jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd1c15cf6b9fcf65ba631f24a72fb3f108724a8f
infrastructure/docs/13-DOCKERPROXY-NETWORK.md
T
jazzymc dd1c15cf6b dockerproxy: redesign IPAM with static block + dynamic /25 pool 
Recreated dockerproxy network with --ip-range 172.18.0.128/25 so Docker
auto-allocations are isolated from the .2-.127 static reservation block.
Eliminates IP-collision class that caused the 2026-05-17 Traefik outage.

Adds 13-DOCKERPROXY-NETWORK.md as the canonical reference for the
network spec, recreate command, and current IP assignments.
2026-05-17 08:36:46 +03:00

92 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# dockerproxy Docker Network
User-defined Docker bridge on Unraid hosting Traefik and all reverse-proxied services. Defined imperatively (not in any compose file — stacks reference it as `external: true`).
## IPAM
| Property | Value |
|----------|-------|
| Driver | `bridge` |
| Subnet | `172.18.0.0/16` |
| Gateway | `172.18.0.1` |
| IP Range (dynamic pool) | `172.18.0.128/25` (.128.255) |
| Static reservation block | `172.18.0.2 172.18.0.127` |
The `--ip-range` constrains Docker's auto-allocation to `.128.255`. Anything pinned via compose `ipv4_address` outside that range is conflict-free. Set up 2026-05-17 after the collision incident in `incidents/2026-05-17-traefik-ip-collision.md`.
## Recreate Command
If the network is ever lost (Docker reset, accidental `docker network rm`):
```bash
docker network create \
--driver bridge \
--subnet 172.18.0.0/16 \
--gateway 172.18.0.1 \
--ip-range 172.18.0.128/25 \
dockerproxy
```
After recreating, compose-managed containers reconnect via `docker compose up -d`. Standalone containers need `docker network connect [--ip <static>] dockerproxy <name>`.
## Static Assignments (2026-05-17)
| IP | Container |
|----|-----------|
| .1 | (gateway) |
| .3 | traefik |
| .6 | dockersocket |
| .8 | authentik-worker |
| .9 | authentik |
| .10 | postgresql17 |
| .14 | Redis |
| .15 | vaultwarden |
| .16 | actual-budget |
| .18 | Uptime-Kuma-API |
| .19 | AutoKuma |
| .20 | UptimeKuma |
| .21 | speedtest-tracker |
| .22 | obsidian-livesync |
| .23 | SeekAndWatch |
| .25 | karakeep |
| .26 | transmission |
| .31 | gitea |
| .32 | woodpecker-server |
| .33 | woodpecker-agent |
| .43 | radarr |
| .44 | sonarr |
| .45 | prowlarr |
| .50 | dockhand |
| .53 | n8n |
| .60 | overseerr |
| .61 | plex_debrid |
| .62 | zurg |
| .63 | zurg-rclone |
| .65 | xtrm-agent |
| .66 | kasm |
| .70 | ewa-apps |
| .128+ | dynamic pool (traefik-manager landed here) |
## Adding a New Service
1. Pick a free IP in `.2.127` (or omit and accept dynamic `.128+`)
2. In compose:
```yaml
services:
myservice:
networks:
dockerproxy:
ipv4_address: 172.18.0.X
networks:
dockerproxy:
external: true
```
3. Append to the table above and commit.
## Snapshot of Pre-Recreate State
On Unraid: `/root/dockerproxy-recreate-2026-05-17/`
- `network-before.json` — full `docker network inspect` output
- `state.tsv` — per-container name/static-IP/runtime-IP/status/restart-policy
- `containers.txt` — sorted container list (32 entries)
Reference in New Issue View Git Blame Copy Permalink