Description
Actually there is a similar closed issue 45096 which has been moved to a discussion due to that reason.
We are thinking that this is not related to Traefik specific issue because the problem exists if you run haproxy, httpd or nginx applications and it is related how you run the docker container.
Reproduce
It works if you run the following docker container:
docker run --rm -d --name without_ip -p 7000:80 httpd
docker logs -f without_ip
# Then curl the server to that port
curl <hostname>:7000
but it returns docker internal IP, if you run the same docker container with a Server IP:
docker run --rm -d --name with_ip -p <server_ip>:7001:80 httpd
docker logs -f with_ip
# Then curl the server to that port
curl <hostname>:7001
Expected behavior
Rootless Docker with slirp4netns to show client IP's instead of Docker internal IP's.
We would like to be able to expose an application to a specific Server ip and not to all of them (0.0.0.0).
docker version
Client: Docker Engine - Community
Version: 24.0.2
API version: 1.43
Go version: go1.20.4
Git commit: cb74dfc
Built: Thu May 25 21:53:24 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 24.0.2
API version: 1.43 (minimum version 1.12)
Go version: go1.20.4
Git commit: 659604f
Built: Thu May 25 21:51:50 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.21
GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc:
Version: 1.1.7
GitCommit: v1.1.7-0-g860f061
docker-init:
Version: 0.19.0
GitCommit: de40ad0
rootlesskit:
Version: 1.1.0
ApiVersion: 1.1.1
NetworkDriver: slirp4netns
PortDriver: slirp4netns
StateDir: /tmp/rootlesskit18755427
slirp4netns:
Version: 1.2.0
GitCommit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
docker info
Client: Docker Engine - Community
Version: 24.0.2
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.10.5
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.18.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
scan: Docker Scan (Docker Inc.)
Version: v0.23.0
Path: /usr/libexec/docker/cli-plugins/docker-scan
Server:
Containers: 4
Running: 4
Paused: 0
Stopped: 0
Images: 4
Server Version: 24.0.2
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: false
userxattr: true
Logging Driver: syslog
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: builtin
rootless
cgroupns
Kernel Version: 5.14.0-162.23.1.el9_1.x86_64
Operating System: AlmaLinux 9.2 (Turquoise Kodkod)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.751GiB
Name: linctron.mkinet.net
ID: LO3O:SAAZ:A4FE:K57B:6YAY:TOUC:S6ST:VYE6:R3BS:VKX6:WJWA:TKDG
Docker Root Dir: /var/local/docker/ingress/.local/share/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpu shares support
WARNING: No cpuset support
WARNING: No io.weight support
WARNING: No io.weight (per device) support
WARNING: No io.max (rbps) support
WARNING: No io.max (wbps) support
WARNING: No io.max (riops) support
WARNING: No io.max (wiops) supportAdditional Info
After checking slirp4netns there is an option (--outbound-addr) to define preferred outbound ipv4/ipv6 addresses or interface names.
Could we provide an environment variable for dockerd-rootless.sh script like DOCKERD_ROOTLESS_ROOTLESSKIT_OUTBOUND_ADDR so to be able to define an ip address/network interface ?
Could we use/check pasta network driver because it handles differently the network interfaces and this probably fixes the exact problem with the Docker Internal IP instead of the client IP.
Description
Actually there is a similar closed issue 45096 which has been moved to a discussion due to that reason.
We are thinking that this is not related to Traefik specific issue because the problem exists if you run haproxy, httpd or nginx applications and it is related how you run the docker container.
Reproduce
It works if you run the following docker container:
but it returns docker internal IP, if you run the same docker container with a Server IP:
Expected behavior
Rootless Docker with slirp4netns to show client IP's instead of Docker internal IP's.
We would like to be able to expose an application to a specific Server ip and not to all of them (0.0.0.0).
docker version
Client: Docker Engine - Community Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:53:24 2023 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 24.0.2 API version: 1.43 (minimum version 1.12) Go version: go1.20.4 Git commit: 659604f Built: Thu May 25 21:51:50 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.21 GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8 runc: Version: 1.1.7 GitCommit: v1.1.7-0-g860f061 docker-init: Version: 0.19.0 GitCommit: de40ad0 rootlesskit: Version: 1.1.0 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: slirp4netns StateDir: /tmp/rootlesskit18755427 slirp4netns: Version: 1.2.0 GitCommit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383docker info
Additional Info
After checking slirp4netns there is an option (--outbound-addr) to define preferred outbound ipv4/ipv6 addresses or interface names.
Could we provide an environment variable for dockerd-rootless.sh script like
DOCKERD_ROOTLESS_ROOTLESSKIT_OUTBOUND_ADDRso to be able to define an ip address/network interface ?Could we use/check pasta network driver because it handles differently the network interfaces and this probably fixes the exact problem with the Docker Internal IP instead of the client IP.