HowTo:Docker 172 Fix

From Computer Science Wiki
Revision as of 11:04, 11 December 2025 by Rhunter (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Background

VT uses a chunk of the 172 private network address space for it's internal private addressing. Docker comes pre-configured to also uses 172.17.0.0/12 which will cause the internal system to ignore any external 172.17.x.x/12 address trying to access the system. To fix this you need to reconfigure your docker to use a different address space like 192.168.x.x/16 or a 10.1.x.x/16 (tech also uses 10.6+.x.x for their networking so this is less safe although 10.5 and lower are guaranteed to be free).

The Fix

To apply the docker fix on the machine running docker, create a file called /etc/docker/daemon.json with the following: 

{
  "default-address-pools":
  [
    {"base":"10.1.0.0/16","size":24}
  ]
}

Followed by:

sudo service docker restart

Docker exposed ports Fix

Background

Docker ignores most firewall rules and opens ports directly to the external network interface. Certain ports should NEVER be exposed like Databases and Administrative services.


The Fix

Instead of globally defining the port (which also opens it externally): 

  docker run -p 6379:6379/tcp redis # !!! WRONG !!!

Bind the port to the localhost only using the following: 

  docker run -p 127.0.0.1:6379:6379/tcp redis
Retrieved from "http://wiki.cs.vt.edu/index.php?title=HowTo:Docker_172_Fix&oldid=4953"