Running gitlab and jenkins with https in docker swarm - docker

Context: I want to run gitlab and jenkins in docker swarm with https. I succeeded in making them run on the default port(8080 for jenkins and 80 for gitlab with http).
My problem: is when I try to run for example gitlab on the port 443, I get nothing even though I published my container on that port and modified the external url on the "gitlab.rb" file(I've been following the official doc).
And for Jenkins it's even harder to make it run on https, it's either adding a reverse proxy or SSL certificate.
> sudo docker service create -u 0 --name jenkins_stack \
> --network devops-net --replicas 1 --publish 8443:8443 \
> --publish 50000:50000 --mount src=jenkins-volume,dst=/var/jenkins_home \
> --hostname jenkins jenkins/jenkins
>
>
> sudo docker service create -u 0 --name gitlabstack \
> --network devops-net --replicas 1 --publish 80:80 --publish 443:443 \
> --mount src=gitlab-data,dst=/var/opt/gitlab \
> --mount src=gitlab-logs,dst=/var/log/gitlab \
> --mount src=gitlab-config,dst=/etc/gitlab \
> --hostname gitlab gitlab/gitlab-ce
Above you will find the docker lines to create the services.
I'd really appreciate it, if someone can share any video or tutorial on how to run gitlab/jenkins on docker swarm with https.
I'm sorry if I've been unclear.

Related

How to access Gitlab's metrics (Prometheus and Grafana) from Docker installation?

I installed Gitlab using Docker image on a Ubuntu virtual machine running on a MAC M1 as follows (https://hub.docker.com/r/yrzr/gitlab-ce-arm64v8):
docker run \
--detach \
--restart always \
--name gitlab-ce \
--privileged \
--memory 4096M \
--publish 22:22 \
--publish 80:80 \
--publish 443:443 \
--hostname 127.0.0.1 \
--env GITLAB_OMNIBUS_CONFIG=" \
nginx['redirect_http_to_https'] = true; "\
--volume /srv/gitlab-ce/conf:/etc/gitlab:z \
--volume /srv/gitlab-ce/logs:/var/log/gitlab:z \
--volume /srv/gitlab-ce/data:/var/opt/gitlab:z \
yrzr/gitlab-ce-arm64v8:latest
All seems to be working correctly on localhost, except that I can't access the metrics, I got unable to connect error on:
Prometheus: http://localhost:9090
Grafana: http://localhost/-/grafana
I tried enabling metrics as in the documentation, and docker exec -it gitlab-ce gitlab-ctl reconfigure
What I'm missing?
Thanks
When Gitlab uses localhost this will resolve the localhost on the container and not the host (so your Mac).
There are two options to solve this:
Use host.docker.internal instead of localhost (this resolves to the internal IP address used by the host) - see this doc for more info
Configure your container to use the host network by adding this to the docker run command: --network=host which will let your container and host to share the same network stack (however, this is not supported nu Docker Desktop for mac according to this)

How can access to gitlab through docker

I'm trying to run gitlab through docker container on my web server.
I can reach my server with 192.168.80.xxx address.
here is what've done
Get gitlab image from docker
docker pull gitlab/gitlab-ce
Then run
docker run --detach \
--hostname 192.168.80.xxx \
--publish 443:443 --publish 8081:80 --publish 2289:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce
Like port 80(apache) & 22 are already used, I've changed them into 8080 and 2289
Now I go into my browser and check 192.168.80.xxx:8081 but nothing seems to work.
I was wondering "ok and what if i try to reach my container through its IP adress ?"
So I get back its address with the following line :
docker inspect 4170434ef181
And I try it http://192.17.0.2:8081, nothing too...
So guys, how can I use this container? how can I access it?
For informations my Document root path is defined like DocumentRoot "/var/apache/www" in my httpd.conf file
Cheers
--hostname 192.168.80.xxx -> usually, you define a string, not an ip adress. And this hostname is (per default) only valid inside your docker network.
If you are publishing ports 443 and 8080, you should be able to access your server at 192.168.80.xxx:8080 or 192.168.80.xxx:443 - except there are some additional firewalls?!
Is your container running (docker ps)?

Docker Swarm Windows Worker with Traefik returns Gateway Timeout

The objective is to get a mixed OS Docker swarm running using Linux servers and Windows 10 Machines running Docker For Windows
Currently Windows workers are theoretically supported on mixed os swarms provided the --endpoint-mode flag is set to 'dnsrr'. This is explained here. However attempts to use traefik to route to a simple docker whoami image stefanscherer/whoami image have failed.
Minimal Failing Example
// On (Linux) Manager Node:
docker swarm init --advertise-addr <hostaddress> --listen-addr <hostaddress>:2377
// On (Windows 10) Worker Node:
docker swarm join <jointoken>
// On Manager Node:
docker network create --driver=overlay traefik-net
docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 80:80 --publish 8080:8080 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network traefik-net \
traefik \
--docker \
--docker.swarmmode \
--docker.domain=traefik \
--docker.watch \
--web
docker service create \
--name whoami \
--label traefik.enable=true \
--label traefik.frontend.rule=Host:whoami.docker \
--label traefik.protocol=http \
--label traefik.docker.network=traefik-net \
--label traefik.backend.loadbalancer.method=drr \
--label traefik.backend=whoami \
--network traefik-net \
--mode global\
--label traefik.port=80 \
stefanscherer/whoami
Traefik successfully sets up backend rules, to check the routing I used the traefik dashboard to find out the URL that is routed to by the rule e.g. '10.0.0.12:8080'. I then compare this with the IP address of each task, the task can be viewed with docker service ps, and their address' found using
docker inspect <taskID> \
--format '{{ range .NetworksAttachments }}{{ .Addresses }}{{ end }}'
The Problem
A HTTP request with a header 'Host:whoami.docker' sent to the IP of the manager will succeed when routed to the manager and fail with 504 Gateway Timeout when routed to the Windows Task on the Windows worker.
You're missing setting --endpoint-mode=dnsrr to your whoami service.
docker service create \
--name whoami \
--label traefik.enable=true \
--label traefik.frontend.rule=Host:whoami.docker \
--label traefik.protocol=http \
--label traefik.docker.network=traefik-net \
--label traefik.backend.loadbalancer.method=drr \
--label traefik.backend=whoami \
--network traefik-net \
--mode global\
--label traefik.port=80 \
--endpoint-mode=dnsrr
stefanscherer/whoami
Setting endpoint-mode dnsrr will disable VIP address which probably is causing the issue.
I had the same problem when using the stefanscherer/whoami image. Using microsoft/dotnet-samples:aspnetapp works though, so the error seems related to the image.
I'm using the following setup:
Ubuntu 16.04
Docker 18.03.1-ce
Run as Manager
Runs traefik
Windows 1803
Docker 18.03.1-ee-2
Runs as Worker (joining as Manager did not work)
Runs microsoft/dotnet-samples:aspnetapp

Connect Nginx Docker container to 16 workers

I have an Nginx Docker container, and 16 load balanced web servers each exposing a port on the host machine, 8081-8096:
docker run -d \
--restart always \
--name "web.${name}" \
-v /srv/web/web-bundle:/bundle \
-p "${port}":80 \
kadirahq/meteord:base
My Nginx container was previously linking to the only web image, before I tried to scale:
docker run -d \
--name nginx \
--link web.1:web.1 \
-v /srv/nginx:/etc/nginx \
-v /srv/nginx/html:/usr/share/nginx/html \
-p 80:80 \
-p 443:443 \
nginx
Nginx upstream config:
upstream web {
ip_hash;
server 127.0.0.1:8081;
server 127.0.0.1:8082;
server 127.0.0.1:8083;
# ... you get the point
}
I need this Nginx image to be able to hit 127.0.0.1:8081-8096, however it doesn't appear to permit this. I don't want to make 16 --links! That seems off.
What is the proper way to do this?
You have no choice with nginx to spare the requests through a range of ports without specifying each one.
I recommend to try this out: https://github.com/jwilder/nginx-proxy
That is a nginx container that can automatically discover any other containers that need to be proxied. It reads some special env var from other containers in order to know how to proxy them.
Use --network instead of --link. As long as you put all containers in the same network, you don't need to link them. The --link is being deprecated.
docker network create mynet
docker run --network mynet ........

Docker not port forwarding correctly?

I am trying to run a gitlab docker image, and everything is running fine except that when I navigate to the website, Port 80 results in "Connection refused", but port 8080 successfully reaches Gitlab.
However, it shows that it's forwarding from 8080 to 80 on the container:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
14b2ac3c0de6 gitlab/gitlab-ee "/assets/wrapper" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp gitlab
Here's how I'm running the container.
sudo docker run --detach \
--publish 8443:443 --publish 8080:80 --publish 2222:22 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ee:latest
Use --publish 80:80 if you want to access the service via port 80 on the host. Otherwise there's nothing on the host listening on port 80 and you get connection refused. Same goes for 443.
The format is
--publish <host port>:<container port>
My solution looks like this:
docker network create --subnet=172.18.0.0/16 selnet
docker run --net selnet --ip 172.18.0.2 -p 0.0.0.0:80:8080 --expose=80 hub
I am able to connect to my container with localhost:Port or 172.18.0.2:Port

Resources