jazzymc
dd1c15cf6b
Recreated dockerproxy network with --ip-range 172.18.0.128/25 so Docker auto-allocations are isolated from the .2-.127 static reservation block. Eliminates IP-collision class that caused the 2026-05-17 Traefik outage. Adds 13-DOCKERPROXY-NETWORK.md as the canonical reference for the network spec, recreate command, and current IP assignments.
2.5 KiB
2.5 KiB
dockerproxy Docker Network
User-defined Docker bridge on Unraid hosting Traefik and all reverse-proxied services. Defined imperatively (not in any compose file — stacks reference it as external: true).
IPAM
| Property | Value |
|---|---|
| Driver | bridge |
| Subnet | 172.18.0.0/16 |
| Gateway | 172.18.0.1 |
| IP Range (dynamic pool) | 172.18.0.128/25 (.128–.255) |
| Static reservation block | 172.18.0.2 – 172.18.0.127 |
The --ip-range constrains Docker's auto-allocation to .128–.255. Anything pinned via compose ipv4_address outside that range is conflict-free. Set up 2026-05-17 after the collision incident in incidents/2026-05-17-traefik-ip-collision.md.
Recreate Command
If the network is ever lost (Docker reset, accidental docker network rm):
docker network create \
--driver bridge \
--subnet 172.18.0.0/16 \
--gateway 172.18.0.1 \
--ip-range 172.18.0.128/25 \
dockerproxy
After recreating, compose-managed containers reconnect via docker compose up -d. Standalone containers need docker network connect [--ip <static>] dockerproxy <name>.
Static Assignments (2026-05-17)
| IP | Container |
|---|---|
| .1 | (gateway) |
| .3 | traefik |
| .6 | dockersocket |
| .8 | authentik-worker |
| .9 | authentik |
| .10 | postgresql17 |
| .14 | Redis |
| .15 | vaultwarden |
| .16 | actual-budget |
| .18 | Uptime-Kuma-API |
| .19 | AutoKuma |
| .20 | UptimeKuma |
| .21 | speedtest-tracker |
| .22 | obsidian-livesync |
| .23 | SeekAndWatch |
| .25 | karakeep |
| .26 | transmission |
| .31 | gitea |
| .32 | woodpecker-server |
| .33 | woodpecker-agent |
| .43 | radarr |
| .44 | sonarr |
| .45 | prowlarr |
| .50 | dockhand |
| .53 | n8n |
| .60 | overseerr |
| .61 | plex_debrid |
| .62 | zurg |
| .63 | zurg-rclone |
| .65 | xtrm-agent |
| .66 | kasm |
| .70 | ewa-apps |
| .128+ | dynamic pool (traefik-manager landed here) |
Adding a New Service
- Pick a free IP in
.2–.127(or omit and accept dynamic.128+) - In compose:
services: myservice: networks: dockerproxy: ipv4_address: 172.18.0.X networks: dockerproxy: external: true - Append to the table above and commit.
Snapshot of Pre-Recreate State
On Unraid: /root/dockerproxy-recreate-2026-05-17/
network-before.json— fulldocker network inspectoutputstate.tsv— per-container name/static-IP/runtime-IP/status/restart-policycontainers.txt— sorted container list (32 entries)