Configuring the network page

Procedure

To configure the "Network" page, proceed as follows:

1. To use a custom DNS server, enter the IP of the custom DNS Server in the input field "DNS" and click on the button.

2. To use a custom DNS search domain, enter the domain in the input field "DNS Search" and click on the button. A single value or a list is possible.

3. To expose a port only to linked services, enter the port in the input field "Expose" and click on the button.
   
   Exposed ports must be in range 1-65535.

4. Select a network mode from the "Network Mode" drop-down menu.

   NOTICE

   Privilege and network mode

   You have the possibility to choose the privilege or the network mode. The procedure is described in the "Privileged and network mode" subsection.

   Network mode "host"

   When you enable the network mode "host" for an app, the container of the app shares the hosts networking namespace and the container does not get its own IP address. For example, if you run a container which binds to port 80 and you use the host network mode, the containers app is available on port 80 on the hosts IP address.

   Apps will not start in case of port conflicts.

5. To use a reverse proxy, enter the following information.
   A reverse proxy is optional.

   • Container Port
     
     The container's port to forward traffic from the reverse proxy.

   • Select a communications protocol from the drop-down menu.
     
     HTTP or HTTPS protocol as used by the container (as opposed to a web client communicating to the reverse proxy).
     Select HTTPS only, if your container/service does support it including TLS certificate management.

   • Service Name

   • Sub Path
     
     Additional path that will be added to to the service name

   • Custom Configuration
     
     Additional proxy headers to be associated with the reverse proxy
     To add multiple proxy_set_headers, add "proxy_set_header Host" into the "Proxy Directives and Field" drop-down list and "$proxy_host" into the "Value" input field.

   • Rewrite Target
     
     The (modified) URL path sent to the container/service. For example, "/" means to rewrite the externally visible URL [http://myedge]/myapp/somepath to [http://]somepath.

   • Secure Redirection
     
     Allow authenticated access to your application

   • Bypass URL Decoding
     
     All requests will be forwarded to the container port without any rewrites and the container will get the request as is with service name (path) and subpath included.

   NOTICE

   Additional infos and best practices about the reverse proxy options can be found in the iectl HowTos under Create App Version with Reverse Proxy.

6. To expose a port, enter the port in the "Ports" input field and click the
   button.

   • Container internal ports must be in range 1-65535, container external ports must not include any of the reserved ports 22, 80, 443, 4443, 9443, 8081 and 50051.
   • A warning will be shown in case external ports are not in the range of 32768-60999, as other ports could conflict with the internal components on host side. You can still use the ports outside this range by ignoring the warning.
   • If you provide only a single port in your configuration, Docker will automatically assign an ephemeral port. This port is selected randomly and may change with each reboot. It is recommended to use this option only when the port is intended for use within a local network and does not extend beyond the secure boundaries of the edge device.

7. Click on the "Next" button.