hi,
first, I just wanted to thank you for this awesome product. been using it on a lot of servers and never had a problem. i have a problem right now, I’ve installed netdata with docker and everything is fine when i leave the netdata.conf unchanged but when i change the ips that are allowed to access the dashboard i can’t access it from anywhere. for example if this line looks like this
((allow dashboard from = localhost * )) everything is fine and dashboard is accessible from anywhere,but if i change it to (( allow dashboard from = localhost a.b.c.d ))or (( allow dashboard from = localhost a.b.c.d )) then its not accessible from a.b.c.d IP or any other one. am i doing something wrong?
Hi, @sina_nejadebrahim. I think that is because of masquerading (iptables), see this issue - there we did troubleshoot (i believe) the same problem.
thank you for your reponse. i don’t have any iptables rules but the server is an OpenStack node and OpenStack deployed with Kolla Ansible changes some network configurations and I’m guessing that’s the problem. I’ll do some research and let you know if I fixed it.
thank you
Did you check it?
Docker manipulates iptables rules to provide network isolation. Every time you expose a port it creates a new iptables rule to redirect the traffic to your container. And Docker assigns IPs from “172.17.0.0/16” range (or other if configured) to containers.
[ilyam@pc ~]$ docker network inspect bridge | jq ".[] | .IPAM.Config[] | .Subnet"
"172.17.0.0/16"
[ilyam@pc ~]$ docker inspect netdata | jq ".[] | .NetworkSettings.IPAddress"
"172.17.0.2
yes. here the outpout of these commands:
root@node:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@node:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
root@node:~#docker network inspect bridge
[]
Error: No such network: bridge
root@node:~# docker inspect netdata
NetworkSettings": {
"Bridge": "",
"SandboxID": "6a55ad8242df1739f4f727131b03d9aa10ce38f00e232d302b792824546b6e2b",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"19999/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "19999"
},
{
"HostIp": "::",
"HostPort": "19999"
#this is the end of the output .i cut out the unnecessary parts
"NetworkID": "b7abb330e6651187bd558d3164c2002f720d5bc6210c734924855dddf25c0c35",
"EndpointID": "961143f15e3b71becdaf5483419e663d6651d17ebde5ec9482d37ead793fc5cd",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
and the commands you provided didn’t give any output - I’m don’t familiar with jq that much so sorry if I’m saying something wrong
root@node:~# docker network inspect bridge | jq ".[] | .IPAM.Config[] | .Subnet""172.17.0.0/16"
jq: error: Invalid numeric literal at EOF at line 1, column 7 (while parsing '.17.0.0') at <top-level>, line 1:
.[] | .IPAM.Config[] | .Subnet172.17.0.0/16
jq: error: syntax error, unexpected LITERAL, expecting $end (Unix shell quoting issues?) at <top-level>, line 1:
.[] | .IPAM.Config[] | .Subnet172.17.0.0/16
jq: 2 compile errors
docker inspect netdata | jq ".[] | .NetworkSettings.IPAddress""172.17.0.2"
jq: error: Invalid numeric literal at EOF at line 1, column 7 (while parsing '.17.0.2') at <top-level>, line 1:
.[] | .NetworkSettings.IPAddress172.17.0.2
jq: error: syntax error, unexpected LITERAL, expecting $end (Unix shell quoting issues?) at <top-level>, line 1:
.[] | .NetworkSettings.IPAddress172.17.0.2
jq: 2 compile errors