From 7fb637509b9f940397f5bbb3e510b1180d5f12fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Lov=C3=A9n?= Date: Sat, 21 Aug 2021 23:29:17 +0200 Subject: [PATCH] Add network description to readme. --- README.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/README.md b/README.md index 7d40e94..383e514 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,47 @@ TRAEFIK_CERTIFICATERESOLVERS_LE_ACME_EMAIL=... The value of those depend on your setup and can be found in the Traefik and Authelia documentation. +## Networks +For the docker setup of my home server, I have create four specific docker networks + +### LAN +A macvlan network with full network and internet access +Containers on this network will be provided an IP on my local home LAN and have direct access to it as if they were using the Host network setting. + +Containers get IPs in the range 192.168.1.128-192.168.1.254 + +``` +subnet: 192.168.1.0/23 +range: 192.168.1.128/25 +gateway: 192.168.0.1 +parent: eno1 +``` + +### IOT +A macvlan set to my VLAN for IOT things. Machines on this do not have access to the LAN or to the internet, with a few exceptions (ex. NTP server access). + +Containers get IPs in the range 192.168.2.9-192.168.2.127 + +``` +subnet: 192.168.2.0/24 +range: 192.168.2.0/25 +gateway: 192.168.2.1 +parent: eno1:10 +``` + +### GUEST +A macvlan set to my VLAN for guest WIFI. Machines on this have access to the internet, but not to the local LAN. + +``` +subnet: 192.168.5.0/24 +range: 192.168.5.0/26 +gateway: 192.168.2.1 +parent: eno1:20 +``` + +### WEB +A bridge network for containers that shall be accessible by web interface. Routed by Traefik. + ## Lessons learned - Authelia will ONLY work with https. Both the authelia url itself and the one being authenticated must be https.