I’ve spent an awful long time trying to debug this. I have an already populated docker compose file with multiple containers running, all on the same network. The containers consist of a tomcat9 server(Server A), a hazelcast container, and a hazelcast-mancenter container, and then an apache server.
I want to introduce an additional container, which is a tomcat7 server(Server B), and for some reason it interferes with the original tomcat server(Server A). Server A never gets to a start up state when server B's container is running.
Whenever Server B is off, Server A works no problem(after a restart). The moment Server B comes on, Server A poops out.
For some reason Server B also attempts to connect to Hazelcast or affects it. Even if I take Server B off the network as the other containers, there is still interference. I am certain that Server B is not attempting to connect to the original Hazelcast container.
What is going on? Shouldn’t the container be isolated?
docker-compose.yml
version: '3.7'
services:
server_a_tomcat:
container_name: server_a_tomcat
image: server_a:latest
ports:
- "8080:8080"
- "5005:5005"
networks:
- network_a
depends_on:
- server_a_mountebank_local
volumes:
- …/java-config
- …/server_a_tomcat.war
- data-volume:/usr/local/ssl
environment:
- …
server_a_mountebank_local:
container_name: server_a_mountebank_local
image: mountebank:latest
volumes:
- …
networks:
- network_a
ports:
- "8083:8083"
apache_local:
container_name: apache_local
image: apache_local:latest
ports:
- "80:80"
- "8055:8055"
depends_on:
- server_a_local
volumes:
- …/httpd.conf
- …/extra-httpd.conf
- …
- data-volume:/usr/local/ssl
networks:
- network_a
stdin_open: true
tty: true
hazelcast_local:
container_name: hazelcast_local
image: hazelcast_local:latest
ports:
- 11415:5701
depends_on:
- mancenter_local
mancenter_local:
container_name: mancenter_local
image: mancenter_local:latest
environment:
- HAZELCAST_IP={{ container_private_ip }}
- JAVA_OPTS=-Dhazelcast.mc.rest.enabled=true
ports:
- 8100:8080
networks:
- network_a
server_b_tomcat:
container_name: server_b_tomcat
build:
context: '.'
dockerfile: 'Dockerfile-server_b_tomcat’
ports:
- "9090:8080"
- "5015:5005"
environment:
- ...
networks:
- network_b
depends_on:
- redis
redis:
container_name: redis
image: redis:5.0.5
ports:
- "6379:6379"
networks:
- network_b
networks:
network_b:
driver: bridge
name: network_b
network_a:
driver: bridge
name: network_a
volumes:
data-volume:
Related
I am building a website and trying to deploy the whole stack using docker compose.
The website needs a database, an api, a middleware translation layer and a frontend that are all able to communicate with eachother.
I have understood that I might need a network. So I made one.
Problem is that all containers get random ip adresses within the ip range.
it seems aux_adresses does not do the thing I thought it did...
services:
db:
image: neo4j:community
restart: unless-stopped
volumes:
- ./conf:/conf
- ./data:/data
- ./import:/import
- ./logs:/logs
- ./plugins:/plugins
environment:
# Raise memory limits
- NEO4J_AUTH=neo4j/password
- NEO4J_dbms_memory_pagecache_size=1G
- NEO4J_dbms.memory.heap.initial_size=1G
- NEO4J_dbms_memory_heap_max__size=1G
ports:
- 7474:7474
- 7687:7687
networks:
- matrix-network
api:
build: ./api/.
restart: unless-stopped
ports:
- 8000:8000
networks:
- matrix-network
middleware:
build:
./database-middleware/.
restart: unless-stopped
ports:
- 4000:4000
networks:
- matrix-network
web:
build:
./.
restart: unless-stopped
ports:
- "80:80"
networks:
- matrix-network
networks:
matrix-network:
ipam:
driver: default
config:
- subnet: 172.28.0.0/16
ip_range: 172.28.5.0/24
gateway: 172.28.5.254
aux_addresses:
api: 172.28.1.5
db: 172.28.1.6
middleware: 172.28.1.7
web: 172.28.1.8
just use the service name instead of an ip.
so for example: http://middleware:4000 instead of the ip.
thx #tkausl
This is my docker-compose.yml. I am trying to deploy app and mysql,I added network.
version: '3'
services:
#PHP Service
app:
image: lscr.io/linuxserver/bookstack
container_name: bookstack
restart: unless-stopped
environment:
- DB_HOST=mysql
- DB_USER=quantox
- DB_PASS=****
- DB_DATABASE=bookstackapp
working_dir: /var/www
volumes:
- ./:/var/www
- ./php/local.ini:/usr/local/etc/php/conf.d/local.ini
ports:
- 6875:80
networks:
- app-network
db:
image: mysql:5.7.22
container_name: mysql
restart: unless-stopped
ports:
- 33060:3306
environment:
- MYSQL_ROOT_PASSWORD=***
- TZ=Europe/Budapest
- MYSQL_DATABASE=bookstackapp
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=****
volumes:
- dbdata:/var/lib/mysql/
- ./mysql/my.cnf:/etc/mysql/my.cnf
networks:
- app-network
#Docker Networks
networks:
app-network:
driver: bridge
#Volumes
volumes:
dbdata:
driver: local
After I go for up -d
I got
Name Command State Ports
-----------------------------------------------------------------------------------------------
bookstack /init Up 443/tcp, 0.0.0.0:6875->80/tcp,:::6875->80/tcp
mysql docker-entrypoint.sh mysqld Up 0.0.0.0:33060->3306/tcp,:::33060->3306/tcp
But in browser localhost:6875 shows
File not found.
Why? Both my app and mysql are on same network. What should I check now?
When using volumes (-v flags) permissions issues can arise between the host OS and the container, you could avoid this issue by allowing you to specify the user PUID and group PGID.
I want to run with a container that is a copy of a production container, so I want to restrict access to the internet to prevent that call production servers.
But I need to access the container from the host machine with internet access
This is what I am trying to do:
version: '2.1'
services:
proxy:
image: traefik
command: --api.insecure=true --providers.docker
networks:
- no-internet
- internet
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
prod-service:
image: ....
depends_on:
- db
ports:
- "8094:8094"
labels:
- "traefik.http.routers.blog.rule=Host(`localhost`)"
- "traefik.port=8094"
networks:
- no-internet
db:
container_name: db
image: postgres:11
hostname: ap-db
expose:
- 5433
ports:
- 5433:5432
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
networks:
- no-internet
- internet
networks:
internet:
driver: bridge
no-internet:
internal: true
driver: bridge
But the trafic configuration is not working for me.
What is the best option to do this?
the answers I found do not take into account the access from the host machine, the container without internet is isolated
I appreciate any advice
Note: Thanks #Ferran Buireu for the suggestion. I'm quite sure to get minus vote because of very new to docker and changing network world to system and programming.
After deploy gatsbyjs, I found the socketio error "net::ERR_CONNECTION_REFUSED".
Even it works properly when I browse to any pages but I think it is not running correctly.
How can I solve this error? (below is the error capture)
I implement and deploy these services on Ubuntu 20.04.2 with Docker 20.10.6, please see the below "docker-compose.yml"
version: "3"
services:
frontendapp01:
working_dir: /frontendapp01
build:
context: ./frontendapp01
dockerfile: Dockerfile
depends_on:
- backendsrv01
- mongoserver
volumes:
- ./sentric01:/srv/front
ports:
- "8001:8000"
environment:
GATSBY_WEBPACK_PUBLICPATH: /
STRAPI_URL: backendsrv01:1337
networks:
- vpsnetwork
frontendapp02:
working_dir: /frontendapp02
build:
context: ./frontendapp02
dockerfile: Dockerfile
depends_on:
- backendsrv02
- mongoserver
volumes:
- ./sentric02:/srv/front
ports:
- "8002:8000"
environment:
GATSBY_WEBPACK_PUBLICPATH: /
STRAPI_URL: backendsrv02:1338
networks:
- vpsnetwork
frontendapp03:
working_dir: /frontendapp03
build:
context: ./frontendapp03
dockerfile: Dockerfile
depends_on:
- backendsrv02
- mongoserver
volumes:
- ./sentric03:/srv/front
ports:
- "8003:8000"
environment:
GATSBY_WEBPACK_PUBLICPATH: /
STRAPI_URL: backendsrv02:1338
networks:
- vpsnetwork
backendsrv01:
image: strapi/strapi
container_name: backendsrv01
restart: unless-stopped
environment:
DATABASE_CLIENT: mongo
DATABASE_NAME: essential
DATABASE_HOST: mongoserver
DATABASE_PORT: 27017
networks:
- vpsnetwork
volumes:
- ./app01:/srv/app
ports:
- "1337:1337"
backendsrv02:
image: strapi/strapi
container_name: backendsrv02
restart: unless-stopped
environment:
DATABASE_CLIENT: mongo
DATABASE_NAME: solven
DATABASE_HOST: mongoserver
DATABASE_PORT: 27017
networks:
- vpsnetwork
volumes:
- ./app02:/srv/app
ports:
- "1338:1337"
mongoserver:
image: mongo
container_name: mongoserver
restart: unless-stopped
networks:
- vpsnetwork
volumes:
- vpsappdata:/data/db
ports:
- "27017:27017"
networks:
vpsnetwork:
driver: bridge
volumes:
vpsappdata:
The socket connection only appears during the development stage (gatsby develop) and it's intended to refresh and update the browser on each saves by hot-reloading, so without losing component state. This feature is known as fast-refresh.
As I said, and for obvious reasons, this only applies in gatsby develop. Under gatsby build, there's no connection socket. If your Docker development environment is sharing the port 8000 and 8001 (according to your docker-compose.yml setup), once built, can cause a break of the socket because it has changed the scope of the project.
Answering, you don't have to worry about, your project seems to build properly but, because of the sharing port between environments it prompts the log.
Further readings:
https://www.gatsbyjs.com/docs/conceptual/overview-of-the-gatsby-build-process/
https://www.gatsbyjs.com/docs/reference/local-development/fast-refresh/
I would like to build a docker landscape. I use a container with a traefik (v2. 1) image and a mysql container for multiple databases.
traefik/docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.1"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.traefik-dashboard.address=:8080"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge=true"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.devnik-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.devnik-resolver.acme.email=####"
- "--certificatesresolvers.devnik-resolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "./data:/etc/traefik"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`devnik.dev`)"
- "traefik.http.routers.traefik.entrypoints=traefik-dashboard"
- "traefik.http.routers.traefik.tls.certresolver=devnik-resolver"
#basic auth
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/etc/traefik/.htpasswd"
#Docker Networks
networks:
proxy:
database/docker-compose.yml
version: "3.3"
services:
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: always
ports:
- "3306:3306"
volumes:
#persist data
- ./mysqldata/:/var/lib/mysql/
- ./init:/docker-entrypoint-initdb.d
networks:
- "mysql"
environment:
MYSQL_ROOT_PASSWORD: ####
TZ: Europe/Berlin
#Docker Networks
networks:
mysql:
driver: bridge
For the structure I want to control all projects via multiple docker-compose files. These containers should run on the same network as the traefik container and some with the mysql container.
This also works for the following case (but only sometimes)
dev-releases/docker-compose.yml
version: "3.3"
services:
backend:
image: "registry.gitlab.com/devnik/dev-releases-backend/master:latest"
container_name: "dev-releases-backend"
restart: always
volumes:
#laravel logs
- "./logs/backend:/app/storage/logs"
#cron logs
- "./logs/backend/cron.log:/var/log/cron.log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dev-releases-backend.rule=Host(`dev-releases.backend.devnik.dev`)"
- "traefik.http.routers.dev-releases-backend.entrypoints=websecure"
- "traefik.http.routers.dev-releases-backend.tls.certresolver=devnik-resolver"
networks:
- proxy
- mysql
environment:
TZ: Europe/Berlin
#Docker Networks
networks:
proxy:
external:
name: "traefik_proxy"
mysql:
external:
name: "database_mysql"
As soon as I restart the containers in dev-releases/ via docker-compose up -d I get the typical error "Gateway timeout" when calling them in the browser.
As soon as I comment the network networks: #- mysql and restart the docker-compose in dev-releases/ it works again.
My guess is that I have not configured the external networks correctly. Is it not possible to use 2 external networks?
I'd like some container have access to the 'mysql' network but it should not be accessible for the whole traefik network.
Let me know if you need more information
EDIT (26.03.2020)
I make it running.
I put all my containers into one network "proxy". It seems mysql also have to be in the proxy network.
So I add following to database/docker-compose.yml
networks:
proxy:
external:
name: "traefik_proxy"
And removed the database_mysql network out of dev-releases/docker-compose.yml
based on the names of the files, your mysql network should be mysql_mysql.
you can verify this by executing
$> docker network ls
You are also missing a couple of labels for your services such as
traefik command line
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
labels
- traefik.docker.network=proxy
- traefik.http.services.dev-releases-backend.loadbalancer.server.port=yourport
- traefik.http.routers.dev-releases-backend.service=mailcatcher
You can check this for more info