Overview:
I have Docker running several containers on an rack server running Ubuntu Server 18.04. Most of these containers provide a service that is accessible through a browser on a port other than 80. I setup a nginx container to provide the reverse proxy such that when I type service1.mydomain.com it will pass the request to the ip+port combination that hosts that service (the service is another docker container).
This works great from within my LAN. On any computer in my house I can type service.mydomain.com and have access to the container. I own mydomain and have DynamicDNS setup and ports 80 and 443 forwarded to the IP that nginx is running on.
Problem:
When I setup the containers to run on a macvlan network, I can access the services from outside of my LAN (at work, on my phone, etc). However, when I use the default Docker bridge network, the outside access is broken. I can still connect to the containers from within my house (LAN) but can no longer connect from outside my house.
Troubleshooting:
This is what I have tried to troubleshoot so far.
- Ran tcpdump at server. Can see packets destined for the docker's ip:port combination.
- If I make a request from within the LAN, I get a [S] flag followed by an [S.] flag and the request goes through.
- If I make a request from outside the LAN, I get a bunch of [S] flags with the request not going through. Seems like the packet is getting dropped somewhere in the server.
- Disabled UFW. Did not help.
- Using netstat -i, there was no change in RX-DRP packets but increases in RX-OK packets to docker0 and eno2 interfaces. There was an increase in TX-OK packets from docker0 but not eno2. (nginx is using the IP of eno2)
Any ideas? I have been searching for days and cannot find any example of this issue.