Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.7K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.5

Suzanne Aldrich (she/her)

I need to take a step back and reassess my network setup. Here’s what I have:
• Proxmox VE running on a mini PC, directly connected to my router (no VLANs).
• The Proxmox host has a single virtual adapter with a static private IP, which is also reserved on the router.
• A Cloudflared LXC (running in Proxmox) with its own reserved private IP on the same subnet as the Proxmox host.
• A VM on the same subnet running Docker, where the containers are on a user-defined bridge network, but this bridge network is on a different subnet than the host.

My goal:

I want the Cloudflared LXC to properly route public hostname(s) to the appropriate Docker containers (which provide public services) on the VM.

The challenge:

Since the Docker containers are on a different subnet than the VM itself, how should I structure my networking so that:
1. Cloudflared can route requests correctly to the Docker services.
2. The setup remains clean and maintainable.

What’s the best approach to configure this? Should I adjust Proxmox networking, use additional routes, or take a different approach?

#homelab#proxmox#LXC
Feb 18, 2025, 03:42 PM·Public·Ivory for iOS
2boosts·4favorites
Quiet public
Will Glynn

@suzannealdrich I would run `cloudflared` as a container next to the service(s) it's exposing. There's no harm in running multiple instances, even on the same host.

Public
Suzanne Aldrich (she/her)

@willglynn ok so I think what you’re saying is have another tunnel in the docker. The outside tunnel is still useful for setting up my private network tunneling for the proxmox host itself.

Quiet public
Will Glynn

@suzannealdrich Yep! The Dockerized `cloudflared` can address containers by name or by alias, while the LXC `cloudflared` can keep doing whatever it's doing.

Quiet public
Daniel Lakeland

@suzannealdrich
Do I understand that you have multiple subnets on the same layer 2 domain instead of having a clan for each subnet? Things are gonna be weird with that setup. It's not impossible but it's weird. I recommend going ahead and doing the VLANs, and then each subnet has its own virtual adapter and bridge on the Proxmox and routing and such are very normal.

Quiet public
Emil "AngryAnt" Johansen

@suzannealdrich Can you pass a full network adapter to a Docker container? I use systemd containers and this is how I have containers in VMs sitting on a VPN routed subnet.

So from PVE I have two network adapters assigned to the VM - one configured to connect to the routed network and one on a management network. Inside the VM, the management network adapter is used as default ethernet, while the other is passed to the container.

Quiet public
Emil "AngryAnt" Johansen

@suzannealdrich My goal with that setup is to minimise the amount of network details configured in the container setup & VM. All the VM knows is that one atapter is for itself and the other for the container.

The implementation details are handled on PVE and the router.

Quiet public
Hannes Deeken

@suzannealdrich Put a reverse proxy (as container, less hassle) on the Docker VM. caddy & traefik come to mind, but there are many more. Use what you feel comfortable with.

I am a bit partial to traefik 😉

ExploreLive feeds
About