Docker Image Question

philippehebert · August 23, 2023, 4:49pm

So I bought a new NAS and am doing a fairly large upgrade. As part of this I want to move Channels into Docker. My network is a bit complicated and I am looking at using macvlan to expose the docker image to my local network. Everything in channels appears to work but I need to set some routes for the container. Looking at the docker image layers and the scripts within the container, I don't see an easy way to do this. Would the best answer be to do one of the following:

Extend the image and update run.sh to do what I need
Update command from my docker file to call my script before run.sh
Hope that @maddox or @tmm1 sees a general need and could update the image

maddox · August 23, 2023, 5:02pm

I'm not sure what you mean by this.

philippehebert · August 23, 2023, 5:05pm

I need to change the default route for the container to a different IP to route it thru a VPN device while maintaining different routes for different subnets I have, e.g. I keep my IoT devices separate from my main network.

racameron · August 23, 2023, 5:06pm

You need to define that in the network you assign to the container. You can create arbitrary networks, and then have Docker use those. Look at the documentation for docker network and its subcommands:

philippehebert · August 23, 2023, 5:10pm

I believe that assumes everything that needs to interface with Channels is a docker container and that doesn't hold true in my setup. I put Channels on my main network by following this guide:

The guide gets around needing --net=host and allows the docker container to pretty much be a fully on my network but my last stumbling block is the VPN hardware device I have in my network for my road warrior type setup.

racameron · August 23, 2023, 7:37pm

Without more/explicit details about what exactly needs to be routed differently, I can't offer more help. But I can't see how moving the networking inside the container fixes your issue at this point in time.

philippehebert · August 23, 2023, 8:13pm

So I am prototyping still so this is a bit rough but here is where I am at to give you a full picture. I need to do the following (assuming the local network is 192.168.1.160/24):

Have Channels DVR clients in the 192.168.1.0/24 subnet work fine with Bonjour
Have Channels DVR clients in the 192.168.1.101.0/24 subnet work fine but without Bonjour browsing
Set the default route to a hardware based VPN device at 192.168.1.160 so that any outbound connections Channels makes go thru the VPN

I think I have it working but I think it is a bit ugly and would love less of a hack.

I manually created a docker network so that the container is on the 192.168.1.0/24 subnet directly:

docker network create -d macvlan -o parent=eth4 \
  --subnet 192.168.1.0/24 \
  --gateway 192.168.1.1 \
  --ip-range 192.168.1.192/27 \
  --aux-address 'host=192.168.1.223' \
  macvlan

I setup my docker compose like this to do the following:

set NET_ADMIN to allow route setting
changed the startup command to run a script I put into the container
added a script to the container that is the startup script so I could set routes
attached the macvlan network to the container

services:
 channels-dvr:
  image: fancybits/channels-dvr:tve
  container_name: channels-dvr
  networks:
    - local_lan
  restart: unless-stopped
  command: /bin/sh -c /startup.sh
  cap_add: 
    - NET_ADMIN
  volumes:
    - /volume1/docker/channels/config:/channels-dvr
    - /volume1/docker/channels/startup.sh:/startup.sh

networks:
  local_lan:
    name: macvlan
    external: true

My startup script looks like:

#!/bin/sh

ip route del default
ip route add default via 192.168.1.160
ip route add 192.168.101.0/24 via 192.168.1.161
ip route show

/bin/sh -c /run.sh

Everything starts and appears to do what I want but is kinda ugly as I had to patch in a new script.

Here is the docker logs showing that it does setup the routes and Channels does start:

=> sudo docker logs channels-dvr
default via 192.168.1.160 dev eth0
192.168.1.0/24 dev eth0 scope link  src 192.168.1.192
192.168.101.0/24 via 192.168.1.161 dev eth0
Running Channels DVR..

Looking for a better way than this!

slampman · August 24, 2023, 2:46pm

I am not a docker expert but this may help. I use 2 channels servers, one is a physical box (192.168.12.30) and the other is a docker container (Docker server 192.168.12.40). The docker container is on its own private network and it routes all traffic through a VPN Container (Gluetun 10.12.12.2). The physical server pulls the channels from the VPN docker container via m3u using a url "http://192.168.12.40:8089/devices/ANY/channels.m3u?format=ts"
Port 8089 on 192.168.12.40 is mapped to the internal VPN docker container on 10.12.12.2. It works great, no transcoding, no delays, etc.

Marino13 · August 24, 2023, 4:00pm

This is very similar to how I have mine setup. I also have separate VLAN's for IoT, NoT and guests and I have never had a problem accessing Channels local or remote. I use firewall rules to keep the other VLAN's off my main network VLAN.

system · August 23, 2024, 4:00pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.