Docker/Networking

From charlesreid1

Revision as of 23:31, 30 March 2017 by Admin (talk | contribs) (→‎Stunnel)

Setting up networking between containers and host.

Stunnel

Configuring

Stunnel networking configuration:

The stunnel server is running in a Docker container. Here is the stunnel server configuration file: 

# server config,
# stunnel server will listen for stunnel clients connecting on port 443
# traffic will be decrypted and forwarded to local port 22

output	= /var/log/stunnel4/stunnel.log
cert	= /etc/stunnel/stunnel.fullchain.pem
key		= /etc/stunnel/stunnel.key.pem
pid		= /var/run/stunnel4/stunnel.pid
client	= no
[ssh]
accept	= 443
connect = 127.0.0.1:22

Note this is the same as is in the d-stunnel repo on git.charlesreid1.com: https://charlesreid1.com:3000/docker/d-stunnel

Binding Ports 443 and 22

Stunnel server listens on port 443 (internal). This is mapped to port 443 (external) on the host using the -p 443:443 flag when executing docker run.

Stunnel forwards traffic on to 127.0.0.1 port 22. This port needs to be bound, somehow, to somewhere. Keep it simple: bind container port 22 (internal) to host port 22 (external) using -p 22:22 when executing docker run.

Running Container

Now the container should be started up, and stunnel should be run from within the container: 

$ ./run_docker.sh
root@localhost# stunnel
...
root@localhost#


Checking Container Networking

Use two commands to check that the container has been correctly bound to the two ports: 

$ nmap localhost
$ netstat -tulpn

Here is what the output of nmap looks like after running the Docker container: 

$ nmap localhost

Starting Nmap 7.01 ( https://nmap.org ) at 2017-03-30 23:27 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00012s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

And here is the output of the netstat command: 

$ netstat -tulpn
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -

Network Equals Host Flag

Note that you can also configure the container to share networks with the host, by adding --network=host when executing docker run.

Retrieved from "https://charlesreid1.com/w/index.php?title=Docker/Networking&oldid=15822"