Here is an example of a docker-compose file that bridges the network of docker containers to the specified VLAN. Make sure you have bridged adapter to the VLAN network and change all the network settings that are bold.
As we’ve build our network we isolated every single application we run. For each device in our network we’ve set firewall rules to only allow services/protocols/ports that are mandatory for proper operations.
Quite a bit of overkill but in turn with some proper firewall rules, gives peace of mind…
version: "3"
services:
portainer:
image: portainer/portainer-ce:latest
container_name: Portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/SSD/Docker/Portainer:/data
ports:
- 9000:9000
environment:
- TZ=Europe/Amsterdam
- VLAN=800
networks:
vlan800:
ipv4_address: 192.168.3.2
dns:
- "192.168.33.1"
dns_search: w-solutions.dev
networks:
vlan800:
name: vlan800
driver: macvlan
driver_opts:
parent: vmbr800
ipam:
config:
- subnet: 192.168.3.0/24
gateway: 192.168.33.1
Need support? Hire us!