I have a docker application running on a server (.80) on network with separate hardware/server (.50) it will need to send data to over UDP. The controller
service (running on .80) acts as an API exposed on 8000 that is accessible on network by opening ports in firewalld (on .80). firewall-cmd --permanent --add-port=8000/tcp
Additionally, the controller
service when posted to/curled does some data processing under the hood before sending UDP data packets out to .50 on a UDP socket exposed at 239.0.0.5:7775.
When running the controller
service in docker bridge network / custom network (.80) I am able to access the controller API as desired, but am unable to get the UDP packets sent out of .80 / received by UDP application running on .50
version: '3.5'
networks:
m-serve: {}
volumes:
redis-dev_database: {}
services:
redis:
image: localhost:5000/redis:latest
hostname: redis
networks:
- m-serve
ports:
- 6379
volumes:
- type: volume
source: redis-dev_database
target: /etc/redis/database
volume:
nocopy: true
controller:
image: localhost:5000/controller:latest
networks:
- m-serve
ports:
- 8000:8000
environment:
- REDIS_HOST=redis
I am able to get around this and successfully push data out to the UDP socket on .50 server (239.0.0.5:7775), if I am running my services in network mode = “host” (6379 and 8000 are exposed as part of the docker image build, thus making them accessible to anyone on host, despite not defining in compose):
version: '3.5'
volumes:
redis-dev_database: {}
services:
redis:
image: localhost:5000/redis:latest
network_mode: host
volumes:
- type: volume
source: redis-dev_database
target: /etc/redis/database
volume:
nocopy: true
controller:
image: localhost:5000/controller:latest
network_mode: host
environment:
- REDIS_HOST=localhost
However, this is likely less secure and not desirable since the redis service is no longer isolated in bridge network, and is available to anyone on the host machine (.80). My hunch is that it works for controller
service sending UDP out, because it inherits some network configuration/routing/resolution configured in host that I am missing.
My system engineering / networking isn’t great, so my specific question: Is there a way to run the controller
service on docker bridge network, but enable communication/access to UDP socket exposed by the other hardware/server running on network?
Or if I’m stuck running controller
on host network in order to keep communication to other hardware running services I need to send UDP packets to, is there a more secure way to compose redis so controller can connect, but not everyone on host system has access/ability to connect to redis?
Please let me know if I’ve missed networking pieces needed to help diagnose and I will update this post!