zerotier-docker/README.md

47 lines
2.7 KiB
Markdown
Raw Normal View History

2020-04-06 17:26:55 +02:00
[![Docker Pulls](https://badgen.net/docker/pulls/zyclonite/zerotier)](https://hub.docker.com/r/zyclonite/zerotier)
2021-08-25 14:30:45 +02:00
[![Quay.io Enabled](https://badgen.net/badge/quay%20pulls/enabled/green)](https://quay.io/repository/zyclonite/zerotier)
2021-08-18 09:52:08 +02:00
[![Multiarch build](https://github.com/zyclonite/zerotier-docker/actions/workflows/multiarch.yml/badge.svg)](https://github.com/zyclonite/zerotier-docker/actions/workflows/multiarch.yml)
2020-01-02 09:19:43 +01:00
2017-03-29 11:22:21 +02:00
## zerotier-docker
#### Description
2020-12-01 09:10:36 +01:00
This is a container based on a lightweight Alpine Linux image and a copy of ZeroTier One. It's designed to allow you to run ZeroTier One as a service on container-oriented distributions like Fedora CoreOS, though it should work on any Linux system with Docker or Podman.
2017-03-29 11:22:21 +02:00
#### Run
2020-12-01 09:10:36 +01:00
To run this container in the correct way requires some special options to give it special permissions and allow it to persist its files. Here's an example (tested on Fedora CoreOS):
2017-03-29 11:22:21 +02:00
docker run --name zerotier-one --device=/dev/net/tun --net=host \
--cap-add=NET_ADMIN --cap-add=SYS_ADMIN \
-v /var/lib/zerotier-one:/var/lib/zerotier-one zyclonite/zerotier
This runs zyclonite/zerotier in a container with special network admin permissions and with access to the host's network stack (no network isolation) and /dev/net/tun to create tun/tap devices. This will allow it to create zt# interfaces on the host the way a copy of ZeroTier One running on the host would normally be able to.
2020-12-01 09:10:36 +01:00
In other words that basically does the same thing that running zerotier-one directly on the host would do, except it runs in a container. Since Fedora CoreOS has no package management this is the preferred way of distributing software for it.
2017-03-29 11:22:21 +02:00
It also mounts /var/lib/zerotier-one to /var/lib/zerotier-one inside the container, allowing your service container to persist its state across restarts of the container itself. If you don't do this it'll generate a new identity every time. You can put the actual data somewhere other than /var/lib/zerotier-one if you want.
To join a zerotier network you can use
docker exec zerotier-one zerotier-cli join 8056c2e21c000001
2017-03-29 11:22:21 +02:00
or create an empty file with the network as name
/var/lib/zerotier-one/networks.d/8056c2e21c000001.conf
#### Router mode
It is the implementation of the local network router [paper](https://zerotier.atlassian.net/wiki/spaces/SD/pages/224395274/Route+between+ZeroTier+and+Physical+Networks)
2022-01-19 08:59:04 +01:00
2022-01-28 21:43:52 +01:00
docker run --name zerotier-one --device=/dev/net/tun \
--cap-add=NET_ADMIN --cap-add=NET_RAW --cap-add=SYS_ADMIN \
-v /var/lib/zerotier-one:/var/lib/zerotier-one zyclonite/zerotier:router
2022-01-19 08:59:04 +01:00
That will start the zero-one, establish connection and build the NAT+router once the `zt` interface is up.
2022-01-19 08:59:04 +01:00
2017-03-29 11:22:21 +02:00
#### Source
https://github.com/zyclonite/zerotier-docker