Playing with docker in an app-vm

[Opal Raava]

Hi all,

I've not seen many docker posts, but for the heck of it I'd like to report on how I made an app-vm that has a website running in docker and reachable by everything connected to sys-firewall.

1) install docker in fedora-24, dnf install docker

2) create the new appvm, I called it 'docker'

3) in that app-vm in /rw/config/rc.local, i put:

rm -rf /var/lib/docker
ln -s /home/user/docker /var/lib/docker
systemctl start docker

, and I made the dir in /home/user/docker
now as root i can use 'docker ps' and everything.

4) networking, making 'docker' visible:
on docker app-vm in /rw/config/qubes-firewall-user-script, i put:

iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT

on sys-firewall, in /rw/config/qubes-firewall-user-script, i put:

iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT

Ok, that's all i have on docker, and it works great.

[Opal Raava]

Edit: your network is perhaps different from 10.137.2.0/24, sorry

[Grzesiek Chodzicki]

10.137.2.0?24 is the IP addres of your sys-firewall machine, right? I'm trying to apply a similar configuration to my qubes instance.

[Opal Raava]

Yea, it's the network provided by sys-firewall. I look at the ip number of an appvm using sys-firewall to figure out my net(mask)

[Opal Raava]

10.137.2.0/24 is a network specification of all hosts, a way of saying 10.137.2.*, i dont think the ip number of the sys-firewall comes into it. Its probably got an ip of 10.137.2.1 orso

[dba...@gmail.com]

Hello Opal Raava.

Thanks for this post.
I am newbie in Qubes OS.
I'd like to create an appVM having an HTTPS (Port 443) website running in docker.
When i start the docker container i set the following option : -p 2443:443

But, i failed with configurating sys-firewall, and my browser refuses to access to the https website.


Did you met this case ?

Thanks for you ideas around the sys-firewall/https forward.

Regards

Mac