-
-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chains INPUT vs DOCKER-USER - a way to cohabit #46
Comments
Thanks for sharing. Just an untested idea: Wouldn't this work as well?
Actually, |
Well, i've just tried with Regarding the network mode, it doesn't change whatever is the default chain. if it helps here is my docker-compose, which works with input and docker-user, and is just using what in the example folder:
|
Great! Thanks for your feedback 👍 |
Hi guys, I will reconsider the implementation and probably remove the |
@alexschomb @gauth-fr |
Behaviour
This is more a feedback than a bug report, but, if i'm right, maybe the doc should be updated (if im right only :) )
In the doc, you explain that the chains INPUT & DOCKER-USER cannot cohabit together in the same instance, and that we should use 2 different instances.
In my case, since it was breaking my b*** to have 2 instances, i digged a bit and dit the following.
`[traefik-auth]
enabled = true
logpath = %(traefik_access_log)s
port = http,https
action = %(action_)s[chain="DOCKER-USER"]
findtime = 600
maxretry = 3
bantime=1w
[traefik-botsearch]
enabled = true
logpath = %(traefik_access_log)s
maxretry = 1
bantime=4w
port = http,https
action = %(action_)s[chain="DOCKER-USER"]
...`
So basically, i'm using the default action (in this case iptables-multiport) but asking to use the chain DOCKER-USER for those jails.
You could of course, swap the 2 chains, setting DOCKER-USER as default and use INPUT when need (which would actually make more sense in my case as i have more docker jails than input jails.. but well, it's working)
So far, it's working ok.
Again, thank you for your great images!
Steps to reproduce this issue
Expected behaviour
Actual behaviour
Configuration
docker --version
) :docker-compose --version
) :uname -a
) :docker-compose.yml
,.env
, ...Docker info
Logs
The text was updated successfully, but these errors were encountered: