Hi @all,
i have multiple docker containers running in one jail with jailmaker.
Two of them are internal only, so nothing to worry about, but the other one, a jellyfin instance is / should be placed in a dmz vlan behind a web application firewall and accessable from the internet.
To realize this in the same container i added, in my case the vlan interface from truenas:
jlmkr edit docker
The last line of the “systemd_nspawn_user_args=” section i added my dmz interface:
--network-macvlan=vlan666
After this i saved the file and entered the docker shell:
jlmkr shell docker
cd /etc/systemd/network
Then i did:
mv mv-dhcp.network mv-dhcp-<your_network_interface>.network
cp mv-dhcp-<your_network_interface>.network mv-dhcp-vlan666.network
I edited the vlan666.network file to static ip:
[Match]
Virtualization=container
Name=mv-vlan666
[Network]
#DHCP=yes
#LinkLocalAddressing=ipv6
DHCP=false
Address=192.168.x.x #add your address here
Gateway=192.168.x.x #add your gateway here
[DHCPv4]
UseDNS=true
UseTimezone=true
After a reboot everything should be fine but there should be a new nic in the jail. In my example mv-vlan666.
Now you have to edit the dockge compose files and add the ip you want the container to listen to:
ports:
- 192.168.x.x:8096:8096
- 192.168.x.x:8920:8920
After a restart of the container it should listen to the specified ip. You should do this to all container images running in the jail.
I hope this helps someone!
Greetings,
piccolo