I’m trying to use container network mode and port publishing and having problems.
Here is an example docker-compose that shows the problem:
services:
tinyproxy:
image: docker.io/kalaksi/tinyproxy
network_mode: "container:wireguard"
volumes:
- ./tinyproxy-etc/tinyproxy.conf:/etc/tinyproxy/tinyproxy.conf
# # If not using docker-compose for secrets, you can still manually mount a file containing the password.
# - ./secrets/auth_password:/run/secrets/auth_password:ro
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE #optional
network_mode: "bridge"
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- LOG_CONFS=true #optional
volumes:
- ./wg_config:/config
- /lib/modules:/lib/modules #optional
ports:
- 8888:8888
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
Note: The wireguard container network stack is shared with tinyproxy, and it exposes port 8888 (which tinyproxy listens to).
On my system, wireguard and tinyproxy both get docker ip address 172.17.0.3.
If I direct a query to 172.168.1.0.3:8888, it works!
If I direct a query to <host-ip>:8888
it times out and tinyproxy never gets invoked.
I’m GUESSING that docker wants to route the query to the wireguard container, not the tinyproxy container, which causes the hang.
Everything I read says it should work, but it doesn’t. Any ideas?
Thanks!
Testing the tinyproxy from the host times out:
curl --proxy <host-ip>:8888 http://google.com
Testing the tinyproxy from its IP addr works!:
curl --proxy 172.17.0.3:8888 http://google.com