Accessing Apache Nifi through traefik load balancer on docker swarm - docker-swarm

Trying to setup Apache NiFi docker container, with traefik as load balancer over docker swarm network, We are able to access web UI, while browsing through UI, it redirects to docker internal host instead of proxy host name, As per below thread from Nifi here looks we need to pass http headers from proxy, couldn't find a way to set it through Traefik, any help here is much appreciated.
On a side note tested Nifi with another reverse proxy, it works fine without any extra configurations needed.

Adding below label in docker-compose for the service resolved the issue.
traefik.frontend.headers.customRequestHeaders=X-ProxyScheme:https||X-ProxyHost:<Virtual HostName>||X-ProxyPort:<Virtual Port>

Related

Export docker container through cloudflared

I have a NAS where I am running various web apps in docker containers through docker-compose. I want some of these web apps to be accessible through the internet, not only when I am connected to my home network.
The problem I'm currently facing is that while cloudflare is able to expose the default web apps (default NAS management 192.168.1.135:80 can be mapped to subdomain.domain.com, for instance), it is unable to expose any docker container I try to run (192.168.1.135:4444 cannot be mapped to subdomain2.domain.com), and I receive a 502 bad gateway error with every app I have tried so far.
The configuration shouldn't be the issue, and it's definitely not the NoTLSVerify flag because the apps run on HTTP and I have configured it that way, so I am out of options to know what is going on and how to solve it.
Looks like the apps you're running on your NAS are proxied through the docker runtime. Consequently, the IP:port you need to add to the cloudflare tunnel config is the one that is reachable from the Host (not the IP of the host itself).
If the host is 192.168.1.135, you need to know which the the IP (internal to the docker network) of the app that you want to access from the outside, typically in the 172.0.0.1/24 range.
Example: If the containers running the apps you want to access are running on 172.0.0.2:4444 for app1 and 172.0.0.3:5555 for app2, the cloudflare config would look like this:
tunnel: the_ID_of_the_tunnel
credentials-file: /root/.cloudflared/the_ID_of_the_tunnel.json
ingress:
- hostname: yourapp1.example.com
service: http://172.0.0.2:4444
- hostname: ypurapp2.example.com
service: http://172.0.0.3:5555
- service: http_status:404
See more details and a video here: How to redirect subdomain to port (docker)
Turns out the problem is due to how docker works with networks, not with how Cloudflare accesses them. I first had to create a network that connected both containers, since adding cloudflare to my docker-compose file didn't work for some reason.
Create a docker network docker network create tunnel
Run docker without specifying the network docker run -d --name cloudflare cloudflare/cloudflared:latest tunnel --no-autoupdate run --token
Add the docker to the network docker network connect tunnel cloudflare
Run the container (note the container should have, as you specified, the network name identical to the one you created earlier, but cloudflare should not be in your docker-compose file) docker-compose up
In the cloudflare tunnel config, you will have to specify the docker internal address of your container (as #lu4t suggested). You can identify the address with docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container

How to make a chain of nginx proxies using nginx docker containers with each docker having different IP?

I have a django app. In front of that I want to setup 3 nginx proxies (docker containers) in local (MacOS) like:
browser-->proxy1-->proxy2-->proxy3-->(gunicorn):django-app
I have to check some IP related thing in my django app. So when I am logging the x_forwarded_for header in my django app I am getting it as: 'X-Forwarded-For': '172.17.0.1, 172.17.0.1, 172.17.0.1'
I want to give each of my nginx proxy container a different static IP. How to do that. What docker command I need to use ?

How to Make Docker Use Specific IP Address for Browser Access from the Host

I'm using docker for building both UI and some backend microservices, and using Spring Zuul as the Proxy to pass Restful API calls from UI to the downstream microservices. My UI project needs to specify an IP address in the JS file before the build, and the Zuul project also needs to specify the IP addresses for the downstream microservices. So that after starting the containers, I can access my application using my docker machine IP http://192.168.10.1/myapp and the restful API calls in the browser network tab will be http://192.168.10.1/mymicroservices/getProduct, etc.
I can set all the IPs to my docker machine IP and build them without issues. However for my colleagues located in other countries, their docker machine IP will be different. How can I make docker use a specific IP, for example, 192.168.10.50, which I can set in the UI project and Zuul Proxy project, so that the docker IP will be the same for everyone, regardless of what their actual docker machine IP is?
What I've tried:
I've tried port forwarding in VirtualBox. It works for the UI, however the restful API calls failed.
I also tried the solution mentioned in this post:
Assign static IP to Docker container
However I can't access the services from the browser using the container IP address.
Do you have any better ideas? Thank you!
first of to clarify couple things,
If you are doin docker run ..... then you just starting container in your docker which is installed on the host machine. And there now way docker can change ip of your host machine. Thus if your other services are running somewhere else they will have to know something about docker host machine, ip or dns name.
so basically docker does runs on 127.0.0.1 if you are trying it on docker host machine, or on host machine IP if from outside of it. So docker don't need IP of host to start.
The other thing is if you are doing docker-composer up/start. Which means all services are in that docker compose file. In this case docker composer creates docker network for all containers in it. in this case you definitely can use fixed IPs for containers, though most often you don't need to because docker takes care of name resolution in that network.
if you are doing k8s way - then it is third way (production way), and it os another story.
if that is neither of above then please provide more info on how are you doing stuff.
EDIT - to:
if you are using docker composer and need to expose any of your containers to host machine you can do it through port mapping:
web:
image: some image here
ports:
- 8181:8080
left is the host machine port, right is container port
and then in browser on the host you can do request to localhost:8181
here is doc
https://docs.docker.com/compose/compose-file/#ports

Looking for an example docker-compose file to have traefik to reverse proxy both a container and non container service

I want to be able to use traefik so that I can reverse proxy both container and non-container services. And I’d like to be able to use a docker-compose file so it is easily setup and torn down. I thought this would be a common request, but I can’t find a unified example. And since I’m still really new to docker, this is a little outside of my wheelhouse. Ideally the docker-compose file would:
install the traefik container, including authentication so that traefik can be managed with a WebUI
Have traefik use Let’s encrypt to generate and maintain SSL certificates that traefik will use to reverse proxy both docker and non-docker services
install a sample container (like Apache) that will be tagged so traefik will reverse proxy to https://apache.example.com (http automatically redirects)
reverse-proxy a non-container service at http://192.168.1.15:8085 to https://foobar.example.com (http automatically redirects)
I’ve seen plenty of examples on how to use traefik and to tag new containers so that they are reversed proxied, but precious few on how to reverse proxy non-docker services. I’m sure I’m not the only one who would appreciate an example that does both at the same time.

Running nginx in a container as reverse proxy with dynamic configuration

I'm trying to setup nginx as a reverse proxy in a container for my containers (Docker Swarm) and static sites which are being hosted on Google Cloud Platform & Netlify
I'm actually able to run nginx in containers, but I'm really worried about the configurations.
How will I update my site configurations in nginx to all containers (add / remove location)?
Is attaching a disk is the best option to store logs?
Is there any fault in my architecture?
If image isn't working, please use this link - https://s1.postimg.org/1tv4hka3zz/profitto-architecture_1.png
Hej Sanjay.
Have a look at:
https://github.com/jwilder/nginx-proxy
https://traefik.io/
The first one is a modified Nginx Reverse Proxy by J.Wilder.
The Second one is a new and native Reverse Proxy created specially for such use cases.
Both are able to listen to the docker.socks and dnynamicly add new containers to the reverse-proxy backend.
Regarding your Architecture:
Why not running the Reverse-Proxy Containers inside the Swarm Cluster?
Related to logging, have a Look at the Docker Log-Drivers.
You can collect the Logs of all Containers with eg. fluentd or splunk.

Resources