The idea is to run a docker host on the router running openwrt. It should be possible to run certain containers on the router to be accessible 24/7 from the internet. Because docker and the images consuming a lot of disk memory, the internal flash of the Linksys router is not sufficient and a external USB memory drive needs to be attached to the router. The boot process is in two steps, the first step is starting from the internal flash and mounting the external root filesystem. The second step is booting further from external rootfs.

Installation of extroot

A new user docker needs to be created according guide. An external SSD or USB memory drive should replace root filesystem by overlayfs according this guide . Needed packages:

opkg install block-mount kmod-fs-ext4 e2fsprogs parted

(Re)Installation of docker after extroot mounted

root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg install luci-app-dockerman dockerd docker docker-compose

After a reboot, Luci should show the docker menu. It's better to define a docker-compose file for the first example container, here mosquitto, the MQTT-Broker. Mosquitto needs a mosquitto.conf file which should reside in the /etc/config folder and must be mount to the mosquitto.conf within the container. The /etc/docker/docker-compose.yml looks like this:

version: '3.3'
services:
    eclipse-mosquitto:
        restart: always
        ports:
            - '1883:1883'
            - '9001:9001'
        volumes:
            - '/etc/config/mosquitto.conf:/mosquitto/config/mosquitto.conf'
        image: eclipse-mosquitto

The container goes up with a docker-compose -f /etc/docker/docker-compose.yml up -d. Check Luci for container state:

Access from wan interface

Accessing the service mosquitto in the docker container from the internet needs a firewall rule change to accept traffic as input from the wan-zone. Edit the file /etc/config/firewall and change in the zone wan the option for input to accept. Restart firewall.

IPv6 on network bridge

Per default there is only a IPv4 subnet for the docker bridge network. To enable IPv6, for a common docker installation there is a /etc/docker/daemon.json which can be configured. In openwrt, the docker daemon is started with a /tmp/dockerd/daemon.json, which is generated by the Docker Luci GUI and an intermediate config file /etc/config/dockerd. Unfortunately, ipv6 could not be set by Luci, so the intermediate config file in section globals must be modified by adding two options:

option ipv6 'true'
option fixed_cidr_v6 'fd00:0:0:0:1::/80'

Maintenance of docker instance

To maintain the docker instance on the openwrt router via an external client like portainer, the docker daemon connection must be exposed in the menu Docker → Configuration → Client connection. After inserting tcp://0.0.0.0:2375 and the default socket connection unix:///var/run/docker.sock, the firewall must be extended by two traffic rules for port 2375 between LAN ↔ this device. A reboot of the system is necessary. After that the Luci menu for docker is reduced to configuration only, even the default socket is assigned.