Im trying to setup a stand-alone server, running selenoid with traefik in front, to get both https and basic-auth capabilities.
I'm able to get everything running, but I get this error every time I try to use the browser:
[SERVICE_STARTUP_FAILED] [wait: http://172.17.0.2:4444 does not respond in 30s]
Here is my docker-compose.yml:
version: '3'
volumes:
production_traefik: {}
networks:
default:
driver: bridge
services:
selenoid:
build:
context: .
dockerfile: ./compose/selenoid/Dockerfile
image: production_selenoid
container_name: selenoid
networks:
- default
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
command: ["-conf", "/etc/selenoid/browsers.json", "-video-output-dir", "/opt/selenoid/video", "-log-output-dir", "/opt/selenoid/logs"]
selenoid-ui:
image: "aerokube/selenoid-ui"
depends_on:
- selenoid
links:
- selenoid
networks:
- default
restart: unless-stopped
container_name: selenoid-ui
command: ["--selenoid-uri", "http://selenoid:4444"]
selenoid-chrome:
image: "selenoid/chrome:latest"
restart: unless-stopped
container_name: selenoid-chrome
networks:
- default
traefik:
build:
context: .
dockerfile: ./compose/traefik/Dockerfile
image: production_traefik
container_name: traefik
networks:
- default
depends_on:
- selenoid-ui
- selenoid
volumes:
- production_traefik:/etc/traefik/acme:z
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
- "0.0.0.0:4444:4444"
My traefik.yml:
log:
level: INFO
entryPoints:
web:
# http
address: ":80"
http:
redirections:
entryPoint:
to: web-secure
web-secure:
# https
address: ":443"
hub:
address: ":4444"
certificatesResolvers:
letsencrypt:
acme:
email: "my#email.com"
storage: /etc/traefik/acme/acme.json
httpChallenge:
entryPoint: web
http:
routers:
web-secure-router:
rule: "Host(`selenoid.mydomain.com`)"
entryPoints:
- web-secure
service: ui
middlewares:
- basic-test-auth
tls:
certResolver: letsencrypt
hub-secure-router:
rule: "Host(`selenoid.mydomain.com`)"
entryPoints:
- hub
service: hub
middlewares:
- basic-test-auth
tls:
certResolver: letsencrypt
middlewares:
basic-test-auth:
basicAuth:
users:
- "test-user:$apr1$n1gqpoi0$nspcnDDaBpJiTCoT2WaSw1"
services:
ui:
loadBalancer:
servers:
- url: http://selenoid-ui:8080
hub:
loadBalancer:
servers:
- url: http://selenoid:4444
providers:
file:
filename: /etc/traefik/traefik.yml
watch: true
Traefik Dockerfile:
FROM traefik:v2.2.11
RUN mkdir -p /etc/traefik/acme \
&& touch /etc/traefik/acme/acme.json \
&& chmod 600 /etc/traefik/acme/acme.json
COPY ./compose/traefik/traefik.yml /etc/traefik
selenoid Dockerfile:
FROM aerokube/selenoid:latest-release
RUN mkdir -p /etc/selenoid
COPY ./compose/selenoid/browsers.json /etc/selenoid
browser.json:
{
"chrome": {
"default": "latest",
"versions": {
"latest": {
"image": "selenoid/chrome",
"port": "4444",
"tmpfs": {"/tmp":"size=512m"}
}
}
}
}
Here is the log:
[INIT] [Loading configuration files...]
[INIT] [Loaded configuration from /etc/selenoid/browsers.json]
[INIT] [Video Dir: /opt/selenoid/video]
[INIT] [Logs Dir: /opt/selenoid/logs]
[INIT] [Your Docker API version is 1.41]
[INIT] [Listening on :4444]
[NEW_REQUEST] [test-user] [*.*.*.*, 172.19.0.5]
[NEW_REQUEST_ACCEPTED] [test-user] [*.*.*.*, 172.19.0.5]
[LOCATING_SERVICE] [chrome] [latest]
[USING_DOCKER] [chrome] [latest]
[CREATING_CONTAINER] [selenoid/chrome]
[STARTING_CONTAINER] [selenoid/chrome] [f5331d61628342d5900b7929f350af67a2457f8ba6e2f7c9c209227cc6e30a9c]
[CONTAINER_STARTED] [selenoid/chrome] [f5331d61628342d5900b7929f350af67a2457f8ba6e2f7c9c209227cc6e30a9c] [0.35s]
[REMOVING_CONTAINER] [f5331d61628342d5900b7929f350af67a2457f8ba6e2f7c9c209227cc6e30a9c]
[CONTAINER_REMOVED] [f5331d61628342d5900b7929f350af67a2457f8ba6e2f7c9c209227cc6e30a9c]
[SERVICE_STARTUP_FAILED] [wait: http://172.17.0.2:4444 does not respond in 30s]
Anyone know what I'm doing wrong?
If anyone stumbles upon the same problem:
networks:
selenoidweb:
name: selenoidweb
driver: bridge
And use this command for your selenoid service:
command: ["-container-network", "selenoidweb", "-conf", "/etc/selenoid/browsers.json", "-video-output-dir", "/opt/selenoid/video", "-log-output-dir", "/opt/selenoid/logs"]
Related
I have found many similar questions online, but I am certainly lost in this topic which is new for me and I hope somebody can guide me through my problem. In my setup, I have a docker container which runs a secure version on port 8443 and a "read-only" version on port 8080. Now I want to use Traefik as a proxy to then reroute all requests to the secure version, ignoring the read-only. While the dashboard indicates routing to the service, I am just receiving an "Unable to connect" when trying to access the webpage.
As a compose file:
version: "3.7"
services:
traefik:
image: traefik:2.5
container_name: traefik
restart: always
ports:
- "80:80"
- "433:433"
command: --api.insecure=false --providers.docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/cloud/traefik.yml:/etc/traefik/traefik.yml
networks:
- traefik-network
my-service:
image: my-image
env_file: variables.env
container_name: my-image
restart: always
ports:
- "8080:8080"
- "8443:8443"
networks:
- traefik-network
labels:
- "traefik.enable=true"
- "traefik.http.routers.my-service.entryPoints=websecure"
- "traefik.http.routers.my-service.rule=Host(`domain.com`)"
- "traefik.http.services.my-service.loadbalancer.server.port=8443"
networks:
traefik-network:
name: traefik-network
And the traefik.yml:
################################################################
# Provider configuration
################################################################
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # default
exposedByDefault: true # default
network: traefik-network
################################################################
# Entrypoint
################################################################
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
Maybe somebody has an idea where I went in the wrong direction.
Best
I have a microservices structure with a few services based on python/Django
The structure is as below:
user <===> kong <===> alpha <===> kong <===> beta <===> kong <===> gamma
this is my kong.yml declarative configuration:
_format_version: "2.1"
_transform: true
services:
- name: alpha-beta-gamma-live
host: alpha
port: 8000
protocol: http
path: /beta/gamma/live
routes:
- name: alpha-beta-gamma-live
methods:
- GET
paths:
- /alpha/beta/gamma/live
strip_path: true
- name: beta-gamma-live
host: beta
port: 8000
protocol: http
path: /gamma/live
routes:
- name: beta-gamma-live
methods:
- GET
paths:
- /beta/gamma/live
strip_path: true
- name: gamma-live
host: gamma
port: 8000
protocol: http
path: /live
routes:
- name: gamma-live
methods:
- GET
paths:
- /gamma/live
strip_path: true
plugins:
- name: correlation-id
config:
header_name: X-Kong-Correlation-ID
generator: uuid
echo_downstream: true
- name: zipkin
config:
local_service_name: kong
http_endpoint: http://zipkin:9411/api/v2/spans
sample_ratio: 1
include_credential: true
traceid_byte_count: 16
header_type: preserve
default_header_type: b3
tags_header: Zipkin-Tags
and this is the docker-compose file to run kong
version: "3.8"
networks:
kong-net:
name: kong-net
driver: bridge
ipam:
config:
- subnet: 172.1.1.0/24
services:
kong:
container_name: kong
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
networks:
kong-net:
ipv4_address: 172.1.1.40
healthcheck:
test: [ “CMD”, “curl”, “-f”, “http://kong:8000” ]
interval: 5s
timeout: 2s
retries: 15
environment:
- KONG_DATABASE=off
- KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl
- KONG_PROXY_ACCESS_LOG=/dev/stdout
- KONG_ADMIN_ACCESS_LOG=/dev/stdout
- KONG_PROXY_ERROR_LOG=/dev/stderr
- KONG_ADMIN_ERROR_LOG=/dev/stderr
- KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml
ports:
- "8444:8444"
- "80:8000"
- "443:8443"
from within alpha service I use python's requests library to call an endpoint of beta that use python's requests library to call /live endpoint of gamma as below
alpha
version: '3'
networks:
kong-net:
name: kong-net
driver: bridge
ipam:
config:
- subnet: 172.1.1.0/24
services:
alpha:
container_name: alpha
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
networks:
kong-net:
ipv4_address: 172.1.1.11
ports:
- "8011:8000"
environment:
SECRET_KEY: secret-key
DEBUG: 'true'
command: python manage.py runserver 0.0.0.0:8000
#api_view(["GET"])
def beta_gamma_live(request):
res_kong = requests.get("http://kong:8000/beta/gamma/live")
return Response({
"chained-alpha-beta-gamma-status-check-through-kong": res_kong.status_code,
}, status.HTTP_200_OK)
beta
version: '3'
networks:
kong-net:
name: kong-net
driver: bridge
ipam:
config:
- subnet: 172.1.1.0/24
services:
beta:
container_name: beta
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
networks:
kong-net:
ipv4_address: 172.1.1.12
ports:
- "8012:8000"
environment:
SECRET_KEY: secret-key
DEBUG: 'true'
command: python manage.py runserver 0.0.0.0:8000
#api_view(["GET"])
def gamma_live(request):
res_kong = requests.get("http://kong:8000/gamma/live")
return Response({
"chained-beta-gamma-status-check-through-kong": res_kong.status_code,
}, status.HTTP_200_OK)
gamma
version: '3'
networks:
kong-net:
name: kong-net
driver: bridge
ipam:
config:
- subnet: 172.1.1.0/24
services:
gamma:
container_name: gamma
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
networks:
kong-net:
ipv4_address: 172.1.1.13
ports:
- "8013:8000"
environment:
SECRET_KEY: secret-key
DEBUG: 'true'
command: python manage.py runserver 0.0.0.0:8000
#api_view(["GET"])
def live(request):
return Response({"status": "Success"}, status.HTTP_200_OK)
The First Question
When I send a request http://127.0.0.1/gamma/live it takes 20 seconds to return the response.
But from the second time, it takes milliseconds
all requests sent to http://127.0.0.1/alpha/beta/gamma/live take 40 seconds
I have found this issue about it
https://github.com/Kong/kong/issues/3058
Is there a way to fix/address this problem?
Second question
I run Zipkin UI using a docker container as below
version: '3'
networks:
kong-net:
name: kong-net
driver: bridge
ipam:
config:
- subnet: 172.1.1.0/24
services:
zipkin:
container_name: zipkin
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
networks:
kong-net:
ipv4_address: 172.1.1.41
ports:
- "9411:9411"
When I open Zipkin UI on http://127.0.0.1:9411, The trace shows me three requests as below:
########################## ~ 60 s
################ ~ 40 s
####### ~ 20 s
While it should be like this
######### ~ 20 s
-.-.-.-.-.-.- ######### ~ 20 s
-.-.-.-.--.-.-.-.-.-.-.- ######### ~ 20 s
In order to achieve this, I need to instrument each of the services using a library in the list below:
https://zipkin.io/pages/tracers_instrumentation
Question 2 part 1: What Should I do for python that is clean and easy to use?
Question 2 part 2: is there a way not to have to do it? I am looking for latency tracing that is language-agnostic and can be done through kong so that I don't have to add anything to the services alpha, beta, gamma
In my spring boot app with ELK, I've implemented CRUD operations with mysql.
I can add logs in the file when I work with localhost.
My issue is that I cannot add logs in that file when I work with Docker.
I think there is a configuration issue in logstash, filebeat but I couldn't find where is the issue.
How can I add logs in the logs file and show them in Kibana?
Here is my docker-compose.yml
version: '3.8'
services:
logstash:
image: docker.elastic.co/logstash/logstash:7.15.2
user: root
command: -f /etc/logstash/conf.d/
volumes:
- ./elk/logstash/:/etc/logstash/conf.d/
- ./Springboot-Elk.log:/tmp/logs/Springboot-Elk.log
ports:
- "5044:5044"
environment:
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
depends_on:
- elasticsearch
networks:
- elk
filebeat:
build:
context: ./filebeat
dockerfile: Dockerfile
links:
- "logstash:logstash"
volumes:
- /var/run/docker.sock:/host_docker/docker.sock
- /var/lib/docker:/host_docker/var/lib/docker
depends_on:
- logstash
kibana:
image: docker.elastic.co/kibana/kibana:7.15.2
user: root
volumes:
- ./elk/kibana/:/usr/share/kibana/config/
ports:
- "5601:5601"
depends_on:
- elasticsearch
entrypoint: ["./bin/kibana", "--allow-root"]
networks:
- elk
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.15.2
user: root
volumes:
- ./elk/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- "9200:9200"
- "9300:9300"
environment:
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
networks:
- elk
app:
image: 'springbootelk:latest'
build:
context: .
dockerfile: Dockerfile
container_name: SpringBootElk
depends_on:
- db
- logstash
- kibana
- elasticsearch
ports:
- '8077:8077'
environment:
- SPRING_DATASOURCE_URL=jdbc:mysql://db:3306/springbootexample?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Turkey
- SPRING_DATASOURCE_USERNAME=springexample
- SPRING_DATASOURCE_PASSWORD=111111
- SPRING_JPA_HIBERNATE_DDL_AUTO=update
db:
container_name: db
image: 'mysql:latest'
ports:
- "3366:3306"
restart: always
environment:
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
volumes:
- db-data:/var/lib/mysql
# Volumes
volumes:
db-data:
networks:
elk:
filebeat.yml
filebeat.inputs:
- type: docker
enabled: true
containers:
ids:
- "*"
processors:
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.logstash:
hosts: ["logstash:5044"]
log files:
logging.level: info
logging.to_files: false
logging.to_syslog: false
loggins.metrice.enabled: false
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
ssl.verification_mode: none
Dockerfile in filebeat
FROM docker.elastic.co/beats/filebeat:7.15.2
COPY filebeat.yml /usr/share/filebeat/filebeat.yml
USER root
RUN mkdir /usr/share/filebeat/dockerlogs
RUN chown -R root /usr/share/filebeat/
RUN chmod -R go-w /usr/share/filebeat/
logstash.conf
input {
beats {
port => 5044
}
file {
path => "/tmp/logs/Springboot-Elk.log"
sincedb_path => "/dev/null"
start_position => "beginning"
}
}
output {
stdout{
codec => rubydebug
}
elasticsearch {
hosts => "elasticsearch:9200"
index => "dockerlogs"
}
}
Project Link : Link
I did follow this tutorial : https://rafrasenberg.com/posts/docker-container-management-with-traefik-v2-and-portainer/ to build a treafik reverse proxy on my server
And I tested it with a very simple application that render a "hello world" in a index.html:
version: "3"
services:
app:
image: nginx
environment:
PORT: ${PORT}
volumes:
- .:/usr/share/nginx/html/
networks:
- proxy
- default
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.app-secure.entrypoints=websecure"
- "traefik.http.routers.app-secure.rule=Host(`my-test.localhost`)"
networks:
proxy:
external: true
it works!
Now I want to go on the next step and use it to build a MERN stack project and I'm a bit lost.
usually I dockerize a mern stack by:
create a dockerfile in /server
create a dockerfile in /client
create a docker-compose on the root directory
version: "3.7"
services:
server:
build:
context: ./server
dockerfile: Dockerfile
image: myapp-server
container_name: myapp-node-server
command: /usr/src/app/node_modules/.bin/nodemon server.js
volumes:
- ./server/:/usr/src/app
- /usr/src/app/node_modules
ports:
- 5000
depends_on:
- mongo
env_file: ./server/.env
environment:
- NODE_ENV=development
networks:
- app-network
- proxy
mongo:
image: mongo
volumes:
- data-volume:/data/db
ports:
- 27017
networks:
- app-network
- proxy
client:
build:
context: ./client
dockerfile: Dockerfile
image: myapp-client
container_name: myapp-react-client
command: npm start
volumes:
- ./client/:/usr/app
- /usr/app/node_modules
depends_on:
- server
ports:
- 3001
networks:
- app-network
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.app2-secure.entrypoints=websecure"
- "traefik.http.routers.app2-secure.rule=Host(`test.localhost`)"
networks:
app-network:
driver: bridge
proxy:
external: true
volumes:
data-volume:
node_modules:
web-root:
driver: local
But seems that my proxy not working because the console doesn't return any error and it works on localhost:3000 but on test.localhost I have a "Gateway Timeout" error
I have traefik "traefik:v2.4.8" as a reverse proxy to docker container.
Everything works fine except the HTTPS request from server or Postman (request from frontend browser is fine)
The error is Unable to verify the first certificate
My workaround is to disable SSL verification on Postman and set NODE_TLS_REJECT_UNAUTHORIZED=0 in other Nodejs app that request to this app
I don't know where the issue is but my company wildcard certs works fine in other project using Nginx as reverse proxy, I think I might misconfigured something in Traefik
I have little knowledge about TLS, HTTPS so I not sure how to troubleshoot this problem
Here is my config
traefik.yml
log:
level: DEBUG
entryPoints:
web-secure:
address: ":443"
web:
address: ":80"
providers:
docker:
exposedByDefault: false
network: docker_network
endpoint: "unix:///var/run/docker.sock"
file:
filename: "dyn.yaml"
watch: true
api:
dashboard: false
accessLog: {}
dyn.yml
tls:
certificates:
- certFile: /etc/certs/certs.crt
keyFile: /etc/certs/certs.key
stores:
default:
defaultCertificate:
certFile: /etc/certs/certs.crt
keyFile: /etc/certs/certs.key
options:
myTLSOptions:
minVersion: VersionTLS12
docker-compose.yml
version: "3.0"
services:
traefik:
image: "traefik:v2.4.8"
container_name: "traefik"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- $PWD/traefik.yaml:/traefik.yaml
- $PWD/dyn.yaml:/dyn.yaml
- $PWD/certs/:/etc/certs/
networks:
default:
external:
name: docker_network
api docker-compose.yml
version: "3"
services:
backend:
build: .
user: "node"
working_dir: /usr/src/app
command: "npm start"
expose:
- 8080
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=docker_network"
- "traefik.http.routers.backend-https.entrypoints=web-secure"
- "traefik.http.routers.backend-https.priority=2"
- "traefik.http.routers.backend-https.middlewares=backend-stripprefix"
- "traefik.http.services.backend.loadbalancer.server.port=8080"
- "traefik.http.routers.backend-https.tls=true"
- "traefik.http.routers.backend-https.tls.domains[0].main=myapp.com"
- "traefik.http.routers.backend-https.tls.domains[0].sans=*.myapp.com"
- "traefik.http.routers.backend-https.tls.options=myTLSOptions#file"
- "traefik.http.routers.backend-https.rule=Host(`myapp.com`) && PathPrefix(`/api`)"
- "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/api"
- "traefik.http.middlewares.backend-http-secured.chain.middlewares=backend-http-redirect-to-https, backend-stripprefix"
- "traefik.http.middlewares.backend-http-redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.backend-http.entrypoints=web"
- "traefik.http.routers.backend-http.rule=Host(`myapp.com`) && PathPrefix(`/api`)"
- "traefik.http.routers.backend-http.priority=2"
- "traefik.http.routers.backend-http.middlewares=backend-http-secured"
networks:
default:
external:
name: docker_network