Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ms-jpq/docker-home-router
https://github.com/ms-jpq/docker-home-router
Last synced: 8 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/ms-jpq/docker-home-router
- Owner: ms-jpq
- Archived: true
- Created: 2021-04-18T10:43:57.000Z (over 3 years ago)
- Default Branch: whale
- Last Pushed: 2023-08-22T05:28:14.000Z (about 1 year ago)
- Last Synced: 2024-08-01T12:24:58.269Z (3 months ago)
- Language: Python
- Size: 1.08 MB
- Stars: 13
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Docker Home Router
Yes, its a router that runs off of a single Docker image & 3 lines of script.
Yes, its packed with tons of features.
Yes, you can run it along side with other Docker images.
Yes, you only need to adjust [2 environmental variables to run](https://github.com/ms-jpq/docker-home-router/blob/whale/install/docker-compose.yml)
---
## Features
### Cool & for everybody
Fairness & prioritization
Bandwidth is balanced on a (per-computer -> per-stream) basis.
Should help to alleviate any single computer from hogging the internet juice.
Better ping!
As traffic approach maximum bandwidth, latency shoots up.
Thats why we do traffic shaping. :)
One way guest network
You can talk to guests, guests can reply. Guest cannot initiate talks with you.
Pretty good to put all the untrusted stuff on the guest network.
VPN (1 step set-up)
Just go to
http://router-name.lan:8888/wg/
from (not your guest network) and BAM!There are the QR codes you can scan on your phone, to add VPN profiles. (Need the official wireguard app).
You can add as many VPN profiles as you want!
Port forwarding based on hostname
Yub, who cares about MAC addresses? Not us humans.
### Cool & for nerds
Run it along side other Docker images
You can run this along other Docker images!
Need I say more?
DNS sinkhole
All the outbound DNS traffic is redirected to a single server, your server.
Very cash money for running DNS based adblock, such as [pihole](https://pi-hole.net/), or [adguardhome](https://github.com/AdguardTeam/AdGuardHome).
DOT is also blocked.
Wildcard LAN domains (*.<hostname>.lan)
Suppose you have a computer called
name
. Most routers will let you usename.lan
to visitname
.I go one step further. Everything under
\*.name.lan
also goes toname
.Very useful for reverse proxies.
Simple split tunneling
All you need to do is write down the IP ranges on the other side of your tunnel, the image will automatically assign non-overlapping local networks.
Indepth Dashboard
Go to
http://router-name.lan:8888/
(from not guest network), and you will see information on DHCP leases, forwarded ports, subnet assignment, firewall rules, HTTP cache performance, and packet scheduler statistics.### Cool, but not that useful
Recursive DNS resolver (by default)
If you are worried about your ISP fiddling with your DNS or something.
Network wide HTTP cache
Not very useful these days, tbh, but kinda cool.
Visit TOR dark-web with regular browsers
Visit
.onion
websites without having to setup TOR.Disclaimer: This is purely for convenience / fun, not privacy.
Only works on non-🍎 devices because 🍎 [locked this feature behind a VPN profile](https://developer.apple.com/documentation/devicemanagement/vpn/dns).
NTP sinkhole
Force all your local devices to be in sync with your router's clock (and each other).
---
## INSTALL.md
See [INSTALL.md](https://github.com/ms-jpq/docker-home-router/tree/whale/install)
---
## FAQ
What is the easiest way to get extra ports for WAN/LAN/Guest?
USB 3 ethernet adapters are very cheap and are more than enough for sub gigabit speeds.
Gigabit PCIE adapters are also very cheap, but you need extra PCIE ports.
You can also get a VLAN capable switch, but those are slightly more $$$.
---
## Netplan
```yaml
---
version: 2
network:
ethernets:
"":
dhcp4: True
dhcp6: True
accept-ra: True
ipv6-privacy: True
# LAN ifs should be commented out
```---
## WTF, Why???
### Docker
Because foremost, it's an amazing _immutable_ distribution format.
Clean install, clean uninstall, well known sandbox & runtime, popular configuration format, the upsides far out weigh the downsides for me.
Also works well with other Docker images, so I can justify spending $$$ on beefier hardware.
### NAT66
Same reason as NAT44, because you only need 1
::/128
address.Even tho in theory we have almost unlimited IP6 addresses, there are many situations, such as shared living arrangements, bad ISPs, normie landlords, etc, where you do not get a nice stable block of prefixes.
Kinda sucks, but it be like that sometimes.