zerotier-docker/README.md

49 lines
2.8 KiB
Markdown
Raw Normal View History

2020-04-06 17:26:55 +02:00
[![Docker Pulls](https://badgen.net/docker/pulls/zyclonite/zerotier)](https://hub.docker.com/r/zyclonite/zerotier)
2021-08-25 14:30:45 +02:00
[![Quay.io Enabled](https://badgen.net/badge/quay%20pulls/enabled/green)](https://quay.io/repository/zyclonite/zerotier)
2021-08-18 09:52:08 +02:00
[![Multiarch build](https://github.com/zyclonite/zerotier-docker/actions/workflows/multiarch.yml/badge.svg)](https://github.com/zyclonite/zerotier-docker/actions/workflows/multiarch.yml)
2020-01-02 09:19:43 +01:00
2017-03-29 11:22:21 +02:00
## zerotier-docker
#### Description
2020-12-01 09:10:36 +01:00
This is a container based on a lightweight Alpine Linux image and a copy of ZeroTier One. It's designed to allow you to run ZeroTier One as a service on container-oriented distributions like Fedora CoreOS, though it should work on any Linux system with Docker or Podman.
2017-03-29 11:22:21 +02:00
#### Run
2020-12-01 09:10:36 +01:00
To run this container in the correct way requires some special options to give it special permissions and allow it to persist its files. Here's an example (tested on Fedora CoreOS):
2017-03-29 11:22:21 +02:00
docker run --name zerotier-one --device=/dev/net/tun --net=host \
--cap-add=NET_ADMIN --cap-add=SYS_ADMIN \
-v /var/lib/zerotier-one:/var/lib/zerotier-one zyclonite/zerotier
This runs zyclonite/zerotier in a container with special network admin permissions and with access to the host's network stack (no network isolation) and /dev/net/tun to create tun/tap devices. This will allow it to create zt# interfaces on the host the way a copy of ZeroTier One running on the host would normally be able to.
2020-12-01 09:10:36 +01:00
In other words that basically does the same thing that running zerotier-one directly on the host would do, except it runs in a container. Since Fedora CoreOS has no package management this is the preferred way of distributing software for it.
2017-03-29 11:22:21 +02:00
It also mounts /var/lib/zerotier-one to /var/lib/zerotier-one inside the container, allowing your service container to persist its state across restarts of the container itself. If you don't do this it'll generate a new identity every time. You can put the actual data somewhere other than /var/lib/zerotier-one if you want.
To join a zerotier network you can use
docker exec zerotier-one zerotier-cli join 8056c2e21c000001
2017-03-29 11:22:21 +02:00
or create an empty file with the network as name
/var/lib/zerotier-one/networks.d/8056c2e21c000001.conf
2022-01-19 08:59:04 +01:00
#### Bridge mode
It is the implementation of the local network bridge [paper](https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/Bridge+your+ZeroTier+and+local+network+with+a+RaspberryPi)
To enable it, remove the host network parameter and add `Bridge=true` to environment variables.
docker run --name zerotier-one --device=/dev/net/tun -e BRIDGE=true \
--cap-add=NET_ADMIN --cap-add=SYS_ADMIN \
-v /var/lib/zerotier-one:/var/lib/zerotier-one zyclonite/zerotier
That will start the zero-one, establish connection and build the bridge once the `zt` interface is up.
2017-03-29 11:22:21 +02:00
#### Source
https://github.com/zyclonite/zerotier-docker