#Docker networking

Hello everyone! Thanks in advance for helping me.
I have a Ubuntu 24 server. I installed Pterodactyl and Wings on it using their docker images.
Here are the docker compose files :

x-common:
  database:
    &db-environment
    # Do not remove the "&db-password" from the end of the line below, it is important
    # for Panel functionality.
    MYSQL_PASSWORD: &db-password "SuperMDPRob9ste10"
    MYSQL_ROOT_PASSWORD: "MdPdeDingueRob8ste*"
  panel:
    &panel-environment
    # This URL should be the URL that your reverse proxy routes to the panel server
    APP_URL: "panel.dns.com"
    # A list of valid timezones can be found here: http://php.net/manual/en/timezones.php
    APP_TIMEZONE: "UTC"
    APP_SERVICE_AUTHOR: ""
    TRUSTED_PROXIES: "*" # Set this to your proxy IP
    # Uncomment the line below and set to a non-empty value if you want to use Let's Encrypt
    # to generate an SSL certificate for the Panel.
    # LE_EMAIL: ""
  mail:
    &mail-environment
    MAIL_FROM: ""
    MAIL_DRIVER: "smtp"
    MAIL_HOST: "smtp.gmail.com"
    MAIL_PORT: "465"
    MAIL_USERNAME: ""
    MAIL_PASSWORD: ""
    MAIL_ENCRYPTION: "true"
#
# ------------------------------------------------------------------------------------------
# DANGER ZONE BELOW
#
# The remainder of this file likely does not need to be changed. Please only make modifications
# below if you understand what you are doing.
#
services:
  database:
    image: mariadb:10.5
    restart: always
    command: --default-authentication-plugin=mysql_native_password
    volumes:
      - "/srv/pterodactyl/database:/var/lib/mysql"
    environment:
      <<: *db-environment
      MYSQL_DATABASE: "panel"
      MYSQL_USER: "pterodactyl"
  cache:
    image: redis:alpine
    restart: always
  panel:
    image: ghcr.io/pterodactyl/panel:latest
    restart: always
    ports:
      - "8770:80"
      - "4473:443"
    links:
      - database
      - cache
    volumes:
      - "/srv/pterodactyl/var/:/app/var/"
      - "/srv/pterodactyl/nginx/:/etc/nginx/http.d/"
      - "/srv/pterodactyl/certs/:/etc/letsencrypt/"
      - "/srv/pterodactyl/logs/:/app/storage/logs"

environment:
      <<: [*panel-environment, *mail-environment]
      DB_PASSWORD: *db-password
      APP_ENV: "production"
      APP_ENVIRONMENT_ONLY: "false"
      CACHE_DRIVER: "redis"
      SESSION_DRIVER: "redis"
      QUEUE_DRIVER: "redis"
      REDIS_HOST: "cache"
      DB_HOST: "database"
      DB_PORT: "3306"
networks:
  default:
    ipam:
      config:
        - subnet: 171.172.0.0/16

I have a nginx running that act as a reverse proxy, and a Let's encrypt bot.
Here is my docker compose file for wings :

services:
  wings:
    image: ghcr.io/pterodactyl/wings:latest
    restart: always
    networks:
      - wings0
    ports:
      - "3011:3011"
      - "2022:2022"
      - "25565:25565"
    tty: true
    environment:
      TZ: "UTC"
      WINGS_UID: 988
      WINGS_GID: 988
      WINGS_USERNAME: pterodactyl
      WINGS_DOMAIN: 
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/var/lib/docker/containers/:/var/lib/docker/containers/"
      - "/etc/pterodactyl/:/etc/pterodactyl/"
      - "/var/lib/pterodactyl/:/var/lib/pterodactyl/"
      - "/var/log/pterodactyl/:/var/log/pterodactyl/"
      - "/tmp/pterodactyl/:/tmp/pterodactyl/"
      - "/etc/ssl/certs:/etc/ssl/certs:ro"
      # Required for ssl if you use let's encrypt. uncomment to use.
      - "/etc/letsencrypt/:/etc/letsencrypt:ro"
networks:
  wings0:
    name: wings0
    driver: bridge
    ipam:
      config:
        - subnet: "172.172.0.0/16"
    driver_opts:
      com.docker.network.bridge.name: wings0

After numerous attempts, I finally get them going. Both can communicate, and I can create a Minecraft server. My only problem is that I don't know what ip I should assign to my node and my server. I tried my local IP (192.168.x.x), my public IP, and 0.0.0.0.

@hollow quartz: It looks like Docker probably is not running on your machine. Use systemctl status docker to check the status of it, and systemctl restart docker to get it operational again.

What am I supposed to put in the assignment node ? and in the server part ?
Can I have multiple DNS record so let's say Minecraft.dns that redirects to the Minecraft server and then ark.dns that redirects to the ark server ? how can I accomplish this ?

The assignments are meant to be partly for the user, and partly for the server

The port is used to expose the game server's port to the Internet via a docker port mapping

Whereas the address should be the publicly accessible address - IP or domain - that a user can use to connect to the server

thank you for your time
so for the assignment part, I should put letsay port 1000 to 1005 if I want 5 servers at the same time accessible
You can put domain instead of ip ?

and for the server part ?

Yeah that's right

I'm not at my desk to otherwise check how I did it but yeah

I recommend picking ports higher than 2000 though as a convention

oh alright yeah it works, but as it just said "IP address" I didn't know I could
yes of course I was only saying this for the sake of example

You can use ports up to 65535 so no point in using low numbers

Ah alright

I'll try again tomorrow, thanks again

Yw

I get this error when starting :
Error Event [0ca37e0a-9ca4-4f5a-b11e-7aa8c01b90a1]: environment/docker: failed to start container: Error response from daemon: driver failed programming external connectivity on endpoint 2da2e2b3-32c2-4490-a21e-b9f8c1dc7dea (0f1602466d798a55a72aaaaf52569efae46304ed69e9fdfda157e03aecb364ea): failed to bind port mypublicip:25565/tcp: Error starting userland proxy: listen tcp4 mypublicip:25565: bind: cannot assign requested address
even though no process uses the port -> sudo netstat -ntlp | grep 25565 shows nothing

At your service, @hollow quartz!

The IP address you have assigned to your server is not actually available for use on your machine. Node allocation creation is explained in the Wings install documentation: https://pterodactyl.io/wings/1.0/installing.html#node-allocations

Execute the command hostname -I | awk '{print $1}' and change your Node allocations to use this IP. Yes, it can be your internal/local IP when you're behind NAT. When behind NAT you will allocate the internal IP and connect using the public IP.

If you have added multiple public IPs to your network interface, you can view all of them using the command ip a | grep "inet "

"Cannot assign requested address" generally means you used the wrong address yeah

I'll take a look at my own panels a bit later

well i put my dns record and it transformed into my public ip
isn't it linked to docker networking ?

because in my compose file, there is :

networks:
  default:
    ipam:
      config:
        - subnet: 171.172.0.0/16

So maybe i can't access my ip ?

That's for internal networking allocations

I will get to this, I literally just got up so

yeah of course takes your time don't worry!

Did you follow the bots instructions to check your IP address ?

OK, looking at my panel, using a DNS name does indeed resolve it to an IP address in the allocations panel

so yes I recommend only using your public IP address for those allocations

if you have a simple setup with only a single public IP, you can check it using curl -4 ifconfig.me/ip

but the ip a | grep "inet " approach will give you the addresses (and details) for all of your network adapters

if you're behind a NAT then using your public IP won't work, you'll need to use your internal IP given by the last command

oh and, note that since you're using Docker, you likely will have a lot of listed network adapters

anything with an IP beginning with 172 (or apparently 171 in your case) is likely a Docker network

i have a dynamic ip so its an additional problem
yes i'm behind a NAT, but i already have the rule to translate setup so i'm not sure whats the problem here

i'll show the output in a moment

If you're behind a NAT, use the IP from this command

from inside the container ? because I can't have any bash
and from outside, I have only two ip :

• 127.0.0.0
• 192.168.1.24 (my local ip on my networking)

Yeah that one, your local IP

use that

yeah that's what I had previously
my Minecraft server correctly start and is marked as Running
I'll hop on my pc and check if I can access it with Minecraft

It should work

using my public dns it doesn't
and using 192.168.1.24:25565 neither

Is your machine on the same network as the server?

yes

Are you able to ping that IP?

i can access other services i have installed on the same server

using docker also

Okay

What error do you get?

"getsockopt"

That's not the full error for sure

on minecraft i mean

Connection refused, so the port is either not bound, or not open

Are you using a firewall? Like iptables, firewalld, etc

on the server console, i get no error
in the docker logs neither

ufw and iptables are disabled

its a basic ubuntu install so i don't believe so

iptables isn't a daemon exactly, disabling the services tend to just stop saving/reloading IME

You certainly do want to be using a firewall

But it sounds as if your other services aren't having their ports blocked

Are those services all running on standard ports?

ufw is inactive
i have these rules for iptables :
ACCEPT 6 -- 0.0.0.0/0 172.172.0.2 tcp dpt:25565
ACCEPT 6 -- 0.0.0.0/0 172.173.0.2 tcp dpt:25565
ACCEPT 17 -- 0.0.0.0/0 172.173.0.2 udp dpt:25565

yes they are running on standard ports

like 8096 for jellyfin

Try to see if you can connect to the container's port locally on the server

Eg by using telnet and looking at the error

Or maybe an SSH tunnel

nc: connect to 192.168.1.24 port 25565 (tcp) failed: Connection refused

even though i added theses rules :
ACCEPT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25565
ACCEPT 17 -- 0.0.0.0/0 0.0.0.0/0 udp dpt:25565
ACCEPT 6 -- 0.0.0.0/0 172.172.0.2 tcp dpt:25565
ACCEPT 6 -- 0.0.0.0/0 172.173.0.2 tcp dpt:25565
ACCEPT 17 -- 0.0.0.0/0 172.173.0.2 udp dpt:25565

(telnet fails too, from inside the host and outside)

This would fail when run on that machine, the port should be available on localhost or the container's actual IP instead

yes but i tried from another device in the same network and i doesn't works

Please explain the issue you're experiencing in as much detail as possible. Preferably with error messages in a text format or paste link to logs. Nobody can assist you without information that helps to understand the issue. Help us help you. Messages such as "doesn't work" or "i need help" will most likely be ignored.

while another port does

oh wow

it works

finally

What'd you change?

docker compose down , system prune to remove all the networks associated

even if i already did that multiple times

but the only thing i can think of is this

addind another rule

Yeah that probably was it then

No Linux server is intended to be without a firewall so they kinda fight you a bit if you try to go that route

I tend to prefer firewalld but yk there are lots of options

You're on Ubuntu tho so iptables+ufw is standard

As a reminder, you probably want to enable the iptables service and then double check that the rules you added are still in it

yeah it was active in fact

i didn't think it was

thanks for you help !

Yw, glad we got there in the end

yes
do you happen to know a tutorial to create an ark server using pterodactyl?

you'll need to find an egg for that

there's a site people share here, need to find it

ah https://pterodactyleggs.com/

looks like you want https://pterodactyleggs.com/egg/6735ff3e4924a4e9bbcb7898

thanks a lot !