Docker Community Forums

Share and learn in the Docker community.

Using firewalld to get docker to use secondery IP

I have a secondary IP on my NIC and want to use it for docker. This is because Virtualmin is on the server and using the primary one. I am putting a Nginx reverse proxy on docker.

So the ip addr is


2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 2c:4d:54:43:92:df brd ff:ff:ff:ff:ff:ff
inet xxx.yyy.204.107/22 brd 213.171.207.255 scope global enp7s0
valid_lft forever preferred_lft forever
inet xxx.yyy.205.143/22 brd 213.171.207.255 scope global secondary enp7s0:0
valid_lft forever preferred_lft forever
inet6 fe80::2e4d:54ff:fe43:92df/64 scope link
valid_lft forever preferred_lft forever

4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b8:95:f0:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:b8ff:fe95:f0d5/64 scope link
valid_lft forever preferred_lft forever

First I tried specifying the ip in /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd --ip=xxx.yyy.205.143 -H fd:// --containerd=/run/containerd/containerd.sock

And that did not work, then I tried to set up a SNAT in firewalld

firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -d 172.17.0.1/16 -p all -j SNAT --to xxx.yyy.205.143

And that also did not work. By did not work I mean when I try to bring up a container I get

ERROR: for nginx-proxy Cannot start service nginx: driver failed programming external connectivity on endpoint nginx-proxy (8ff3c6a6edd2891470e027702be6221d0db6e2578652b2e3734990027106c0c2): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use

ERROR: for nginx Cannot start service nginx: driver failed programming external connectivity on endpoint nginx-proxy (8ff3c6a6edd2891470e027702be6221d0db6e2578652b2e3734990027106c0c2): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
ERROR: Encountered errors while bringing up the project.
[/code]

If I shutdown apache it works OK so the error is port 80 is in use (I think).

So any idea how I do this, use the secondary IP with docker. I think it is done with the firewall but there may be a better approach.