Wrong ip assignment docker-compose - docker

I am building a website and trying to deploy the whole stack using docker compose.
The website needs a database, an api, a middleware translation layer and a frontend that are all able to communicate with eachother.
I have understood that I might need a network. So I made one.
Problem is that all containers get random ip adresses within the ip range.
it seems aux_adresses does not do the thing I thought it did...
services:
db:
image: neo4j:community
restart: unless-stopped
volumes:
- ./conf:/conf
- ./data:/data
- ./import:/import
- ./logs:/logs
- ./plugins:/plugins
environment:
# Raise memory limits
- NEO4J_AUTH=neo4j/password
- NEO4J_dbms_memory_pagecache_size=1G
- NEO4J_dbms.memory.heap.initial_size=1G
- NEO4J_dbms_memory_heap_max__size=1G
ports:
- 7474:7474
- 7687:7687
networks:
- matrix-network
api:
build: ./api/.
restart: unless-stopped
ports:
- 8000:8000
networks:
- matrix-network
middleware:
build:
./database-middleware/.
restart: unless-stopped
ports:
- 4000:4000
networks:
- matrix-network
web:
build:
./.
restart: unless-stopped
ports:
- "80:80"
networks:
- matrix-network
networks:
matrix-network:
ipam:
driver: default
config:
- subnet: 172.28.0.0/16
ip_range: 172.28.5.0/24
gateway: 172.28.5.254
aux_addresses:
api: 172.28.1.5
db: 172.28.1.6
middleware: 172.28.1.7
web: 172.28.1.8

just use the service name instead of an ip.
so for example: http://middleware:4000 instead of the ip.
thx #tkausl

Related

How to assign static ip for docker containers (docker compose) in windows WSL2?

I use docker compose to build up the services, i want to set the mysql to be static, i tried to use networks directive but it didn't work and the errors say the ip already occupied, every this i restart the windows, the mysql ip was changed, sometimes 172.18.0.3,or 172.18.0.4, anyone know how to assign a static ip to the container? here is the yml
version: '3.7'
services:
nginx:
container_name: hki_nginx
image: nginx:latest
ports:
- 80:80
- 4433:443
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/conf:/etc/nginx/conf.d
- ./src:/var/www
links:
- php
- php72
php:
container_name: hki_php
image: php:5.6-fpm-ext1
volumes:
- ./src:/var/www
- ./php/php.ini:/usr/local/etc/php/php.ini
- ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/www.conf
#- ./php/phpfpm/:/usr/local/etc/php-fpm.d/
php72:
container_name: web_php
image: php:7.2-fpm-ext2
volumes:
- ./src:/var/www
- ./php72/php.ini:/usr/local/etc/php/php.ini
- ./php72/php-fpm.conf:/usr/local/etc/php-fpm.d/www.conf
#- ./php/phpfpm/:/usr/local/etc/php-fpm.d/
mysql:
container_name: hki_mysql
image: mysql:5.7
volumes:
- ./mysql/data:/var/lib/mysql
- ./mysql/my.cnf:/etc/mysql/conf.d/my.cnf
- ./mysql/init:/docker-entrypoint-initdb.d/
ports:
- 3306:3306
environment:
- MYSQL_ROOT_PASSWORD=*Abcd1234
- MYSQL_USER=abc
- MYSQL_PASS=*Abcd1234
#networks:
#default:
#ipv4_address: 172.18.0.3
This is because you commented the part that assigns a static IP to your mysql container
mysql:
...
#networks:
#default:
#ipv4_address: 172.18.0.3
If you take away the #, it will have a static IP.
And you might have forgotten the top-level network section in your docker-compose.yml as the official doc setting static IP states
networks:
app_net:
ipam:
driver: default
config:
- subnet: 172.18.0.0/24

Service "nginx-proxy" uses an undefined network "nginx-proxy"

I am trying to run a WordPress site inside of a docker container on Ubuntu VPS using Nginx-Proxy.
I created the following docker-compose.yml file
version: '3.4'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- 80:80
- 443:443
restart: always
networks:
- nginx-proxy
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/nginx/vhost.d:/etc/nginx/vhost.d:ro
- /etc/certificates:/etc/nginx/certs
wordpress:
image: wordpress
container_name: wordpress
restart: always
ports:
- 8080:80
environment:
- VIRTUAL_HOST=wordpress.domain.com
- VIRTUAL_PORT=5500
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_USER=db_username
- WORDPRESS_DB_PASSWORD=db_password
- WORDPRESS_DB_NAME=db_name
depends_on:
- nginx-proxy
- db
networks:
- nginx-proxy
volumes:
- wordpress:/var/www/html
ports:
- 5500:5500
expose:
- 5500
db:
image: mysql:latest
container_name: db
restart: always
environment:
MYSQL_DATABASE: db_name
MYSQL_USER: db_username
MYSQL_PASSWORD: db_password
MySQL_RANDOM_ROOT_PASSWORD: '1'
depends_on:
- nginx-proxy
networks:
- nginx-proxy
volumes:
- db:/var/lib/mysql
ports:
- 5600:5600
expose:
- 5600
volumes:
wordpress:
db:
Every time I run docker-compose up I get the following error
Service "nginx-proxy" uses an undefined network "nginx-proxy"
I created a network using the following command
docker network create nginx-proxy
Here is the output of docker network ls
Why do I get that error? How can I fix it?
Anything you name in a per-service networks: block needs to be declared in a top-level networks: block.
version: '3.4'
services:
nginx-proxy:
networks:
- nginx-proxy # <-- matches below
volumes: { ... }
networks:
nginx-proxy: # <-- matches above
# may be empty, but this block is required
If you don't declare any networks: at all, Compose creates a network named default and attaches containers to it. For almost all uses this is what you need. So it may be simpler to just delete the networks: blocks entirely.
version: '3.4'
services:
nginx-proxy:
image: jwilder/nginx-proxy
# No networks:; just use automatic [default]
(You similarly do not need to manually provide a container_name:, or to expose: ports at the Compose level.)

Share Docker container through local network and access to it from an another host

I try to share a container through my local network, to access this container from an another machine on the same network. I have follow tihs tutorial (section "With macvlan devices") and I succeeded to share a simple web container and access from an another host.
But the container that I want to share is a little more sophisticated, because he comminicate with other containers on the host through an internal network on the host.
I try to bind my existing container created in my docker-compose but I can't access to it. Can you help me, or tell me where I'm wrong if so please ?
This is my docker-compose :
version: "2"
services:
baseimage:
container_name: baseimage
image: base
build:
context: ./
dockerfile: Dockerfile.base
web:
container_name: web
image: web
env_file:
- .env
context: ./
dockerfile: Dockerfile.web
extra_hosts:
- dev.api.exemple.com:127.0.0.1
- dev.admin.exemple.com:127.0.0.1
- dev.www.exemple.com:127.0.0.1
ports:
- 80:80
- 443:443
volumes:
- ./code:/ass
- /var/run/docker.sock:/var/run/docker.sock
tty: true
dns:
- 8.8.8.8
- 8.8.4.4
links:
- mysql
- redis
- elasticsearch
- baseimage
networks:
devbox:
ipv4_address: 172.20.0.2
cron:
container_name: cron
image: cron
build:
context: ./
dockerfile: Dockerfile.cron
volumes:
- ./code:/ass
tty: true
dns:
- 8.8.8.8
- 8.8.4.4
links:
- web:dev.api.exemple.com
- mysql
- redis
- elasticsearch
- baseimage
networks:
devbox:
ipv4_address: 172.20.0.3
mysql:
container_name: mysql
image: mysql:5.6
ports:
- 3306:3306
networks:
devbox:
ipv4_address: 172.20.0.4
redis:
container_name: redis
image: redis:3.2.4
ports:
- 6379:6379
networks:
devbox:
ipv4_address: 172.20.0.5
elasticsearch:
container_name: elastic
image: elasticsearch:2.3.4
environment:
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
volumes:
- ./es_data:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
devbox:
ipv4_address: 172.20.0.6
chromedriver:
container_name: chromedriver
image: robcherry/docker-chromedriver:latest
privileged: true
ports:
- 4444:4444
environment:
- CHROMEDRIVER_WHITELISTED_IPS='172.20.0.2'
- CHROMEDRIVER_URL_BASE='wd/hub'
- CHROMEDRIVER_EXTRA_ARGS='--ignore-certificate-errors'
networks:
devbox:
ipv4_address: 172.20.0.7
links:
- web:dev.www.exemple.com
networks:
devbox:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 172.20.0.0/16
gateway: 172.20.0.1
Create an external network assign the external network and devbox network to web. Web would then be publicly accessible via the external network public ip address and communicate with the internal services using the devbox network.
Will post working example asap

docker container network access when using vpn

Expected Result:
Container can access each other thru hostname or hostcomputer ip.
Actual Result:
When using network_mode I can't make any changes as static ip or links to other containers.
Description:
I've a couple of containers all using --net (network_mode) to a openvpn. As single instances they work and with nginx proxy I can access each from any computer.
However the containers can't find each other except with local ip (172.19.0.x). I could use that but what happens on host reboot. Will the ip addresses change?
docker-compose.yml
version: '3.4'
services:
vpn:
image: dperson/openvpn-client
container_name: vpn
cap_add:
- net_admin
networks:
- default
tmpfs:
- /tmp
restart: unless-stopped
security_opt:
- label:disable
stdin_open: true
tty: true
volumes:
- ../openvpn:/vpn
- /dev/net:/dev/net:z
environment:
- DNS='8.8.4.4 8.8.8.8'
- FIREWALL="1"
- TZ='Europe/Stockholm'
command: -f ""
networks:
- default
proxy:
image: nginx
container_name: proxy
environment:
TZ: 'Europe/Stockholm'
ports:
- "6003:8989" # sonarr
- "6004:7878" # radarr
- "6001:8112" # deluge
- "6002:9117" # jackett
depends_on:
- sonarr
- radarr
- deluge
- jackett
links:
- vpn:sonarr
- vpn:radarr
- vpn:deluge
- vpn:jackett
networks:
- default
volumes:
- ../nginx/default.conf:/etc/nginx/conf.d/default.conf
restart: always
command: "nginx -g 'daemon off;'"
sonarr:
image: linuxserver/sonarr
container_name: sonarr
volumes:
- ../sonarr:/config
- /etc/localtime:/etc/localtime:ro
- /media/megadrive/Media/Series:/tv
- /media/megadrive/Media/tmp/completed:/downloads
env_file: ../uidgid.env
network_mode: "service:vpn"
environment:
- TZ='Europe/Stockholm'
cap_add:
- net_admin
depends_on:
- vpn
restart: always
radarr:
image: linuxserver/radarr
container_name: radarr
volumes:
- ../radarr:/config
- /media/megadrive/Media/Movies:/movies
- /media/megadrive/Media/tmp/completed:/downloads
- /etc/localtime:/etc/localtime:ro
env_file: ../uidgid.env
network_mode: "service:vpn"
environment:
- TZ='Europe/Stockholm'
cap_add:
- net_admin
depends_on:
- vpn
restart: always
deluge:
image: linuxserver/deluge
container_name: deluge
depends_on:
- vpn
network_mode: "service:vpn"
volumes:
- ../deluge:/config
- /media/megadrive/Media/tmp/:/downloads
- /etc/localtime:/etc/localtime:ro
restart: always
env_file: ../uidgid.env
environment:
- TZ='Europe/Stockholm'
jackett:
container_name: jackett
image: linuxserver/jackett
restart: unless-stopped
network_mode: "service:vpn"
env_file: ../uidgid.env
environment:
- TZ='Europe/Stockholm'
volumes:
- ../jackett:/config
- /media/megadrive/Media/tmp/blackhole:/downloads
networks:
default:
It seems that letting vpn service use host instead of bridge (default). Will solve a couple of things.
Allow everything to work on host computer ip. As long as every service is on its own port this is okay.
Services still seems to be following openvpn rules
no more need for nginx for proxy to the webgui
vpn:
image: dperson/openvpn-client
container_name: vpn
cap_add:
- net_admin
tmpfs:
- /tmp
restart: unless-stopped
security_opt:
- label:disable
stdin_open: true
tty: true
volumes:
- ../openvpn:/vpn
- /dev/net:/dev/net:z
environment:
- DNS='8.8.4.4 8.8.8.8'
- FIREWALL="1"
- TZ='Europe/Stockholm'
command: -f ""
network_mode: "host"
The other option is that the services in the vpn use localhost to access each other. Since they share the network stack of the vpn container they are accessed as if they were the same host. This one had me stumped for a while this week.
One comment, you've got net_admin on all your containers, you only need it on the vpn

Provide static IP to docker containers via docker-compose

I'm trying to provide static IP address to containers. I understand that I have to create a custom network. I create it and the bridge interface is up on the host machine (Ubuntu 16.x). The containers get IP from this subnet but not the static I provided.
Here is my docker-compose.yml:
version: '2'
services:
mysql:
container_name: mysql
image: mysql:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=root
ports:
- "3306:3306"
networks:
- vpcbr
apigw-tomcat:
container_name: apigw-tomcat
build: tomcat/.
ports:
- "8080:8080"
- "8009:8009"
networks:
- vpcbr
depends_on:
- mysql
networks:
vpcbr:
driver: bridge
ipam:
config:
- subnet: 10.5.0.0/16
gateway: 10.5.0.1
aux_addresses:
mysql: 10.5.0.5
apigw-tomcat: 10.5.0.6
The containers get 10.5.0.2 and 10.5.0.3, instead of 5 and 6.
Note that I don't recommend a fixed IP for containers in Docker unless you're doing something that allows routing from outside to the inside of your container network (e.g. macvlan). DNS is already there for service discovery inside of the container network and supports container scaling. And outside the container network, you should use exposed ports on the host. With that disclaimer, here's the compose file you want:
version: '2'
services:
mysql:
container_name: mysql
image: mysql:latest
restart: always
environment:
- MYSQL_ROOT_PASSWORD=root
ports:
- "3306:3306"
networks:
vpcbr:
ipv4_address: 10.5.0.5
apigw-tomcat:
container_name: apigw-tomcat
build: tomcat/.
ports:
- "8080:8080"
- "8009:8009"
networks:
vpcbr:
ipv4_address: 10.5.0.6
depends_on:
- mysql
networks:
vpcbr:
driver: bridge
ipam:
config:
- subnet: 10.5.0.0/16
gateway: 10.5.0.1
I was facing some difficulties with an environment variable that is with custom name (not with container name /port convention for KAPACITOR_BASE_URL and KAPACITOR_ALERTS_ENDPOINT). If we give service name in this case it wouldn't resolve the ip as
KAPACITOR_BASE_URL: http://kapacitor:9092
In above http://[**kapacitor**]:9092 would not resolve to http://172.20.0.2:9092
I resolved the static IPs issues using subnetting configurations.
version: "3.3"
networks:
frontend:
ipam:
config:
- subnet: 172.20.0.0/24
services:
db:
image: postgres:9.4.4
networks:
frontend:
ipv4_address: 172.20.0.5
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:latest
networks:
frontend:
ipv4_address: 172.20.0.6
ports:
- "6379"
influxdb:
image: influxdb:latest
ports:
- "8086:8086"
- "8083:8083"
volumes:
- ../influxdb/influxdb.conf:/etc/influxdb/influxdb.conf
- ../influxdb/inxdb:/var/lib/influxdb
networks:
frontend:
ipv4_address: 172.20.0.4
environment:
INFLUXDB_HTTP_AUTH_ENABLED: "false"
INFLUXDB_ADMIN_ENABLED: "true"
INFLUXDB_USERNAME: "db_username"
INFLUXDB_PASSWORD: "12345678"
INFLUXDB_DB: db_customers
kapacitor:
image: kapacitor:latest
ports:
- "9092:9092"
networks:
frontend:
ipv4_address: 172.20.0.2
depends_on:
- influxdb
volumes:
- ../kapacitor/kapacitor.conf:/etc/kapacitor/kapacitor.conf
- ../kapacitor/kapdb:/var/lib/kapacitor
environment:
KAPACITOR_INFLUXDB_0_URLS_0: http://influxdb:8086
web:
build: .
environment:
RAILS_ENV: $RAILS_ENV
command: bundle exec rails s -b 0.0.0.0
ports:
- "3000:3000"
networks:
frontend:
ipv4_address: 172.20.0.3
links:
- db
- kapacitor
depends_on:
- db
volumes:
- .:/var/app/current
environment:
DATABASE_URL: postgres://postgres#db
DATABASE_USERNAME: postgres
DATABASE_PASSWORD: postgres
INFLUX_URL: http://influxdb:8086
INFLUX_USER: db_username
INFLUX_PWD: 12345678
KAPACITOR_BASE_URL: http://172.20.0.2:9092
KAPACITOR_ALERTS_ENDPOINT: http://172.20.0.3:3000
volumes:
postgres_data:
If you are never seeing the static IP address set, perhaps it could be because you are using "docker compose up". Try using "docker-compose up".
When I use "docker-compose up" (with the hyphen) I now see the static IPs assigned.
networks:
hfnet:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.55.0/24
gateway: 192.168.55.1
services:
web:
image: 'mycompany/webserver:latest'
hostname: www
domainname: mycompany.com
stdin_open: true # docker run -i
tty: true # docker run -t
networks:
hfnet:
ipv4_address: 192.168.55.10
ports:
- '80:80'
- '443:443'
volumes:
- '../honeyfund:/var/www/html'
I wasted a lot of time to figure that one out. :(
I realized, that the more convenient and meaningful way is to give the container a container-name.
You can use the name in the same docker network as source.
This helped me because the docker-containers had changing IPs and by this I can communicate with another container with a static name that I can use in config-files.

Resources