This is an example of using Linux Kernel's
to route all TCP traffic to docker containers without having to resort to
which is not supported by some applications
sshd). To get the demo to work you only need vagrant installed:
git clone [this-gist] tproxy-demo cd tproxy-demo vagrant up # follow instructions in the very last few lines of vagrant provisioner: # tab #1 vagrant ssh -- sudo make -C /vagrant start_nc # tab #2 vagrant ssh -- sudo make -C /vagrant start_haproxy # tab #3 nc 192.168.33.10 9000 # tab 1 logs must show 192.168.33.1 (vagrant host) and not 127.0.0.1 (proxy IP)
192.168.33.10for vagrant box IP address, if you have another vagrant box with the same IP, change the IP and update
- For this scheme to work, the HAProxy device must be positioned such that all outgoing traffic of the proxied service (here netcat running inside a docker container) passes through the proxy device as well. For this demo, this is achievd by simply running HAProxy and docker host on the same machine. Otherwise you must configure the docker hosts' default gateway.
- others doing the same:
@amirkdv thank you for this guide!