0

I have two "user" networks: the LAN on 192.168.10.0/24 and Wireguard on 192.168.20.0/24. I also host on 192.168.10.2 a docker engine that powers a dozen of containers and a few networks that all neatly land on 172.XX.0.0/16. Everything works great.

I added a set of new containers to host a Graylog service. I used the docker-compose.yml provided by the repo, with a few minor changes: a connection to a docker srv network that allows web containers to be connected to a caddy reverse proxy. The full docker-compose.yaml is as follows:

version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:4.2
    volumes:
      - mongo_data:/data/db
    networks:
      - default
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
    networks:
      - default
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:4.3
    volumes:
      - graylog_data:/usr/share/graylog/data
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=XXX
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=XXXXX
      - GRAYLOG_HTTP_EXTERNAL_URI=https://graylog.XXXX/
    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
    links:
      - mongodb:mongo
      - elasticsearch
    restart: always
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      #- 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
    networks:
      - default
      - srv
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_data:
    driver: local

networks:
  default:
  srv:
    external: true
    name: srv

For some reason the docker network that was automatically created was on 192.168.16.0/20 and it took me quite a lot of time to understand why Wireguard was not working anymore: this network contains 192.168.20.0/24 and the wireguard traffic was routed there...

Whe shutting down Graylog and manually deleting 192.168.16.0/20 everything is back to normal.

My question: why would a docker composition pick a wildly different network from the ones other containers use? How is this choice driven if there is nothing in docker-compose.yml that would hint at the network to use?

Improve this question

1 Answer 1

Reset to default
0

After manually deleting the docker network (per the information in the lat part of the question) I restarted the Graylog containers and, behold, the created network follows the 172.XX.0.0/16` template.

My wild guess would be that there was a network forced on 192.168..., then Graylog decided to follow this new template, and the former network was deleted.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .