Skip to main content

Using Husarnet Docker Image

An official Husarnet Docker Image allows you to provide a P2P VPN connectivity to your existing containers but also to your Host OS.

In this short guide we will show you how to do that.

Husarnet Container for VPN connectivity for other containers

Before showing you non-standard usage of Husarnet Image, let me recall the standard use case: we want to make our local containers over the internet available. As an example let's run a Wordpress container and make it over the internet available with Husarnet.

Start Husarnet Container

docker run -it \
--name husarnet-vpn \
--env HOSTNAME='my-husarnet-container' \
--env JOINCODE='fc94:b01d:1803:8dd8:b293:5c7d:7639:932a/XXXXXXXXXXXXXXXXXXXXXX' \
--volume husarnet-vol:/var/lib/husarnet \
--device /dev/net/tun \
--cap-add NET_ADMIN \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
husarnet/husarnet:latest
info

replace fc94:...:932a/XXX...XXXXX with your own Join Code from your account at https://app.husarnet.com

Start Wordpress with Husarnet connectivity

docker run -it \
--network container:husarnet-vpn \
--volume wordpress-vol:/var/www/html \
wordpress

Line --network container:husarnet-vpn makes hnet0 network interface and /etc/hosts file provided by husarnet container available also for a wordpress container. At this point other devices from the same Husarnet network, can access a boilerplate wordpress website over this URL:

http://my-husarnet-container:80

Husarnet Container for VPN connectivity for a host OS

If we want to use a Husarnet Container instead of a standard Husarnet Client Installation for our OS, we will run this as follows:

sudo docker run -it \
--name husarnet-vpn \
--restart always \
--env HOSTNAME='my-husarnet-container' \
--env JOINCODE='fc94:b01d:1803:8dd8:b293:5c7d:7639:932a/XXXXXXXXXXXXXXXXXXXXXX' \
--volume husarnet-vol:/var/lib/husarnet \
--volume /etc/hosts:/etc/hosts \
--network host \
--cap-add NET_ADMIN \
husarnet/husarnet:latest

How does it works?

Note that we have removed options:

--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--device /dev/net/tun \

... but have added the following lines:

--volume /etc/hosts:/etc/hosts \
--network host \

By making /etc/hosts (from host OS) available for Husarnet Container, we will be able to access other peers by using their hostnames, instead of long, and hard to remember IPv6 addresses:

user@my-host-os:~$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 my-host-os

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
fc94:ea2a:2f23:9cc0:a47a:b6b3:7fd6:75da master # managed by Husarnet
fc94:ea2a:2f23:9cc0:a47a:b6b3:7fd6:75da testing-container # managed by Husarnet

Line --network host adds a Husarnet network interface (hnet0) to a host OS:

user@my-host-os:~$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 08:00:27:5a:31:9f brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:75:64:5c:2a brd ff:ff:ff:ff:ff:ff
4: hnet0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1350 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
link/non

By adding also line --restart always \ Husarnet Container will start automatically after OS reboot.

Summary

Husarnet Container can be used not only together with other Docker Containers but also as a standalone VPN client for your host OS.

Read also ...