Hi i have a url called :
https://wona.logs.co.za
And i need it to redirect to the speciic docker container at port 3000
( http://156.43.123.226:3000)
However when i try link https://wona.logs.co.za to 156.43.123.226:3000 i cannot enter a port number in the redirection to specify my docker container
Multiple things that do not fit.
you try to redirect https traffic to an http endpoint. That won't wortk
you are trying to directly redirect to another port (from 443, to 3000). That won't work either.
Solution
Create a proxy container. e.g. nginx that serves port 80 / 443 and redirects traffic to your application on port 3000. I recommend that you do not directly expose your application - only via the proxy.
Once you have a proxy container that listens to the same ports you can easily use the redirect as you described.
The question lacks the current setup of docker on mentioned server. From what i understood, is you already have docker running with orchestrator and a proxy server for main domain, and now you want to put up a subdomain which forwards traffic to one specific container.
For this, you need to spin an image of your application which listens on port 3000, add an entry in proxy server to forward traffic to your new container. Handle the ssl handshaking at proxy level.
Related
I would like to forward traffic using (reverse) proxy for both ingress and egress while manipulating the request and response URI's.
The scenario is this:
Ingress
Request from the internet (with request uri of "/test/") enters an ec2 instance on port 8888, it then goes into a Nginx docker container that listens on this port and proxy pass it to a second docker container while 'replacing' the request uri to be "/" on port 12345 (then inside the container forward it onto port 8787 to a web application).
Egress
The response that comes back from the second docker container to the Nginx container has to be "rebuild" again to the original uri ("/test/") and sent back as a response to the original client.
I think I got the ingress part by configuring the Nginx like this:
server {
listen 8888;
server_name 172.17.0.1;
location / {
proxy_pass "http://172.17.0.1:12345";
}
}
but it seems not quite right as I thought it should be using the Nginx itself (172.17.0.3) as the "server_name" and the web application (172.17.0.2) as the upstream, but that didnt work (502 error).
I'm attaching an image for this scenario, Thanks.
You can run both NGINX and Web App docker containers on the same network by creating a docker network and specifying the network while running the containers with the --network flag. With this setup, you wouldn't have to bind the host port (12345) while running the Web App and it would be accessible from the Nginx container on <webapp_container_name>:8787. So you can specify this in proxy pass - http://<webapp_container_name>:8787
I have three tomcat containers running on different bridge networks with different subnet and gateway
For example:
container1 172.16.0.1 bridge1
container2 192.168.0.1 bridge2
container3 192.168.10.1 bridge3
These containers are running on different ports like 8081, 8082, 8083
Is there any way to run all three containers in same 8081?
If it is possible, how can I do it in docker.
You need to set-up a reverse proxy. As the name suggests, this is a proxy that works in an opposite way from the standard proxy. While standard proxy gets requests from internal network and serves them from external networks (internet), the reverse proxy gets requests from external network and serves them by fetching information from internal network.
There are multiple applications that can serve as a reverse proxy, but the most used are:
NginX
Apache
HAProxy mainly as a load-balancer
Envoy
Traefik
Majority of the reveres proxies can run as another container on your docker. Some of this tools are easy to start since there is ample amount of tutorials.
The reverse proxy is more than just exposing single port and forwarding traffic to back-end ports. The reverse proxy can manage and distribute the load (load balancing), can change the URI that is arriving from the client to a URI that the back-end understands (URL rewriting), can change the response form the back-end (content rewriting), etc.
Reverse HTTP/HTTP traffic
What you need to do to set a reverse proxy, assuming you have HTTP services, in your example is foloowing:
Decide which tool to use. As a beginner, I suggest NginX
Create a configuration file for the proxy which will take the requests from the port 80 and distribute to ports 8081, 8082, 8083. Since the containers are on different network, you will need to decide if you want to forward the traffic to their IP addresses (which I don't recommend since IP can change), or to publish the ports on the host and use the host IP. Another alternative is to run all of them on the same network.
Depending on the case, you need to setup the X-Forwarding-* flags and/or URL rewriting and content rewriting.
Run the container and publish the port 80 as 8080 (if you expose the containers on host, your 8081 will be already taken).
Reverse TCP/UDP traffic
If you have non-HTTP services (raw TCP or UDP services), then you can use HAProxy. Steps are same apart from the configuration step #2. The configuration is different due to non-HTTP nature of the traffic and you can find example in this SO
That’s said we have a website project. Front end will call the backend through Websocket protocol. In the backend, we have a Websocket server (through tornado) inside a docker container. The backend and front end are on the same server.
Here comes the problem, when we want to set up HTTPS for the whole application. The front end will use default 443 port and the backend will need 443 as well, which is conflicting each other. How should I do to avoid it? Is it possible to use wss (secure websocket) on other port when we initiate the request from client side (front end page to the backend) ?
By the way, the domain name is configured by another server.
The port inside docker container with backend is 443 in the container. But you can set the local machine port. Use the flag -p:
docker run -d --name myName -p 443:445 image:tag
The port 443 of the container will listen trough the port 445 machine on your localhost. You can change the 445 for another you want.
You can local with localhost:445.....
I have a docker container that is listening on port 80 (and 443) running on a server and accepting request for a sub-domain https://<subdomain1>.<domain>.com
Now I need to deploy another container on the same server and accept connections for another subdomain https://<subdomain2>.<domain>.com. The problem is that the container for subdomain1 is already running on port 80. For the new one, I can choose a different port on the host.
Is it possible to put nginx 'before' the container so it can redirect the traffic to different dockers accordingly? Also, ideally I wouldn't want to commit the old docker container and run it on a new port. I can stop and restart though.
You must use a reverse proxy (serve at port 80 and 443), maybe jwilder/nginx-proxy or Traefik stand in front of other containers.
This container will serve and redirect traffic to other Container running "random" port (not 80 and 443) like the image below.
Is it possible to have a 2 docker containers serve on port 80 but different subdomains or hostnames?
Something like:
api.example.com goes to a node application
app.example.com goes to a Java application
Yes you can. using a proxy.
There is a project by jwilder/nginx-proxy which allows you to give your hostname via an enviroment variable which will than route your request to the appropriate container.
A good example of this implemented is given here: https://blog.florianlopes.io/host-multiple-websites-on-single-host-docker/
No. The first container you start will have exclusive access to the port, and if you try and start a second container on the same port it will fail.
Instead, use a load balancer such as Nginx or Traefik to handle the incoming traffic to port 80 and proxy it on to your two app containers based on host headers.