Le jeudi 24 novembre 2016 14:05:30 UTC+1, Opal Raava a écrit : > Hi all, > > I've not seen many docker posts, but for the heck of it I'd like to report on > how I made an app-vm that has a website running in docker and reachable by > everything connected to sys-firewall. > > 1) install docker in fedora-24, dnf install docker > > 2) create the new appvm, I called it 'docker' > > 3) in that app-vm in /rw/config/rc.local, i put: > > rm -rf /var/lib/docker > ln -s /home/user/docker /var/lib/docker > systemctl start docker > > , and I made the dir in /home/user/docker > now as root i can use 'docker ps' and everything. > > > 4) networking, making 'docker' visible: > on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > > on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > Ok, that's all i have on docker, and it works great.
Hello Opal Raava. Thanks for this post. I am newbie in Qubes OS. I'd like to create an appVM having an HTTPS (Port 443) website running in docker. When i start the docker container i set the following option : -p 2443:443 But, i failed with configurating sys-firewall, and my browser refuses to access to the https website. Did you met this case ? Thanks for you ideas around the sys-firewall/https forward. Regards Mac -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fc3afeec-3d49-42c2-bd6e-e2ecd107beac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
