Installed an nginx container with 2 network interfaces - how to prioritize one

I have created 2 macvlan networks, called network-50 with IP 192.168.50.202 and network-0 with IP 192.168.0.202. When attaching the container to these networks I gave the higher priority to network-50.

BUT

http://192.168.50.202/ says “ERR_NETWORK_CHANGED”
http://192.168.0.202/ works

  1. Any idea how I should tell to ngnix to listen to port 80 on network-50 instead of network-0? (and better, listen to both)
  2. How can I prioritize one network interface versus the other? Tell to my container to use the gateway of network-0 instead of the one from network-50?

For reference here is my docker compose

services:
  nginx:
    container_name: nginx
    image: nginx:latest
    volumes:
      - nginx_data:/usr/share/nginx/html
    restart: always
    networks:
      network-50:
        ipv4_address: 192.168.50.202
        priority: 1000
      network-0:
        ipv4_address: 192.168.0.202

volumes:
  nginx_data: 
    external: true

networks:
  network-50:
    external: true
  network-0:
    external: true

And the output of network inspect if relevant

❯ docker network inspect network-50
[
    {
        "Name": "network-50",
        "Id": "fcb3d813e6caf0b42fe275e92d8d507c4e943e3d617db86a9cb985974e2141d7",
        "Created": "2025-02-02T11:49:50.736767209Z",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.50.0/24",
                    "IPRange": "192.168.50.0/24",
                    "Gateway": "192.168.50.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "675f021999b43d646105cc690b1997b3198ecd6a1fb47a13924d58b0ee8f6063": {
                "Name": "nginx",
                "EndpointID": "bc016ca206c30cfeb27c855c9633e42135a096b0a97940bd7d2fc420bd14611c",
                "MacAddress": "02:42:c0:a8:32:ca",
                "IPv4Address": "192.168.50.202/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "enp6s18"
        },
        "Labels": {}
    }
]

I’m not sure I understand the question. Nginx listens on each available IP addresses. There is no “priority” for that. If MacVLAN IPs don’t work, that has probably nothing to do with priorities.

Actually you are right. There was strangely an IP conflict on 202.

However I still have one question remaining: how do I define which gateway to choose between the network-50 gateway and the network-0

I ran a bit more tests and noticed that the docker container will use the gateway of the first network using alphabetical order.

If I use network-0 & network-50 => 192.168.0.1 (network-0)
If I use network-A0 & network-50 => 192.168.50.1 (network-50)

Is there a way to set it up in docker compose?

If the container has the ip tools I can always connect to the container (or run a script) to update the default route. But its not the case of nginx.

If priority didn’t solve that either, I don’t know. I never use MacVLAN as I never had a separate IP address for all of my processes running on my machine. Thre are some cases when MacVLAN could be needed, but I never needed the kind of apps that could require it. In case of the bridge network, I and multiple IP addresses available on the host, I would link this topic

But I’m not sure about MacVLAN. For outgoing traffic, normally on a host machine you would configure the routing table with NetPlan or manually with “ip route” commands. But I never needed to change it in containers. If “priority” controlls which network the container is connected to first, that would be my first thought

There isn’t a way to force default gateway selection at the moment. As you spotted, it’s just alphabetical order (plus some rules about dual-stack and internal networks).

But, the upcoming moby 28.0 release the CLI will get a gw-priority option, and Compose will have an equivalent.

3 Likes

OK, that’s very clear thanks.

Do you have any idea when docker 28 would be available?


(Post translated by moderators)

We’re currently hoping to ship 28.0 on Wednesday next week, with a first release candidate maybe-today … those might slip, but it should be available fairly soon.

(With apologies for replying in the wrong language!)