wenjunxiao / mac-docker-connector Goto Github PK

The connector provides the ability for the mac/windows host to directly access the docker container

License: MIT License

Dockerfile 0.94% Go 96.00% Batchfile 3.07%

mac-docker-connector's Introduction

Change mac-docker-connector to desktop-docker-connector to support both Docker Desktop for Mac and Docker Desktop for Windows

desktop-docker-connector

Docker Desktop for Mac and Windows does not provide access to container IP from host(macOS or Windows). Reference Known limitations, use cases, and workarounds. There is a complex solution, which is also my source of inspiration. The main idea is to build a VPN between the macOS/Windows host and the docker virtual machine.

+---------------+          +--------------------+
|               |          | Hypervisor/Hyper-V |
| macOS/Windows |          |  +-----------+     |
|               |          |  | Container |     |
|               |   vpn    |  +-----------+     |
|   VPN Client  |<-------->|   VPN Server       |
+---------------+          +--------------------+

But the macOS/Windows host cannot access the container, the vpn port must be exported and forwarded. Since the VPN connection is duplex, so we can reverse it.

+---------------+          +--------------------+
|               |          | Hypervisor/Hyper-V |
| macOS/Windows |          |  +-----------+     |
|               |          |  | Container |     |
|               |   vpn    |  +-----------+     |
| VPN Server    |<-------->|   VPN Client       |
+---------------+          +--------------------+

Even so, we need to do more extra work to use openvpn, such as certificates, configuration, etc. All I want is to access the container via IP, why is it so cumbersome. No need for security, multi-clients, or certificates, just connect.

+---------------+          +--------------------+
|               |          | Hypervisor/Hyper-V |
| macOS/Windows |          |  +-----------+     |
|               |          |  | Container |     |
|               |   udp    |  +-----------+     |
| TUN Server    |<-------->|   TUN Client       |
+---------------+          +--------------------+

In the view of Docker and iptables, this tool also provides the ability of two subnets to access each other.

+-------------------------------+ 
|      Hypervisor/Hyper-V       | 
| +----------+     +----------+ | 
| | subnet 1 |<--->| subnet 2 | |
| +----------+     +----------+ |
+-------------------------------+

Usage

Host

MacOS

Install mac client of desktop-docker-connector.

$ brew tap wenjunxiao/brew
$ brew install docker-connector

Config route of docker network

$ docker network ls --filter driver=bridge --format "{{.ID}}" | xargs docker network inspect --format "route {{range .IPAM.Config}}{{.Subnet}}{{end}}" >> "$(brew --prefix)/etc/docker-connector.conf"

Start the service

$ sudo brew services start docker-connector

Windows

Need to install tap driver tap-windows from OpenVPN. Download the latest version http://build.openvpn.net/downloads/releases/latest/tap-windows-latest-stable.exe and install.

Download windows client of desktop-docker-connector from Releases, and then unzip it.

Append bridge network to options.conf, format like route 172.17.0.0/16.

route 172.17.0.0/16

Run directly by bat start-connector.bat or install as service by follow step:

Run the bat install-service.bat to install as windows service.
Run the bat start-service.bat to start the connector service. And finally, you can run the bat stop-service.bat to stop the connector service, run the bat uninstall-service.bat to uninstall the connector service.

Docker

Install docker front of desktop-docker-connector

$ docker pull wenjunxiao/desktop-docker-connector

Start the docker front. The network must be host, and add NET_ADMIN capability.

$ docker run -it -d --restart always --net host --cap-add NET_ADMIN --name desktop-connector wenjunxiao/desktop-docker-connector

If you want to expose the containers of docker to other pepole, Please reference docker-accessor

Configuration

Basic configuration items, do not need to modify these, unless your environment conflicts, if necessary, then the docker container desktop-docker-connector also needs to be started with the same parameters

addr virtual network address, default 192.168.251.1/24 (change if it conflict)
```
addr 192.168.251.1/24
```
port udp listen port, default 2511 (change if it conflict)
```
port 2511
```
mtu the MTU of network, default 1400
```
mtu 1400
```
host udp listen host, used to be connected by desktop-docker-connector, default 127.0.0.1 for security and adaptation
```
host 127.0.0.1
```
Dynamic hot-loading configuration items can take effect without restarting, and need to be added or modified according to your needs.
route Add a route to access the docker container subnet, usually when you create a bridge network by docker network create --subnet 172.56.72.0/24 app, run echo "route 172.56.72.0/24" >> "$(brew --prefix)/etc/docker-connector.conf" to append route to config file.
```
route 172.56.72.0/24
```
iptables Insert(+) or delete(-) a iptable rule for two subnets to access each other.
```
iptables 172.0.1.0+172.0.2.0
iptables 172.0.3.0-172.0.4.0
```
The ip is subnet address without mask, and join with + to insert a rule, and join with - to delete a rule.
expose Expose you docker container to other pepole, default disabled.
```
expose 0.0.0.0:2512
```
the exposed address should be connected by docker-accessor. And then add expose after then route you want to be exposed
```
route 172.100.0.0/16 expose
```
token Define the access token and the virtual IP assigned after connection
```
token token-name 192.168.251.3
```
The token name is customized and unique, and the IP must be valid in the virtual network defined by addr
hosts allows the custom domain with ip 127.0.0.1, also can be used in the container
```
hosts /etc/hosts .local .inc
```
The first parameter is the hosts file, and the subsequent parameters are the filtered domain name suffix
proxy allows services that listen locally on 127.0.0.1 to be accessed by the container
```
proxy 127.0.0.1:80:80
```
The first part 127.0.0.1:80 is the address where the local service listens, and the port 80 in the latter part is the port where the proxy listens

mac-docker-connector's People

Contributors

Stargazers

Watchers

Forkers

codeflayer alexyibeiou alex2006 cpp-wen jsduan zbinnny ccczone ainisa20 prideiceman matyle zhangfuli nanoleap yinjiuming itgraph javasunson data-lee phoenix-repo kindevil 7hong nbuxrr sevtin weibingchen ysdlb drgnchan heyehang jannal yangming9 kurvigoss hanyu100 royleechina sqytec coolwxb fortarch yubobo csheng01 redtides xzhiyu bennyzx liuyuchuan swimminghao 598572 monsieurwill xunliu wjy-shadow ezhong0812 jsonliuup

mac-docker-connector's Issues

not supported on m1-Mac

When run the mac-docker-connector on m1-Mac

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested

Mac M2 still cannot connect after configuration

docker: 4.21.1
docker-> redis-cluster 7.0.11

$ brew tap wenjunxiao/brew
$ brew install docker-connector

$ docker network ls --filter driver=bridge --format "{{.ID}}" | xargs docker network inspect --format "route {{range .IPAM.Config}}{{.Subnet}}{{end}}" >> "$(brew --prefix)/etc/docker-connector.conf"

sudo brew services start docker-connector
docker run -it -d --restart always --net host --cap-add NET_ADMIN --name connector wenjunxiao/mac-docker-connector

cat /Library/LaunchDaemons/homebrew.mxcl.docker-connector.plist :

<plist version="1.0">
<dict>
	<key>KeepAlive</key>
	<true/>
	<key>Label</key>
	<string>homebrew.mxcl.docker-connector</string>
	<key>LimitLoadToSessionType</key>
	<array>
		<string>Aqua</string>
		<string>Background</string>
		<string>LoginWindow</string>
		<string>StandardIO</string>
		<string>System</string>
	</array>
	<key>ProgramArguments</key>
	<array>
		<string>sudo</string>
		<string>/opt/homebrew/opt/docker-connector/bin/docker-connector</string>
		<string>-config</string>
		<string>etc/docker-connector.conf</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>StandardErrorPath</key>
	<string>/opt/homebrew/var/log/docker-connector.log</string>
	<key>StandardOutPath</key>
	<string>/opt/homebrew/var/log/docker-connector.log</string>
	<key>WorkingDirectory</key>
	<string>/opt/homebrew</string>
</dict>
</plist>

cat /opt/homebrew//etc/docker-connector.conf:

# addr 192.168.251.1/24
# mtu 1400
# host 127.0.0.1
# port 2511
# route 172.17.0.0/16
# route 172.18.0.0/16
# iptables 172.17.0.0+172.18.0.0
# hosts /etc/hosts .local
# proxy 127.0.0.1:80:80
route 172.17.0.0/16
route 172.20.0.0/16
route 172.19.0.0/16

ping 172.20.0.2
PING 172.20.0.2 (172.20.0.2): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3

macos13.2_inter芯dockerDesktop4.16.2无法连接ip

主机日志docker-connector.log
2023/02/06 09:30:24 command => route -n delete -net 172.19.0.0/16 2023/02/06 09:30:38 load config(true) => /usr/local/etc/docker-connector.conf 2023/02/06 09:30:38 interface => utun0 2023/02/06 09:30:38 command => ifconfig utun0 inet 192.168.251.2 192.168.251.1 netmask 255.255.255.255 up 2023/02/06 09:30:38 command => route -n add -host 192.168.251.2 -interface utun0 2023/02/06 09:30:38 drawin setup done. 2023/02/06 09:30:38 command => route -n delete -net 172.18.0.0/16 2023/02/06 09:30:38 command => route -n add -net 172.18.0.0/16 192.168.251.1 2023/02/06 09:30:38 command => route -n delete -net 172.17.0.0/16 2023/02/06 09:30:38 command => route -n add -net 172.17.0.0/16 192.168.251.1 2023/02/06 09:30:38 listen => 127.0.0.1:2511
容器日志
2023-02-06 10:21:36 interface => tun0 2023-02-06 10:21:36 command => ip addr add dev tun0 local 192.168.251.1 peer 192.168.251.2 2023-02-06 10:21:36 command => ip route add 192.168.251.0/24 via 192.168.251.2 dev tun0 2023-02-06 10:21:36 local => 192.168.65.4:57945 2023-02-06 10:21:36 remote => 192.168.65.2:2511

MacBook M1 & Docker DeskTop 4.15.0 无法ping通172.17.0.2

看了下其他的issue，都说要desktop 4.15 于是降级重新安装了docker，按照流程配置最后还是无法ping 通。

docker-connector的启动日志正常：
2023-07-06 18:27:39 interface => tun0 2023-07-06 18:27:39 command => ip addr add dev tun0 local 192.168.251.1 peer 192.168.251.2 2023-07-06 18:27:39 command => ip route add 192.168.251.0/24 via 192.168.251.2 dev tun0 2023-07-06 18:27:39 local => 192.168.65.3:55811 2023-07-06 18:27:39 remote => 192.168.65.2:2511

docker inspect web 服务的容器，查看分配的ip地址就是172.17.0.2:

docker-connector.conf也配置了路由:
route 172.17.0.0/16

ping 172.17.0.2 超时：
PING 172.17.0.2 (172.17.0.2): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5

还有什么原因导致无法ping通呢？

东西很好用，就是延迟好像有些大，可以优化一下么

东西很好用，就是延迟好像有些大，可以优化一下么
http 延迟800ms

配置好了服务启动不了

mac intel
报错：
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required

Mac无法ping通容器

problem

in docker-connector.plist

from logfile above

the config file is not one in readme，and cat it with result: No such file or directory

my solution

so i cp the config file path in readme to the position in logfile

cp /opt/homebrew/etc/docker-connector.conf /opt/homebrew/opt/docker-connector/bin/etc/docker-connector.conf

and restart docker-connecter with sudo

sudo brew services start docker-connector

it worked

guess

i think because of the following code

容器可访问宿主机吗

宿主机可以ping通容器，但是容器ping不通宿主机

mac版本13.5.1
docker版本4.22.1

> mac和docker服务通信，docker服务由于安全问题需要启动cisco代理才可以启动，在cisco代理软件连接后，mac-docker-connector失效，无法进行mac和docker之间的通信，但关闭cisco后，使用一个测试的docker服务是可以的。我对于网络方面的知识了解比较少，可以帮忙解决这个问题吗

    > mac和docker服务通信，docker服务由于安全问题需要启动cisco代理才可以启动，在cisco代理软件连接后，mac-docker-connector失效，无法进行mac和docker之间的通信，但关闭cisco后，使用一个测试的docker服务是可以的。我对于网络方面的知识了解比较少，可以帮忙解决这个问题吗

启用cisco之后应该是由于cisco修改了路由表导致原来路由到mac-docker-connector的路由表失效导致。可以尝试启动cisco之后再重启mac-docker-connector，如果不行可以把路由表打印出来看下

Originally posted by @wenjunxiao in #10 (comment)

mac m1 电脑 docker-connector.conf 文件路径是 /opt/homebrew/etc

mac 12.5 休眠后，connector 需重启后，宿主机才能才能 ping 通容器

macos 版本 : 12.5
docker 版本:

connector版本及启动命令：

docker run -it -d --restart always --net host --cap-add NET_ADMIN --add-host=host.docker.internal:host-gateway --name connector wenjunxiao/mac-docker-connector

现象为每次 mac 休眠后，无法ping 通 ping 172.17.0.1，需要 restart docker 后恢复正常

非常感谢~~期待答复~~

和cisco代理冲突的问题

mac和docker服务通信，docker服务由于安全问题需要启动cisco代理才可以启动，在cisco代理软件连接后，mac-docker-connector失效，无法进行mac和docker之间的通信，但关闭cisco后，使用一个测试的docker服务是可以的。我对于网络方面的知识了解比较少，可以帮忙解决这个问题吗

please check this

➜ ~ sudo brew services list
Warning: Calling plist_options is deprecated! Use service.require_root instead.
Please report this issue to the wenjunxiao/brew tap (not Homebrew/brew or Homebrew/homebrew-core), or even better, submit a PR to fix it:
/usr/local/Homebrew/Library/Taps/wenjunxiao/homebrew-brew/Formula/docker-connector.rb:38

mac 系统12.2.1 brew install 提示 Your Command Line Tools are too outdated

xxxx ~ % brew install wenjunxiao/brew/docker-connector
Updating Homebrew...
==> Tapping wenjunxiao/brew
Cloning into '/usr/local/Homebrew/Library/Taps/wenjunxiao/homebrew-brew'...
remote: Enumerating objects: 64, done.
remote: Counting objects: 100% (64/64), done.
remote: Compressing objects: 100% (41/41), done.
remote: Total 64 (delta 32), reused 44 (delta 16), pack-reused 0
Receiving objects: 100% (64/64), 9.55 KiB | 126.00 KiB/s, done.
Resolving deltas: 100% (32/32), done.
Tapped 2 formulae (16 files, 23.4KB).
Warning: You are using macOS 12.
We do not provide support for this pre-release version.
You will encounter build failures with some formulae.
Please create pull requests instead of asking for help on Homebrew's GitHub,
Twitter or any other official channels. You are responsible for resolving
any issues you experience while you are running this
pre-release version.

==> Installing docker-connector from wenjunxiao/brew
==> Downloading https://github.com/wenjunxiao/mac-docker-connector/releases/download/v3.1/docker-connector-darwin.tar.gz
==> Downloading from https://objects.githubusercontent.com/github-production-release-asset-2e65be/266031479/3f51cb4b-e37
######################################################################## 100.0%
Error: Your Command Line Tools are too outdated.
Update them from Software Update in System Preferences or run:
softwareupdate --all --install --force

If that doesn't show you any updates, run:
sudo rm -rf /Library/Developer/CommandLineTools
sudo xcode-select --install

Alternatively, manually download them from:
https://developer.apple.com/download/more/.
You should download the Command Line Tools for Xcode 13.0.

Error: Your Command Line Tools (CLT) does not support macOS 12.
It is either outdated or was modified.
Please update your Command Line Tools (CLT) or delete it if no updates are available.
Update them from Software Update in System Preferences or run:
softwareupdate --all --install --force

If that doesn't show you any updates, run:
sudo rm -rf /Library/Developer/CommandLineTools
sudo xcode-select --install

Alternatively, manually download them from:
https://developer.apple.com/download/more/.
You should download the Command Line Tools for Xcode 13.0.

不能ping通

我完全照文档操作，还是不能ping通容器

m1的mac 使用brew start有报错

按照教程步骤执行命令在执行
sudo brew services start docker-connector
然后输入完密码后提示
Service docker-connectoralready started, usebrew services restart docker-connector to restart.
但是我使用brew services list查看显示 docker-connector并没有启动成功

Name             Status User File
docker-connector none   root

不使用sudo 进行start的时候就有报错
docker-connector error 19968 root ~/Library/LaunchAgents/homebrew.mxcl.docker-connector.plist
请问我应该如何解决？

配置文件地址错误

环境

系统：macOS 13.4.1 (c) (22F770820d)
cpu interl
docker desktop：4.22.1

问题

按照教程安装配置后，无法ping通，配置文件内容不生效。
命令生成的文件地址为
/usr/local/etc/docker-connector.conf
查看日志文件，使用的是安装目录下的文件地址
/usr/local/opt/docker-connector/bin/etc/docker-connector.conf。在相应地址复制原配置文件后，可正常访问

macos 10.15.7 系统上没成功呀

所有的设定都是按步来的。不好使不会找问题。

不管用呀。

linux主机如何分享容器给其他人，docker-accessor怎么连接linux主机的服务

主机是centos8,我应该如何设置把容器分享给其他人，使用docker-accessor连接的服务地址应该填什么？公司网段有点复杂，直接用添加静态路由的方式不太行，所以想试试docker-accessor的方式

brew tap wenjunxiao/brew, failed

$ brew tap wenjunxiao/brew
==> Tapping wenjunxiao/brew
Cloning into '/usr/local/Homebrew/Library/Taps/wenjunxiao/homebrew-brew'...
fatal: unable to access 'https://github.com/wenjunxiao/homebrew-brew/': LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443
Error: Failure while executing; git clone https://github.com/wenjunxiao/homebrew-brew /usr/local/Homebrew/Library/Taps/wenjunxiao/homebrew-brew --origin=origin --template= exited with 128.

mac m1 pro 无法ping通容器

系统信息：

芯片：Apple M1 Pro
系统：sonoma 14.4

docker-connector.log
2024/03/14 19:52:21 load config(true) => /opt/homebrew/etc/docker-connector.conf
2024/03/14 19:52:21 interface => utun1
2024/03/14 19:52:21 command => ifconfig utun1 inet 192.168.251.2 192.168.251.1 netmask 255.255.255.255 up
2024/03/14 19:52:21 command => route -n add -host 192.168.251.2 -interface utun1
2024/03/14 19:52:21 drawin setup done.
2024/03/14 19:52:21 command => route -n delete -net 172.18.0.0/16
2024/03/14 19:52:21 command => route -n add -net 172.18.0.0/16 192.168.251.1
2024/03/14 19:52:21 command => route -n delete -net 172.17.0.0/16
2024/03/14 19:52:21 command => route -n add -net 172.17.0.0/16 192.168.251.1
2024/03/14 19:52:21 listen => 127.0.0.1:2511
2024/03/14 19:52:21 load peer => 127.0.0.1:63860
2024/03/14 19:52:23 client init => 127.0.0.1:58166
2024/03/14 19:52:23 send controls => 127.0.0.1:58166 map[]
2024/03/14 19:52:23 reply client => 127.0.0.1:58166 0

desktop-connector容器日志

interface => tun0
command => ip addr add dev tun0 local 192.168.251.1 peer 192.168.251.2
command => ip route add 192.168.251.0/24 via 192.168.251.2 dev tun0
local => 192.168.5.1:51785
remote => 192.168.5.2:2511

➜ ~ traceroute 172.18.0.11
traceroute to 172.18.0.11 (172.18.0.11), 64 hops max, 40 byte packets
1 192.168.251.1 (192.168.251.1) 12.146 ms 1.272 ms 0.926 ms
2 * * *
3 * *

macos Ventura mac-docker-connector不断重启和 ping不通容器

mac docker desktop 4.17.0

根据教程配置完毕，使用命令：
docker run -it -d --restart always --net host --cap-add NET_ADMIN --name connector wenjunxiao/mac-docker-connector
启动。
但是频繁重启：

导致不可用。

mac bigsur mac-docker-connector不断重启和 ping不通

您好，我按照教程都设置了，但是mac-docker-connector 不断重启和无法ping通其他的容器

系统： macos high bigsur
docker桌面版本：docker desktop 4.16.2， docker :20.10.22

命令：

sudo brew services start docker-connector
docker run -it -d --restart always --net host --cap-add NET_ADMIN --name connector wenjunxiao/mac-docker-connector

# cat /usr/local/etc/docker-connector.conf                                                                                                                                                     
route 172.17.0.0/16
route 172.18.0.0/16
route 172.100.0.0/16

错误

# cat /usr/local/var/log/docker-connector.log                                                                                                                                                   
2023/02/13 18:48:01 load config(true) => /usr/local/etc/docker-connector.conf
2023/02/13 18:48:01 error in syscall.RawSyscall(syscall.SYS_CONNECT, ...): operation not permitted
2023/02/13 18:48:11 load config(true) => /usr/local/etc/docker-connector.conf
2023/02/13 18:48:11 error in syscall.RawSyscall(syscall.SYS_CONNECT, ...): operation not permitted

macos version: 13.2.1