菜单

Docker Network Segment Configuration

Published 2024年11月06日

Scenario Description

In daily operations and maintenance, network segment conflicts are a common issue. For instance, the JumpServer backend operates on Docker, with the default configuration for container networks set to 192.168.250.0/24. This can conflict with the default network segments of certain assets, preventing normal connections to those assets. This article will explain how to modify the default network segment configuration for Docker containers in JumpServer.

Configuration Description

When modifying the production environment, it is necessary to first shut down the JumpServer service, which will temporarily make JumpServer inaccessible.

Docker Network Conflict

Stop the JumpServer service.

jmsctl down

Note: Before changing Docker's default network segment, ensure that it does not conflict with the default network segments of other managed assets.

Open the </etc/docker/daemon.json> configuration file and add the <bip> configuration item at the beginning, as shown below:

{
"bip":"192.168.100.1/24"   # 192.168.100.1 is the network segment to be modified; it must not conflict with the host's network segment. Additionally, 192.168.100.0 cannot be used because the first address of the subnet cannot be occupied.
}

Restart the Docker container service.

systemctl restart docker

Start the JumpServer service.

jmsctl start

We can execute <docker network inspect bridge | grep "Subnet"> for verification.

docker network inspect bridge | grep "Subnet"
                    "Subnet": "192.168.100.1/24"

Network conflict of the container

Stop the JumpServer service.

jmsctl down

Modify the <DOCKER_SUBNET> field in the JumpServer configuration file /opt/jumpserver/config/config.txt.

# The subnet used by the JumpServer container should not conflict with existing networks; please modify it according to your actual situation.
#
DOCKER_SUBNET=192.168.250.0/24

Start the JumpServer service.

jmsctl start

For the jms_core container, check if the container address has changed to the 192.168.250.0/24 subnet.

# docker exec -it jms_core /bin/bash
root@jms_core:/opt/jumpserver# hostname -I
192.168.250.2

Previous Efficient Remote Management of Linux Servers via VNC Protocol
Next Data storage directory migration