Hi there.
I use an old laptop as a small home server and decided to try switching to NixOS since I’ve been enjoying it a lot recently.
I run all my things (pihole, nextcloud…) on Docker using Compose, and things work great so far. Now I’m trying to set up Nginx Proxy Manager since it’s super convenient for setting up https and do domain-based proxying of requests from outside my network. I on the old setup I set network_mode: host in the corresponding docker-compose.yml file, so i can directly map to the host’s ports. This worked flawlessly and I’d like to stick to this approach.
This is where the issue arises. Binding ports regularily seems to work fine and is properly accessible from the outside too (tested with my public IP). But for some reason connections always time out when using network_mode: host, even though everything looks to run just fine.
Here’s 2 relevant minimal docker-compose files which demonstrate the issue using whoami as an example.
# Regular port binding
# Works great via http://<host-ip>:80
version: "3"
services:
whoami:
image: "containous/whoami"
ports:
- "80:80"
# With network_mode: host
# Connection on http://<host-ip>:80 times out each time, container logs no error
version: "3"
services:
whoami:
image: "containous/whoami"
network_mode: "host"
Relevant commands for testing without compose:
# Port binding
$ docker run -d -P containous/whoami
# Host network
$ docker run -d --network host containous/whoami
I tested if this behaviour is port-specific, but it is not. It seems to affect all ports.
What could be the reason for this? Does NixOS not allow for docker to bind to the host network, or is there some sort of firewall preventing this from working that I’m not aware of? But then again, why does it only fail when changing the network mode?
Output of nix-info:
- system:
"x86_64-linux" - host os:
Linux 5.9.16, NixOS, 20.09.2483.c5c6009fb43 (Nightingale) - multi-user?:
yes - sandbox:
yes - version:
nix-env (Nix) 2.3.9 - nixpkgs:
/nix/var/nix/profiles/per-user/root/channels/nixos