45 | prowlarr |
| .50 | dockhand |
| .53 | n8n |
| .60 | overseerr |
| .61 | plex_debrid |
| .62 | zurg |
| .63 | zurg-rclone |
| .65 | xtrm-agent |
| .66 | kasm |
| .70 | ewa-apps |
| .128+ | dynamic pool (traefik-manager landed here) |
Adding a New Service
- Pick a free IP in
.2–.127(or omit and accept dynamic.128+) - In compose:
services: myservice: networks: dockerproxy: ipv4_address: 172.18.0.X networks: dockerproxy: external: true - Append to the table above and commit.
Snapshot of Pre-Recreate State
On Unraid: /root/dockerproxy-recreate-2026-05-17/
network-before.json— fulldocker network inspectoutputstate.tsv— per-container name/static-IP/runtime-IP/status/restart-policycontainers.txt— sorted container list (32 entries)
Monitoring
Two Uptime Kuma monitors cover Traefik (since 2026-05-17):
| ID | Name | Type | Target | Purpose |
|---|---|---|---|---|
| 6 | Traefik Dashboard | http | https://traefik.xtrm-lab.org | End-to-end check (routing + TLS) |
| 38 | Traefik Container (direct) | port | tcp://172.18.0.3:80 | Direct TCP probe inside dockerproxy — detects "container not running" independently of routing |
Diagnostic combination:
- id=6 red + id=38 green → Traefik is up but misconfigured/routing-broken
- both red → Traefik container itself is down
Known Issue — AutoKuma broken
AutoKuma v2.0.0 logs into Uptime Kuma successfully but silently loops on getTags and never scans Docker containers. Suspected AUTOKUMA_DOCKER=1 (single-underscore v1 syntax) isn't recognised by v2's nested-double-underscore config. Also, the bundled medaziz11/uptimekuma_restapi:dev API container is out of date — its POST /monitors fails on the now-required conditions column.
As a workaround, monitor id=38 was created with a direct INSERT INTO monitor on /mnt/user/appdata/uptimekuma/kuma.db followed by an UK container restart. The kuma.traefik_container.* labels on traefik-manager are inert until AutoKuma is fixed but kept in place for that future.