jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
980df5517d4b68de4dbe4dacde7bd10a2d8790c1
infrastructure/docs/13-DOCKERPROXY-NETWORK.md
T
jazzymc 980df5517d dockerproxy: pin traefik-manager to .4, add direct TCP monitor for traefik 
- Pinned traefik-manager to 172.18.0.4 (was floating in the dynamic pool)
- Added Uptime Kuma monitor id=38 "Traefik Container (direct)" — TCP probe
  at 172.18.0.3:80, decoupled from the routing-layer HTTP probe so a
  Traefik container failure is distinguishable from a routing breakage
- Documented that AutoKuma v2 is silently broken; monitor was created via
  direct SQL insert as a workaround
2026-05-17 11:54:29 +03:00

112 lines
3.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# dockerproxy Docker Network
User-defined Docker bridge on Unraid hosting Traefik and all reverse-proxied services. Defined imperatively (not in any compose file — stacks reference it as `external: true`).
## IPAM
| Property | Value |
|----------|-------|
| Driver | `bridge` |
| Subnet | `172.18.0.0/16` |
| Gateway | `172.18.0.1` |
| IP Range (dynamic pool) | `172.18.0.128/25` (.128.255) |
| Static reservation block | `172.18.0.2 172.18.0.127` |
The `--ip-range` constrains Docker's auto-allocation to `.128.255`. Anything pinned via compose `ipv4_address` outside that range is conflict-free. Set up 2026-05-17 after the collision incident in `incidents/2026-05-17-traefik-ip-collision.md`.
## Recreate Command
If the network is ever lost (Docker reset, accidental `docker network rm`):
```bash
docker network create \
--driver bridge \
--subnet 172.18.0.0/16 \
--gateway 172.18.0.1 \
--ip-range 172.18.0.128/25 \
dockerproxy
```
After recreating, compose-managed containers reconnect via `docker compose up -d`. Standalone containers need `docker network connect [--ip <static>] dockerproxy <name>`.
## Static Assignments (2026-05-17)
| IP | Container |
|----|-----------|
| .1 | (gateway) |
| .3 | traefik |
| .4 | traefik-manager |
| .6 | dockersocket |
| .8 | authentik-worker |
| .9 | authentik |
| .10 | postgresql17 |
| .14 | Redis |
| .15 | vaultwarden |
| .16 | actual-budget |
| .18 | Uptime-Kuma-API |
| .19 | AutoKuma |
| .20 | UptimeKuma |
| .21 | speedtest-tracker |
| .22 | obsidian-livesync |
| .23 | SeekAndWatch |
| .25 | karakeep |
| .26 | transmission |
| .31 | gitea |
| .32 | woodpecker-server |
| .33 | woodpecker-agent |
| .43 | radarr |
| .44 | sonarr |
| .45 | prowlarr |
| .50 | dockhand |
| .53 | n8n |
| .60 | overseerr |
| .61 | plex_debrid |
| .62 | zurg |
| .63 | zurg-rclone |
| .65 | xtrm-agent |
| .66 | kasm |
| .70 | ewa-apps |
| .128+ | dynamic pool (traefik-manager landed here) |
## Adding a New Service
1. Pick a free IP in `.2.127` (or omit and accept dynamic `.128+`)
2. In compose:
```yaml
services:
myservice:
networks:
dockerproxy:
ipv4_address: 172.18.0.X
networks:
dockerproxy:
external: true
```
3. Append to the table above and commit.
## Snapshot of Pre-Recreate State
On Unraid: `/root/dockerproxy-recreate-2026-05-17/`
- `network-before.json` — full `docker network inspect` output
- `state.tsv` — per-container name/static-IP/runtime-IP/status/restart-policy
- `containers.txt` — sorted container list (32 entries)
## Monitoring
Two Uptime Kuma monitors cover Traefik (since 2026-05-17):
| ID | Name | Type | Target | Purpose |
|----|------|------|--------|---------|
| 6 | Traefik Dashboard | http | https://traefik.xtrm-lab.org | End-to-end check (routing + TLS) |
| 38 | Traefik Container (direct) | port | tcp://172.18.0.3:80 | Direct TCP probe inside dockerproxy — detects "container not running" independently of routing |
Diagnostic combination:
- id=6 red + id=38 green → Traefik is up but misconfigured/routing-broken
- both red → Traefik container itself is down
## Known Issue — AutoKuma broken
AutoKuma v2.0.0 logs into Uptime Kuma successfully but silently loops on `getTags` and never scans Docker containers. Suspected `AUTOKUMA_DOCKER=1` (single-underscore v1 syntax) isn't recognised by v2's nested-double-underscore config. Also, the bundled `medaziz11/uptimekuma_restapi:dev` API container is out of date — its `POST /monitors` fails on the now-required `conditions` column.
As a workaround, monitor id=38 was created with a direct `INSERT INTO monitor` on `/mnt/user/appdata/uptimekuma/kuma.db` followed by an UK container restart. The `kuma.traefik_container.*` labels on `traefik-manager` are inert until AutoKuma is fixed but kept in place for that future.
Reference in New Issue View Git Blame Copy Permalink