Port mapping in docker container with multiple networks

Question

Having used docker on multiple occasions, I am familiar with the concepts of docker networks and port mapping. However, I haven't found any case online where you'd want to mix those two. Hopefully there are ppl who can help me out.

I use Traefik in many situations. I also have pi-hole software as private DNS. I would like to standardize all services behind Traefik to use TLS and custom (internal) domains. The pi-hole admin interface works perfectly together with Traefik.

The biggest issue with pi-hole behind an edge router, is docker uses NAT for the internal network. So pi-hole is not able to see where the DNS requests are made from. The only thing to overcome this is to map the DNS ports (53 & 853) directly to the host, I guess (so bypassing the internal Traefik network, bypassing any NAT).

I can attach the pi-hole container to multiple networks, but how I'm able to attach :80 to the Traefik network and :53 to the host network?

Answer 1

Eventually this was quite simple, although I didn't think this would work: simply publish the ports while the pi-hole container is connected to the Traefik network.

This is the Ansible config I used:

- name: Create the pihole container
  docker_container:
    name: "{{ pihole_docker_container }}"
    image: "{{ pihole_docker_tag }}"
    pull: yes
    restart_policy: unless-stopped
    networks_cli_compatible: yes
    networks:
      - name: "{{ traefik_docker_network }}"
    volumes:
      - "{{ pihole_config_dir }}:/etc/pihile/"
      - "{{ pihole_dnsmasq_dir }}:/etc/dnsmasq.d/"
    env:
      TZ: "{{ pihole_tz }}"
      WEBPASSWORD: ""
      DNS1: "{{ pihole_container_dns1 }}"
      DNS2: "{{ pihole_container_dns2 }}"
      REV_SERVER: "{{ pihole_server_rev }}"
      REV_SERVER_DOMAIN: "{{ pihole_server_domain }}"
      REV_SERVER_TARGET: "{{ pihole_server_gateway }}"
      REV_SERVER_CIDR: "{{ pihole_server_subnet }}"
    dns_servers:
      - 127.0.0.1
      - "{{ pihole_container_dns1 }}"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "853:853"
    labels:
      traefik.enable: "true"

      traefik.http.routers.pihole.entrypoints: "websecure"
      traefik.http.routers.pihole.rule: "Host(`{{ pihole_public_domain }}`)"
      traefik.http.routers.pihole.middlewares: "pihole-admin"
      traefik.http.routers.pihole.service: "pihole"
      traefik.http.routers.pihole.tls: "true"
      traefik.http.routers.pihole.tls.certresolver: "le"

      traefik.http.middlewares.pihole-admin.addprefix.prefix: "/admin"

      traefik.http.routers.pihole_http.entrypoints: "web"
      traefik.http.routers.pihole_http.rule: "Host(`{{ pihole_public_domain }}`)"
      traefik.http.routers.pihole_http.middlewares: "redirect-to-https"

      traefik.http.services.pihole.loadBalancer.server.port: "80"