Firewalla runs on a full Linux distribution with full shell access, so ... there is virtually no limitation on what it can do. If you are good with technology, we want you to "hack" the system and make it better! And if you do have a good "hack" please let us know!
One of the major problems of having an open system is ... over time, the system will get polluted with stuff. With the Firewalla Gold, we are introducing Docker Containers.
What is a Docker Container?
- Docker is a tool that allows developers, sys-admins, etc. to easily deploy their applications in a sandbox (called containers) to run on the host operating system i.e. Linux. The key benefit of Docker is that it allows users to package an application with all of its dependencies into a standardized unit for software development. Unlike virtual machines, containers do not have high overhead and hence enable more efficient usage of the underlying system and resources. (https://docker-curriculum.com/)
What are the advantages?
- Isolation: you can fully contain one application inside a docker container without messing with the running operating system.
- Better Performance: containers can perform much better than virtual machines.
- Portable: many known services already have docker support, so you can easily deploy them on firewalla
A few reminders before you start:
Containers will help you to bring network-based functions... closer to the network.
- WARNING: the Gold is NOT a general computer. Please be careful with what you install on the Gold. Containers cost CPU and memory... and if not careful, may cause security problems.
- The Gold has a default ingress (outside to inside) Firewall, please do not turn it off.
- Watch out for ports being opened by services, make sure they are never mapped to the WAN interface (unless you know what you are doing).
- Watch out for disk space... Your Gold may not run correctly if you create too many docker images and not manage them correctly.
Docker container examples:
To help you get started, we have created a few examples based on the feedback from our current user base. Please note, these are examples only, we do not endorse or implies these brands endorse us in any way.
Homebridge via Docker
Homebridge adds HomeKit support to your non-HomeKit smart home devices.
https://help.firewalla.com/hc/en-us/articles/360053184374
Pi-hole via Docker
https://help.firewalla.com/hc/en-us/articles/360051625034
Unifi-Controller via Docker
https://help.firewalla.com/hc/en-us/articles/360053441074
Notes
Certain modules may require special access permissions from the docker network module, and this may require special processing in the Firewalla code to open the ingress or egress firewalls. This piece of code is coming to 1.971. This is the reason pi-hole instructions are a bit late.
All product names, logos, and brands are the property of their respective owners. All company, product, and service names used in this website are for identification purposes only. The use of these names, logos, and brands does not imply endorsement.
Comments
12 comments
Questions:
Alex, you should be able to keep docker running after reboot by running
sudo systemctl enable docker
This isn't working for me.
Homebridge is running just fine, but can't be added to my homekit. Anyone notice that the WAN address is shown in homebridge when it is running on Firewalla?
Alex, make sure you point at your firewalla. For me, initially the URL given was wrong. Instead of my gateway, which is Firewalla at 192.168.0.1 it gave me my WAN IP. Switch to your Firewalla IP and specify port "8080" and you should see homebridge on Firewalla. for me that is, "http://192.168.0.1:8080/login"
By the way, some great tutorials about homebridge/docker. It would be great to have a link to that in the tutorial.
O.K. here is how to get homebridge working on firewalla Gold. After completing the steps above, you must do this:
0. Confirm the homebridge container is running using the terminal as above or, open the UI
1.You need to add
"mdns": { "interface": "LAN-IP-of-Gold" }
to your homebridge config.json file. Check this for more details https://github.com/homebridge/homebridge/issues/1957 For example,Note, the username does not have to be the MAC address of your firewalla.
2. Change the user name, PIN, and hostname in the homebridge config.json.
3. Delete “persist” and “accessories“ dirs in homebridge directory.
4. Restart the docker container.
5. Open the homebridge UI in a browser,
5. Add the homebridge accessory to Home by scanning the QR Code.
Note firewalla will show an IPV6 address in the UI even if you have disabled ipv6. Also, it will report your WAN IP as the ipv4 address which isn’t standard for homebridge. Neither of these seems to impact things working though.
Added a tutorial on the homebridge github side.
Thanks much! Works great now.
thanks. wanted a place to run the Unifi controller since i got rid of the UDM
@Matt Chesler that command doesn't seem to have any effect. Tried it on my pi-hole docker setup on FWG. I still have to manually start up the pi-hole docker. Everything else inside the pi-hole configuration persists though, which is good.
@Hans, the persist code will be in 1.971 for the Gold; we will update the document once it is ready. (as the time of this message, should be very soon)
How a change my docker ip? I will configure pihole in there now to free my raspberry o/
Please sign in to leave a comment.