Hi
Stock nginx built into Synology DSM won’t cut it, so I decided to install Nginx Proxy Manager. Before doing so, I created a macvlan and assigned the NPM container to use the assigned IP. Once install is finished, and I try to launch NPM, it fails to load. I tried the same install without macvlan, and it works and loads just fine. I have installed many other containers on macvlan, so I know what I am doing and have the knowledge and experience, but I have never run into this before where there seems to be a conflict I am not aware of.
Help? Anyone?
Sorry. I wrote it for my notes and wasn’t necessarily polished for external use.
The basic gist of it is:
Reserve your IP range
Create the docker network (compatible with MACVLANs)
Create the macvlan on your Synology
Set up your container with the new network
I follow your instructions carefully. When I get here I get the terminal response :“XX” is invalid lladdr.
You have to create your own Mac address.
Google “valid MAC addresses” and place your own there. Anyone will do.
You’re creating a virtual LAN on your network and as such you need a MAC address. You can skip it but as I said in my guide, one will be automatically created for you each time and you’ll have multiple virtual devices sitting on your network.
I think I am about 99% of the way there. Seems like I got it mostly figured out, but I do have a couple questions for you. And thanks again for your time, you have no idea how much I appreciate you and your assistance in this.
#1. After creating the docker network, you suggest creating the macvlan and the command for creating the macvlan involes ‘macvlan0’. I cannot use macvlan0 and instead am forced to use macvlan1 because macvlan0 is taken by the docker network we created just before creating the macvlan. Seems to be a conflict. I checked and there’s nothing else conflicting other than the already created macvlan0 from the step before.
#2. After completing the steps, I can access my NAS as usual, the Nginx proxy manager is accessible via it’s macvlan IP, but I can also connect to the NAS and the Nginx from the auxillary host IP. What’s the deal with that?
#3. Once all is said and done. Should my Nginx be connected to both the bridge network and the new macvlan or just the macvlan? It’s always connected to the bridge by default, but when I add the container to the new macvlan, am I supposed to disconnect it from the bridge?
Yes, the auxiliary host IP is basically a new virtual IP that sits on your LAN. So basically when you connect your synology to your home network, it gets assigned an IP (with its own MAC address included). With the MACVLAN network, you’ve basically created a new virtual network on your NAS with its on device (MAC) address. It is in essence a virtual copy of your NAS host that your router sees it as a new device on your network.
This is up to you how you want your network architecture to look like, but when you spin up a new container that you want available accessible by your ngnix, you have to:
Specify your docker’s macvlan network as your container’s network (and remove it from the default bridge) OR
Connect your ngnix container to your application’s docker network (basically isolate all containers in their own network)
Up to you. Personally I do #2.
I presume you’re talking about this one ?
sudo ip addr add 192.168.2.201/32 dev macvlan0
I guess I didn’t explain properly but that is your auxiliary host’s IP. If you look at command 2 you’ll see--aux-address="host=192.168.2.201"
. Basically the CIDR notation/32
is the same as the subnet mask255.255.255.255
, only one IP address can be served in macvlan0.Yea its optional. For my purposes it was nice to have because I have gitea and wanted to use GIT on the Synology locally. You don’t have to.
Yea it’s not straightforward and I spent a ton of time researching it. Glad to help.
I was actually referring to ‘sudo ip route add 192.168.2.200/29 dev macvlan0’ for #3
This one has me stumped. I hope you’re not one of those who deletes his Reddit posts because I may need to come back to this post one day 😁
That is the MACVLANs subnet. That’s basically carving a small subnet out of your LAN that your virtual LAN will sit on. See the preparation section of the original post.
And yes, all proxying goes to the aux IP.
Looking at your example. Your original settings are:
docker network create -d macvlan \
-o parent=eth0 \
--subnet=192.168.2.0/24 \
--gateway=192.168.2.1 \
--ip-range 192.168.2.200/27 \
--aux-address=“host=192.168.2.201” \
dockervlan
Why did you use 192.168.2.200/29 for your route? This is the last part I dont quite understand. How does it play into the settings you chose above?
My setup is ip range 192.168.87.96/30 which is ip range 192.168.87.96 to 192.168.87.99 . I chose 192.168.87.99 as my auxillary and my Nginx was automatically given IP 192.168.87.96 . Now my question is how do I go about knowing what to use for route? I blindly first tried 192.168.87.98 from some bad info ChatGPT gave me and then I changed the route to the exact same CIDR notation I use for my IP range which is 192.168.87.96/30 and that seemed to work. Im asking because although it works I have zero clue why it works. My brain doesnt understand this final part.
🙏🏼
I made a typo here and it should be
--ip-range 192.168.2.200/29
As I mentioned above you are creating a virtual LAN and as such you need to carve out your own subnet.
What do you mean what to use for route? Given what you said your command should look like:
So that command is saying: I have an entire LAN that lives on the subnet 192.168.87.0/24. My router (i.e. gateway) has the IP address 192.168.87.1. I have a virtual network (macvlan) that has its own subnet that has the range 192.168.87.96/30.
So now you need to create the virtual subnet (macvlan) using the command
If you use any other subnet it wouldn’t make any sense. How else would you get the same address space you described in the ip-range option?
Here, let me show you what I did and you tell me where I went wrong.
SSH into Synology NAS and Create macvlan network with modified command below to my system:sudo docker network create -d macvlan \-o parent=eth0 \–subnet=192.168.1.0/24 \–gateway=192.168.1.1 \npm_network
Install Nginx Proxy Manager docker container
Assign NPM to use the new macvlan network and assign it an IP on the subnet that’s not already in use with the following command:docker network connect --ip 192.168.1.99 npm_network nginx_proxy_manager
Go into portainer and under container settings for NPM, ensure the container is connected to both the new macvlan with the info we used and also connected to the default bridge network.
This is where I hit a wall. I still cannot connect to my web interface at this point when I feel like I should be able to with the macvlan ip 192.168.1.99
What am I doing wrong?
So basically all you did was create a docker network with no macvlan on your synology. The docker network you created will simply look for a macvlan and communicate with it. There needs to be an actual macvlan there to communicate with. You really should read through my responses again.
Here are some pointers:
Your step 2 needs an auxiliary address for your host. –aux-address=“host=192.168.2.201”
Look at my step 3. You have to run those commands to setup the macvlan on your synology. You have to use your auxiliary host address in the series of commands I showed you. When you run them properly you will see the host show up in your router.
Okay, so here’s where I’m confused. From my understanding you say all I did is create a docker network and I need to create a macvlan but the ‘npm_network’ that I created literally says macvlan beside it in the network tab of either container manager or portainer. Even the command literally says ‘create macvlan’ so I am confused why you say that’s not a macvlan and only a docker network.
Am I making sense? Also, two other outdated guides ive seen on this describe it the same way. The way you describe it is a first that I’ve seen. Not saying you’re wrong, but there’s certainly a difference I’m noticing.
Those other guides assume you already have a macvlan and want to use docker on it. Like I said, not many complete guides out there. Mine is the most comprehensive you’ll find.
The gist of it is, you create a macvlan network on your NAS then you place a docker network on that macvlan network.