feat(traefik): add dnsmasq and listen on deterministic host-gateway addr

2024-08-27 11:39:36 +02:00 · 2024-08-27 11:39:36 +02:00 · 828db18bbe
parent 4db7d99f82
commit 828db18bbe
3 changed files with 59 additions and 4 deletions
--- a/docker/dnsmasq.conf
+++ b/docker/dnsmasq.conf
@ -0,0 +1,41 @@
+port=53
+
+# Using dnsmasq only for DNS resolution, not its DHCP server.
+no-dhcp-interface=eth0
+
+# If you don't want dnsmasq to read /etc/hosts, uncomment the following line.
+no-hosts
+
+# Prevent dnsmasq to read /etc/resolv.conf or any other file, getting its
+# servers from this file instead.
+no-resolv
+
+# Prevent dnsmasq to poll /etc/resolv.conf or other resolv files for changes and
+# re-read them.
+no-poll
+
+# Uses the upstream nameserver in the order they are provided. If the first
+# server doesn't reply, or can't answer, dnsmasq tries the next one and so on.
+strict-order
+
+# Prevent packets with malformed domain names from leaving the local network.
+domain-needed
+
+# Prevent packages with private IP addresses from leaving the local network.
+bogus-priv
+
+# Dnsmasq is not a DNSSEC validator, so it cannot perform the validation role of
+# the recursive nameserver, but it can pass through the validation results from
+# its own upstream nameservers. This option enables this behaviour.
+proxy-dnssec
+
+# If you want dnsmasq to change uid and gid to something other than the default,
+# edit the following lines.
+user=dnsmasq
+group=nogroup
+
+bind-interfaces
+log-queries
+
+# Include all files in a directory which end in .conf
+conf-dir=/etc/dnsmasq.d/,*.conf
--- a/docker/funkwhale.test.conf
+++ b/docker/funkwhale.test.conf
@ -0,0 +1,4 @@
+local=/test/
+address=/funkwhale.test/172.17.0.1
+rebind-domain-ok=/.test/
+domain=test
--- a/docker/traefik.yml
+++ b/docker/traefik.yml
@ -7,11 +7,21 @@ services:
      - ./ssl/test.key:/ssl/traefik.key
      - ./ssl/test.crt:/ssl/traefik.crt
    ports:
-      - "80:80"
-      - "443:443"
-      - "8040:8040"
+      - "172.17.0.1:80:80"
+      - "172.17.0.1:443:443"
+      - "172.17.0.1:8040:8040"
    networks:
-      federation:
+      - federation
+
+  dnsmasq:
+    image: jamesmorrison/dnsmasq
+    ports:
+      - "172.17.0.1:53:53/udp"
+      - "172.17.0.1:53:53/tcp"
+    volumes:
+      - ./dnsmasq.conf:/etc/dnsmasq.conf
+      - ./funkwhale.test.conf:/etc/dnsmasq.d/funkwhale.test.conf
+    network_mode: bridge

 networks:
  federation: