0


I’m currently in the middle of moving some infrastructure to containers from a ton of VM’s running simple things.

I’m trying to move our pihole DNS server to a container. All was working well, until I was alerted that one of our website redirects was not working correctly. One of our providers has a requirement to redirect all external traffic to a login page, and anyone who is on our subnet can go straight to the desired webpage. Our staff and public access pc's that are on our subnet are being redirected to the login page when they should not. The Apache2 webserver is still in a VM, and has not changed. The redirect has been working perfectly fine since we created it over a year ago. Until now atleast. Turning the pihole container off, and the pihole VM back on, the redirect starts working again. So, I am assuming the issue is with how Docker handles networking. Some context, I am running the container on macvlan, so that pihole is on our physical network, and not using the docker host IP. Not my choice … More of a requirement by my organization.
Piholes settings on both the VM and container are exactly the same. I have triple checked this and had someone look over it. Lets say the physical lan is 10.0.0.0/24 my docker network:

sudo docker network create --config-only --subnet 10.0.0.0/24 --gateway 10.0.0.1 -o parent=eth0 --ip-range 10.0.0.0/26 --aux-address 'host=10.0.0.10' my_macvlan_config
sudo docker network create -d macvlan --config-from my_macvlan_config --attachable my_macvlan_network
sudo ip link add macvlan_shim link eth0 type macvlan mode bridge
sudo ip addr add 10.0.0.10/32 dev macvlan_shim
sudo ip link set macvlan_shim up
sudo ip route add 10.0.0.0/26 dev macvlan_shim

docker host is 10.0.0.7
pihole(container) is 10.0.0.3
apache2 webserver is 10.0.0.2
Our apache2 server’s redirect looks like this, incase it helps:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^10\.0\.
RewriteCond %{REMOTE_ADDR} !^[REDACTED]
RewriteCond %{REMOTE_ADDR} !^[REDACTED]
RewriteCond %{REMOTE_ADDR} !^[REDACTED]
RewriteRule [REDACTED]\.html$ https://[REDACTED]

I tried adding my IP directly to the redirect exclusion list, but even that failed. It took me a while to figure out that the issue was coming from the container in the first place... since I wasn't expecting an HTTP redirect issue would be caused by anything other than the apache2 config.
Everything seems to be working fine, DNS resolution, adblocking, etc. Only the website redirect is failing when using the container instead of the VM.
Is there something with docker networking that could be causing issues?
Thank you in advance!

3
  • welcome, home and enduser question are offtopic on serverfault but might be on topic on superuser.com i flagged your quesiton for movement, which you should also do, so it will be transfered and linked to superuser
    – djdomi
    Commented Feb 27 at 10:45
  • @djdomi Hello and thank you. I'm confused, I was under the impression Serverfault was for IT professionals, not home lab/ programming questions. The issue presented here is on systems I administer at work. Thank you in advance for any clarification.
    – Tayotoka
    Commented Feb 27 at 20:15
  • you dont really (want to) have a pihole at work, if so, i suspect home equipment, that is being tried to be answered on a business relationship. And a PI hole is not a commonly used hardware. The User must be a Business Administrator and the envoirment must be in a business envoirment while respecting common IT practice.
    – djdomi
    Commented Feb 28 at 12:04

0

You must log in to answer this question.

Browse other questions tagged .