Docker: Difference between revisions
fix formatting |
SummerTime (talk | contribs) Added section "Using Privileged Ports for Rootless Docker" |
||
| Line 291: | Line 291: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Using Privileged Ports for Rootless Docker === | |||
Rootless containers are not able to ports from 0 to 1023 as such port can only be used by privileged users. This problem can be solved by using port forwarding. | |||
Assume you'd like a rootless container to make use of ports 53 (DNS; TPC and UDP) and 80 (web; TCP). We may force the container to use port 8000 while the firewall is instructed for forward traffic from port 80 to 8000. Same logic applies for port 53. Refer to the following example:<syntaxhighlight lang="nixos"># Firewall | |||
networking.firewall = { | |||
enable = true; | |||
allowedTCPPorts = [ 80 8000 53 5300 ]; | |||
allowedUDPPorts = [ 53 5300 ]; | |||
}; | |||
boot.kernel.sysctl = { | |||
"net.ipv4.conf.eth0.forwarding" = 1; # enable port forwarding | |||
}; | |||
networking = { | |||
firewall.extraCommands = '' | |||
iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 80 -j REDIRECT --to-port 8000 | |||
iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 53 -j REDIRECT --to-port 5300 | |||
iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 53 -j REDIRECT --to-port 5300 | |||
''; | |||
};</syntaxhighlight>Whilst the docker-compose.yaml might look like this:<syntaxhighlight lang="dockerfile"> | |||
services: | |||
myserver: | |||
image: ... | |||
restart: always | |||
ports: | |||
- "5300:53/tcp" | |||
- "5300:53/udp" | |||
- "8000:80" | |||
</syntaxhighlight> | |||
<translate> | <translate> | ||