We have a Docker Swarm Cluster with Consul + Traefik as a proxy for our microservices. Traefik v1.6.1 was installed and now we have to configure de wildcard certificate I have the own wild card certificate. This certificate is a wildcard certificate (*.mydomain.com) to support our micro services availables in subdomains as "microservice2.mydomain.com".
Cureently my configuration works with ACme certificates very well. SInce I have my own certificates now,
currently I do not find documentation of how to store the certificate in secrets or consul and how to make it work with command line arguements and docker labels as below?
How can I add certificates in the below configuration to make it work
version: "3.2"
services:
traefik_init:
image: traefik:1.6
command:
- "storeconfig"
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=traefik/acme/account"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.onHostRule=true"
- "--acme.onDemand=false"
- "--acme.email=foobar#example.com"
- "--docker"
- "--docker.swarmMode"
- "--docker.domain=mydomain.com"
- "--docker.watch"
- "--consul"
- "--consul.endpoint=consul:8500"
- "--consul.prefix=traefik"
- "--debug"
networks:
- internal
deploy:
restart_policy:
condition: on-failure
depends_on:
- consul
traefik:
image: traefik:1.6
depends_on:
- traefik_init
- consul
command:
- "--consul"
- "--consul.endpoint=consul:8500"
- "--consul.prefix=traefik"
- "--logLevel=DEBUG"
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=traefik/acme/account"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.onHostRule=true"
- "--acme.onDemand=false"
- "--acme.email=foobar#example.com"
- "--docker"
- "--docker.swarmMode"
- "--docker.domain=mydomain.com"
- "--docker.watch"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- internal
- traefik_proxy
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8080
mode: host
deploy:
mode: global
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.mydomain.com"
- "traefik.port=8080"
- "traefik.docker.network=traefik_proxy"
consul:
image: consul:latest
command: "agent -server -bootstrap-expect=1 -ui -client 0.0.0.0 -bind '{{ GetInterfaceIP \"eth0\" }}'"
volumes:
- consul-data:/consul/data
environment:
- CONSUL_LOCAL_CONFIG={"datacenter":"us_east2","server":true}
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
ports:
- 8500:8500
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
networks:
- internal
networks:
traefik_proxy:
external: true
internal:
driver: overlay
volumes:
consul-data:
driver: local
Related
I am trying to deploy Wordpress application on docker swarm stack, behind Traefik reverse proxy, I wanted to use Nginx for reverse proxying but as the the Wordpress is deployed with 2 replicas I am facing session time out issue, therefore I am trying the use Traefik instaed to configure sticky session later.
I have deployed the Traefik service successfully and can access the dashboard, but the Wordpress is not being proxied and it is not showing in the services list on the dashboard.
Traefik Dashboard Screenshot
Traefik Dashboard 2
Traefik Proxy yaml File:
version: '3.3'
services:
traefik:
image: traefik:v2.2
ports:
- 80:80
- 443:443
deploy:
placement:
constraints:
# Make the traefik service run only on the node with this label
# as the node with it has the volume for the certificates
- node.labels.traefik-public.traefik-public-certificates == true
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
- traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
- traefik.http.routers.traefik-public-https.service=api#internal
- traefik.http.routers.traefik-public-https.tls.certresolver=le
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
command:
- --providers.docker
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --accesslog
- --log
- --api
networks:
- traefik-public
volumes:
traefik-public-certificates:
networks:
traefik-public:
external: true
Wordpress yaml File:
version: "3.4"
services:
db:
image: mariadb
secrets:
- db_user
- db_pass
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_USER_FILE: /run/secrets/db_user
MYSQL_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_DATABASE_NAME: wpdb
ports:
- 3306:3306
networks:
- backend
volumes:
- db-data:/var/lib/mysql
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
wp:
image: wordpress
secrets:
- db_user
- db_pass
depends_on:
- db
labels:
- traefik.enable=true
- traefik.constraint-label=traefik-public
- traefik.docker.network=traefik-public
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.wp.rule=Host(`example.com`)
- traefik.http.routers.wp.entrypoints=http
- traefik.http.routers.wp.middlewares=https-redirect
- traefik.http.routers.wp-secured.rule=Host(`example.com`)
- traefik.http.routers.wp-secured.entrypoints=https
- traefik.http.routers.wp-secured.tls=true
- traefik.http.routers.wp-secured.tls.certresolver=le
- traefik.http.services.wp.loadbalancer.server.port=8080
environment:
WORDPRESS_DB_HOST: 192.168.20.30:3306 # node IP
WORDPRESS_DB_USER_FILE: /run/secrets/db_user
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_pass
WORDPRESS_DB_NAME: wpdb
networks:
- backend
- traefik-public
volumes:
- wp-data:/var/www/html
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
networks:
backend:
external: false
traefik-public:
external: true
volumes:
wp-data:
db-data:
secrets:
db_user:
file: ./db_user.txt
db_pass:
file: ./db_pass.txt
```
I'm trying my best to get Traefik dashboard available through http://gateway.localhost/dashboard/, but I'm always getting a 404 response* from Traefik. Can s.o. please review my stack file and tell me, why it's not working?
I tried it on my server with a valid domain, but it's either working there or on localhost with Docker Desktop in Swarm mode. The WhoAmI service can be reached through http://localhost which is correct.
docker stack deploy -c traefik.yml traefik
*404 is returned for these routes too: http://gateway.localhost, http://gateway.localhost/dashboard
traefik.yml:
version: '3'
services:
reverse-proxy:
image: traefik:v2.5
command:
- "--providers.docker.swarmmode=true"
- "--providers.docker.exposedByDefault=false"
- "--api.dashboard=true"
- "--entrypoints.web.address=:80"
# Logging
- "--accesslog"
- "--log.level=INFO"
ports:
- "80:80"
deploy:
labels:
#Because Swarm API does not support automatic way
- "traefik.http.services.reverse-proxy.loadbalancer.server.port=80"
#Dashboard
- "traefik.http.routers.dashboard.rule=Host(`gateway.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.service=api#internal"
- "traefik.http.routers.dashboard.entrypoints=web"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
placement:
constraints:
- node.role == manager
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: traefik/whoami
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
You need to enable traefik for the container with the traefik.enable=true label:
version: '3'
services:
reverse-proxy:
image: traefik:v2.5
command:
- "--providers.docker.swarmmode=true"
- "--providers.docker.exposedByDefault=false"
- "--api.dashboard=true"
- "--entrypoints.web.address=:80"
# Logging
- "--accesslog"
- "--log.level=INFO"
ports:
- "80:80"
deploy:
labels:
######## add the following label to enable traefik #######
- "traefik.enable=true"
#Because Swarm API does not support automatic way
- "traefik.http.services.reverse-proxy.loadbalancer.server.port=80"
#Dashboard
- "traefik.http.routers.dashboard.rule=Host(`gateway.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.service=api#internal"
- "traefik.http.routers.dashboard.entrypoints=web"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
placement:
constraints:
- node.role == manager
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: traefik/whoami
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
We can see that "portainer" is in both public and agent_network overlay networks. And it has two IP addresses, 10.0.38.7 and 10.0.39.7.
traefik is only in public network, it has IP address 10.0.38.6.
The problem is, from traefik web UI, it refers "portainer" as 10.0.39.7 instead of 10.0.38.7. So that it fails to work.
Any solution to this?
I have two docker-compose.*.yml files, one for the testing stage and one for production. The testing stage file is executed with docker compose and the production with docker swarm.
The docker compose setup works fine. In case of the production docker swarm setup I am getting a timeout 504 http status code when accessing the rabbitmq management endpoint.
Since the logs of both containers, traefik as well as rabbitmq do not display any error I do not know how to debug this.
Here are both files:
docker-compose.testing-stage.yml
(working example, executed with docker compose)
version: '3.7'
services:
traefik:
image: traefik:v2.2
hostname: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/acme.json:/root/acme.json
- /root/credentials.txt:/root/credentials.txt
ports:
- 80:80
- 443:443
command:
- --api=true
- --log.level=WARN
- --providers.docker=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker.exposedByDefault=false
- --certificatesresolvers.secure.acme.httpchallenge=true
- --certificatesresolvers.secure.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.secure.acme.email=${MAIL_ADDRESS}
- --certificatesresolvers.secure.acme.storage=/root/acme.json
labels:
- traefik.enable=true
# dashboard
- traefik.http.routers.traefik.service=api#internal
- traefik.http.routers.traefik.rule=Host(`monitor.example.org`)
- traefik.http.routers.traefik.tls.certresolver=secure
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.http.middlewares.auth.basicauth.usersfile=/root/credentials.txt
# https redirect
- traefik.http.routers.detour.rule=hostregexp(`{host:[a-z-.]+}`)
- traefik.http.routers.detour.entrypoints=web
- traefik.http.routers.detour.middlewares=redirect-to-https
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
rabbitmq:
image: registry.exampe.com/root/blicc/rabbitmq:test
hostname: rabbitmq
environment:
- RABBITMQ_ERLANG_COOKIE=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_USER=admin
ports:
- 15672:15672
labels:
- traefik.enable=true
- traefik.http.routers.rabbitmq.rule=Host(`messaging.example.org`)
- traefik.http.routers.rabbitmq.tls.certresolver=secure
- traefik.http.services.rabbitmq.loadbalancer.server.port=15672
docker-compose.prod.yml
(example which gives a timeout on messaging.prod-example.org, executed with docker swarm)
version: '3.7'
services:
traefik:
image: traefik:v2.2
hostname: traefik
ports:
- 80:80
- 443:443
command:
# entry points
- --api=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
# tls certificates
- --certificatesresolvers.secure.acme.httpchallenge=true
- --certificatesresolvers.secure.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.secure.acme.email=${MAIL_ADDRESS}
- --certificatesresolvers.secure.acme.storage=/root/acme.json
# metrics
- --metrics=true
- --metrics.prometheus=true
# docker
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --providers.docker.swarmMode=true
- --providers.docker.network=traefik-public
- --providers.docker.endpoint=unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/acme.json:/root/acme.json
- /root/credentials.txt:/root/credentials.txt
deploy:
replicas: 1
update_config:
parallelism: 1
order: start-first
failure_action: rollback
delay: 10s
rollback_config:
parallelism: 0
order: stop-first
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
# dashboard
- traefik.http.routers.traefik.service=api#internal
- traefik.http.routers.traefik.rule=Host(`monitor.prod-example.org`)
- traefik.http.routers.traefik.tls.certresolver=secure
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.middlewares.auth.basicauth.usersfile=/root/credentials.txt
- traefik.http.services.traefik.loadbalancer.server.port=8080
# https redirect
- traefik.http.routers.detour.rule=hostregexp(`{host:[a-z-.]+}`)
- traefik.http.routers.detour.entrypoints=web
- traefik.http.routers.detour.middlewares=redirect-to-https
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
rabbitmq:
image: registry.exampe.com/root/blicc/rabbitmq:latest
hostname: rabbitmq
environment:
- RABBITMQ_ERLANG_COOKIE=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_USER=admin
ports:
- 15672:15672
deploy:
replicas: 1
update_config:
parallelism: 1
order: start-first
failure_action: rollback
delay: 10s
rollback_config:
parallelism: 0
order: stop-first
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.rabbitmq.rule=Host(`messaging.prod-example.org`)
- traefik.http.routers.rabbitmq.tls.certresolver=secure
- traefik.http.services.rabbitmq.loadbalancer.server.port=15672
Both server run the ubuntu 18.04 with the same firewall and the same ports exposed. I am guessing that I do some mistakes on the docker swarm setup for traefik, but I can not figure out what. The only thing I basically changed was putting the labels under deploy.
The rabbitmq container has the ui exposed on port 15672 which I am mapping with the load balancer to port 443 on messaging.prod-example.org. Nevertheless this endpoint gives me an timeout.
Does anyone sees the misconfiguration I am doing here?
Maybe you forget to set a "entrypoints" in rabbitmq labels, like below:
traefik.http.routers.rabbitmq.entrypoints=XXX
I'm trying to restore fabric-network with old blockchain data and for same I followed below steps.
Backup process
1. Stopped docker swarm network.
2. created a directory `bchain_backup` and under this directory I have created sub-directories for every node like orderer1, orderer2 and so on.
3. then I copied the data from container to `bchain_backup` directory
--> "docker cp container_name:/var/hyperledger/production bchain_backup/orderer1
--> executed above step for every node
Restoration process
1. copied all the certs and channel-artifacts
2. mapped '/bchain_backup/orderer1/production:/var/hyperledger/production' in compose-file.
3. performed step 2 for every node.
When I tried to start the network them I'm getting below error:
with Orderer node
panic: Error opening leveldb: open /var/hyperledger/production/orderer/index/LOCK: permission denied
With peer node
panic: Error opening leveldb: open /var/hyperledger/production/ledgersData/ledgerProvider/LOCK: permission denied
Using couchDB
Using Docker-swarm on GCP Ubuntu 18.04 instance
docker-orderer1.yaml file
version: '3.7'
volumes:
orderer1.example.com:
# set external: true and now network name is "networks.test-network.name" instead of "networks.test-network.external.name"
networks:
testchain-network:
external: true
name: testchain-network
services:
orderer1:
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
placement:
constraints:
- node.hostname == gcloud1
resources:
limits:
cpus: '0.50'
memory: 1000M
reservations:
cpus: '0.25'
memory: 50M
hostname: orderer1.example.com
image: hyperledger/fabric-orderer:1.4.4
user: "${UID}:${GID}"
#healthcheck:
#testchain: ["CMD","curl","-f","http://orderer1.example.com:4443/"]
#interval: 1m30s
#timeout: 10s
#retries: 3
#start_period: 1m
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=testchain-network
- ORDERER_HOST=orderer1.example.com
- ORDERER_GENERAL_LOGLEVEL=info
- FABRIC_LOGGING_SPEC=warning
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_GENESISPROFILE=OrdererOrg
- CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:4443
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
#- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
#- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_CHAINCODE_LOGGING_SHIM=DEBUG
- ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin#example.com/tls/ca.crt
- ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin#example.com/tls/client.crt
- ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin#example.com/tls/client.key
- GODEBUG=netdns=go
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/channel-artifacts/:/var/hyperledger/configs:ro
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block:ro
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp:/var/hyperledger/orderer/msp:ro
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/:/var/hyperledger/orderer/tls:ro
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users:ro
- /home/delta/GoWorkspace/src/github.com/testchain/backup_blockchain/orderer1/production/orderer:/var/hyperledger/production/orderer
ports:
- published: 7050
target: 7050
# mode: host
#- 7050:7050
- published: 4443
target: 4443
# mode: host
networks:
testchain-network:
aliases:
- orderer1.example.com
docker-peer0-org1.yaml
version: '3.7'
volumes:
peer0.org1.example.com:
networks:
testchain-network:
external: true
name: testchain-network
services:
org1peer0couchdb:
hostname: couchdb.peer0.org1.example.com
image: hyperledger/fabric-couchdb:0.4.18
user: "${UID}:${GID}"
environment:
- COUCHDB_USER=couchdb
- COUCHDB_PASSWORD=couchdb123
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
placement:
constraints:
- node.hostname == gcloud1
ports:
- published: 5984
target: 5984
# mode: host
networks:
testchain-network:
aliases:
- couchdb.peer0.org1.example.com
org1peer0:
hostname: peer0.org1.example.com
image: hyperledger/fabric-peer:1.4.4
user: "${UID}:${GID}"
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=testchain-network
- CORE_VM_DOCKER_ATTACHSTDOUT=true
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_CHAINCODE_BUILDER=hyperledger/fabric-ccenv:1.4.4
- CORE_CHAINCODE_GOLANG_RUNTIME=hyperledger/fabric-baseos:0.4.18
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- FABRIC_LOGGING_SPEC=info
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_CHAINCODE_LOGGING_SHIM=DEBUG
- CORE_LOGGING_CAUTHDSL=warning
- CORE_LOGGING_GOSSIP=warning
- CORE_LOGGING_LEDGER=info
- CORE_LOGGING_MSP=warning
- CORE_LOGGING_POLICIES=warning
- CORE_LOGGING_GRPC=DEBUG
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:7443
# Client certs
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin#org1.example.com/tls/ca.crt
- CORE_PEER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin#org1.example.com/tls/client.crt
- CORE_PEER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin#org1.example.com/tls/client.key
# CouchDB
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=couchdb
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=couchdb123
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb.peer0.org1.example.com:5984
- GODEBUG=netdns=go
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/:rw
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp:ro
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls:ro
- /home/delta/GoWorkspace/src/github.com/testchain/bchain_network/crypto-config/peerOrganizations/org1.example.com/users:/var/hyperledger/users:ro
- /home/delta/GoWorkspace/src/github.com/testchain/backup_blockchain/peer0org1/production:/var/hyperledger/production
#- ../chaincode/:/opt/gopath/src/github.com/chaincode
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
placement:
constraints:
- node.hostname == gcloud1
ports:
- published: 7051
target: 7051
# mode: host
- published: 7052
target: 7052
# mode: host
- published: 7443
target: 7443
# mode: host
networks:
testchain-network:
aliases:
- peer0.org1.example.com
- /home/delta/GoWorkspace/src/github.com/testchain/backup_blockchain/orderer1/production/orderer:/var/hyperledger/production/orderer
Instead of above host path mount
Please create a docker volume for each entity(orderer1, orderer2, etc) and copy all data to the volume and map the volume instead of host path
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove all unused local volumes
rm Remove one or more volumes
Run 'docker volume COMMAND --help' for more information on a command.
Seems like permission issue and check the resources like CPU and ram
usage