Docker Network Exposer
Using Docker on a non-Linux host has its own shortcomings. Due to the way networking is implmeneted in Docker for Mac/Windows, no bridge interface is created on the host. That makes it impossible to access containers in a user-defined bridge from the host machine (as one would do in Linux) without exposing containers' ports.
Docker Network Exposer (DNE) aims to boost developers' productivity by doing the following:
- Running an OpenVPN server that makes it possible to seamlessly access a Docker network from the host machine.
- Generating an additional hosts file that can be used by Dnsmasq to resolve Docker container names on the host machine.
- Docker 18.06.0+ with docker-compose 1.22.0+
- An OpenVPN client (such as Tunnelblick or the official client)
- Dnsmasq 2.48+
Add the following service definition to your
dne: image: fardjad/docker-network-exposer init: true volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /path/to/store/openvpn/client-config:/etc/openvpn/client-config - /path/to/store/dnsmasq/addn-hosts:/opt/docker-network-hosts/addn-hosts cap_add: - NET_ADMIN ports: - '1194:1194'
And adjust volume mappings for the following directories:
DNE will generate an OpenVPN client config in this directory. The generated config should be imported into the OpenVPN client software.
A hosts file will be written to this directory and gets removed once DNE container is (gracefully) stopped. One can optionally run a Dnsmasq server on the host machine, configure it to forward queries to some upstream servers, instruct it to use the additional hosts files in the abovementioned directory, and finally configure the host machine to resolve DNS queries through Dnsmasq (a minimal example config can be found here).
NOTE: Dnsmasq service needs to receive a SIGHUP signal in order to reload the settings.
Once Dnsmasq is configured and the host machine is connected to the VPN, containers on the same Docker network as DNE will be accessible by their names, ids and aliases.
When exposing more than one Docker network at once, you'll most likely want to override the following environment variables:
OVPN_NETWORK_CIDR: This variable defaults to
10.8.0.0/24and specifies the OpenVPN subnet to draw client addresses from. A different subnet must be chosen for each Docker network.
OVPN_PORT: Defaults to
1194and specifies the port that OpenVPN server listens on. The chosen value will also be used as the port number in the generated OpenVPN client config file.
A full list of overridable environment variables can be found here.