This is a school project.
This repository contains all configuration files necessary to configure a few different services (SIP, mail, web, etc.) on docker.
Description of the configuration used
We had to deloy this configuration on two vps hosted by OVH. They were both running :
- Ubuntu 16.04.2 LTS.
- Docker 17.03.1-ce, build c6d412e
- Docker engine 1.27
- Docker compose 1.13, build 1719ceb
We need to disable iptables for Docker to avoid to prevent them interfered with ours.
For this, simply a config file for the docker.service of systemd.
- Create a
# mkdir /etc/systemd/system/docker.service.d
- In this folder, create a file
/etc/systemd/system/docker.service.d/noiptables.confand copy these lines in.
[Service] ExecStart= ExecStart=/usr/bin/docker daemon -H fd:// --iptables=false
- Reload systemd manager configuration
# systemctl daemon-reload
# systemctl restart docker
We need to edit kernel parameters for enable ip packet forwarding and disable IPv6.
So, we'll be able to routing packets between the different subnets.
Moreover as we only work with IPv4, we avoid security gap with IPv6.
Copy the file
Restart the system to apply these settings.
docker-composecommand for create all containers and networks associated.
$ git clone https://github.com/docknux/woodytoys.git $ cd woodytoys/ $ docker-compose up -d
- Find the name of the internet network interface and the three new network interfaces created by Docker.
$ ip addr show
- Update the 4 variables in the
vps-config/iptables.shwith the name of interfaces.
LAN="<to update>" DMZ="<to update>" DNS="<to update>" INTERNET="<to update>"
- Launch the
vps-config/iptables.shscript to enable iptables
- Check that all containers are up
$ docker ps -a
- Test if all goes well in following the wiki. And, it's okay, you can make everything persist.
TODO: iptables and docker