Docker Macvlan and Debian

I won’t go into the what of macvlans as there are already plenty of articles which cover the topic, including this one directly from Docker. However you may soon find yourself in a situation where your container needs to access a service on the host but it can’t access it. In order to make this work, you need to assign an ip address from the macvlan on the host. This can be easily accomplished in a few commands:

ip link add macvlan0 link eth0 type macvlan  mode bridge
ip addr add dev macvlan0
ip link set macvlan0 up
ip route add dev macvlan0

However after a reboot you might be disappointed to find that this no longer works. Creating an interface is distribution dependent so this only applies to Debian. Create a new file named /etc/network/interfaces.d/macvlan0.

sudo vi /etc/network/interfaces.d/macvlan0

Then add the following commands to the file:

auto macvlan0
iface macvlan0 inet manual
    pre-up ip link add macvlan0 link eth0 type macvlan mode bridge
    pre-up ip addr add dev macvlan0
    up ip link set macvlan0 up
    post-up ip route add dev macvlan0

Ubiquiti Edge Router Management Security

I have several of the Ubiquiti EdgeRouters and they have been absolutely fantastic. I’ve recently been on a kick to use certs for ssh auth as well as adding Let’s Encrypt SSL certificates to any web services I have, and the EdgeRouter is no exception.

SSH Certificate Authentication

Most of the EdgeRouter file system can be wiped during upgrades and other parts do not keep state even across power cycles. In order to use SSH certificate authentication you must use the supported command.

scp ~/.ssh/ admin@router:~/.

ssh admin@router
loadkey admin /home/admin/ 

Now when you SSH to the router you will use your key for authentication.

HTTPS SSL Certificate

As I mentioned I’ve been using Let’s Encrypt for all of my HTTPS services. However it is important to keep in mind that Let’s Encrypt certificates are only good for 90 days. I found a very helpful script to create and manage the certificate lifecycle. Check it out on GitHub.