I'm currently developing a web app that includes a MariaDB (or possibly SQLite) and uses Traefik as a reverse proxy. I'm mainly utilizing Docker to create dynamic test environments. With Docker Compose, the stack registers automatically with Traefik, which is convenient. However, I'm wondering if it's worth sticking with Docker because it's becoming a hassle. I've run into an issue where I need the web app to make network calls from an IP address different from the server's default, and Docker is complicating things. I've tried using macvlan interfaces but they haven't worked for my needs, and my attempts with bridge networks and iptables have been unsuccessful due to my limited knowledge in that area. I fear that Docker might be overcomplicating my setup. I've already done a lot of research and experimented with various solutions, but I'm not finding anything that works. If anyone has a solid solution, please make sure it works before sharing since I've seen a lot of so-called solutions that do not actually resolve the issue. Any help would be much appreciated!
3 Answers
It sounds like you're in a pretty tricky situation, but there could still be options for you! First off, knowing why you need to make network calls from a different IP is crucial. That context can help others provide more relevant solutions. If you're trying to keep things secure and you're concerned about exposing your web app, maybe consider setting up a proxy that operates on the alternate network. We use a Squid proxy outside our perimeter for added security.
Honestly, the solution shouldn’t really depend on whether you're using Docker or not. Can you clarify your current network setup? It seems like you just need to set up a second interface and bind your app to that. However, keep in mind that if you bind your app to the new interface, it might become reachable through that IP—if you want to avoid that, you'll have to carefully manage your routing.
I'm a bit concerned about that too! I have a server with multiple IPs as well. Just adding it to the interface might not be what you need. I want everything to stay behind my reverse proxy but still use the secondary IP for outgoing traffic.
Are you looking to have Docker communicate with that other IP or access Docker from it? Seems like your primary goal is having your web app use that different IP for outgoing calls without exposing it externally.
Exactly! I just want my web app to make outbound calls from that secondary IP while keeping it hidden from incoming connections.
Sounds smart! I guess it's crucial for your proxy to only be accessible by those who need it.