Docker question about network

Hi
I was wondering if someone could shed on the issue im having, currently i have this docker-compose which im trying to give my container crowdsec an static IP but i keep getting an error

ERROR: for c0572b64cb76_swag  user specified IP address is supported only when connecting to networks with user configured subnets

ERROR: for swag  user specified IP address is supported only when connecting to networks with user configured subnets
ERROR: Encountered errors while bringing up the project
version: "2.1"
services:
  swag:
    build: .
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Bogota
      - URL=domain.co
      - SUBDOMAINS=admin
      - VALIDATION=http
      - MAXMINDDB_LICENSE_KEY=Wdexxxx
      - DOCKER_MODS=linuxserver/mods:swag-maxmind|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-crowdsec
      - CROWDSEC_API_KEY=70f1f70088xxxxxx
      - CROWDSEC_LAPI_URL=http://192.168.160.6:8080
      - ONLY_SUBDOMAINS=true
    networks:
      lsio:
        ipv4_address: 192.168.160.6
    volumes:
      - /swag:/config
    ports:
      - 443:443
      - 80:80
      - 81:81
    restart: unless-stopped

  crowdsec:
     container_name: crowdsec
     image: crowdsecurity/crowdsec:latest
     restart: unless-stopped
     depends_on:
       - swag
     networks:
       -  lsio
     environment:
       - COLLECTIONS=crowdsecurity/nginx
       - GID=1000
     volumes:
       -  /swag/log/nginx:/var/log/nginx
       - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
       - ./crowdsec/crowdsec-db:/var/lib/crowdsec/data/
       - ./crowdsec/crowdsec-config:/etc/crowdsec/
     security_opt:
      - no-new-privileges=true

networks:
  lsio:
   name: lsio
   driver: bridge
   ipam:
     driver: default
     config:
       - subnet: 192.168.160.0/24
         gateway: 192.168.160.254

It should work. How do you run the containers and what is the version of your Docker Compose? Is it on Linux (I guess it is), Windows or Mac? Is it Docker Desktop (probably not)?

It looks like you had two swag containers running. It happens sometimes when compose can’t properly start the containers and starts one with a prefix like above. I don’t exactly know why. I always just run docker-compose down and start the containers again.

thank you so much for the reply,
Correct i forgot to run docker-compose down
i re ran it
but still getting the issue

root@homelab:/swag# docker-compose up
Creating swag ... error

ERROR: for swag  user specified IP address is supported only when connecting to networks with user configured subnets

ERROR: for swag  user specified IP address is supported only when connecting to networks with user configured subnets
ERROR: Encountered errors while bringing up the project.

Please, answer the rest of the questions too.

hi there sorry forgot that part im using ubuntu 20.04LTS

Are you trying to use the same ip range your local lan has?

As @rimelek already pointed out, it should work like this for the swag service, if this indeed is a network private to the docker engine. If you answer aboves question with yes, then it would explain why it’s not working - then you might want to use the search term “macvlan” in the forum serach.

Just wanted to give you a heads-up up that your question is being discussed in the CrowdSec Discord - join using CrowdSec. The direct link is Discord

1 Like

Thanks for the reply, currently my LAN ip is 192.168.7.0/24
macvlan is when im trying to have the same LAN ip as the docker container?

i was able to change instead of IP i put the name of the container of crowdsec not sure why i didnt think of that first

thank you so much for asking on the discord channel but i realized that its better to put the name of the container instead of the IP

… now imagine you would have shared in the first post WHY you want to give it a static ip… the whole thread would’ve been way shorter.

Note: If you try to access another container by it’s internal ip, then it’s high likely it is something not ment to be done like that. DNS-based service discovery is there for a reason…

1 Like

yeah sorry for that not being clear i completely forgot i could resolve by name my bad :zipper_mouth_face: