Serving Multiple Sites via HTTPs using a web-service and Docker - docker

Firstly, this is a great place to learn and share new information.
Now I've an issue with hosting two websites on the same server but before describing my problem, there are some terms that I'll use henceforth to make things easier.
Website Setup
Server OS - CentOS 7 x64, Docker version - 18.03.0-ce, build 0520e24
1st Website: example.com - hosted via Nginx (Runs as a service on the host machine and not via Docker Container) on port 80 (re-directs to 443) : static website with HTML / CSS code.
2nd Website: http://art.example.com:8080/ : served on port 8080 via this Docker Image
SSL - using LetsEncrypt for both the above domains.
Requirements
To serve both sites (and possibly more) via HTTPs without breaking either of them.
This is because when I browse the 2nd website using art.example.com:8080, it works fine but if I browse the 1st website then subsequent requests to 2nd website somehow start going on HTTPs, causing the page to not load.
Questions
Can both sites (and more) be served via port 80|443 via Nginx VHosts (or any other alternative) without using a different port, i.e: 8080 for 2nd website? This is to not have any ports in the URL as mentioned above but just the domain name.
Or, is there a way to forward traffic to the Docker service on a different port while the main main web service listens to port 80|443? What config changes would I need to do?
I've searched on this forum as much possible but couldn't get much.
Please let me know if any more information would be required from me.
Thanks in advance!

Solution: As recommended by this Docker image maintainer - kdelfour as well as a quick recommendation by BretFisher, we can remake the 1st Website as a Docker Container like the 2nd Website and then load-balance them using Traefik as a reverse proxy to manage SSL
Marking this as solved until an even better solution is found, cheers!

Related

Get Visitor IP or a Custom header in Jaeger docker behind docker traefik (v2,x)

we are experimenting with JAEGER as a tracing-tool for our traefik routing environment. We also use an ecapsulated docker network .
The goal is to accumulate requests on our api's per department and also some other monitoring.
We are using traefik 2.8 as a docker service. Also all our services run behind this traefik instance.
We added basic tracing configuration to our .toml file and startet a jaeger-instance, also as docker service. On our websecure endpoint we added forwardedHeaders.insecure = true
Jaeger is working fine, but we only get the docker internal host ip of the service, not the visitor ip from the user accessing a client with the browser or app.
I googled around and I am not sure, but it seems that this is a problem due to our setup and can't be fixed - except by using network="host". But unfortunately thats not an option.
But I want to be sure, so I hope someone here has a tip for us to configure docker/jaeger correctly or knows if it is even possible.
A different tracing tool suggestion (for example like tideways, but more python and wasm and c++ compatible) is also appreciated.
Thanks

Trouble connecting to Docker application via subdirectory instead of port

Preface: I'm new to the whole web hosting thing, so I apologize if any information I give doesn't make sense or is inaccurate. I will do my best to explain things.
I currently have a self-hosted server running Windows Server 2019 that is hosting two sites via IIS. I recently have created an application that runs on a Docker container instance that hosts a website on port 40444. I would like to access this site via a specific subdirectory on my website instead of the port (www.mywebsite.com/website3 instead of www.mywebsite.com:40444). For clarification, here is an example of what I'm looking to do:
www.mywebsite.com/website1 (hosted on IIS)
www.mywebsite.com/website2 (hosted on IIS)
www.mywebsite.com/website3 (hosted on docker via port 40444)
I was able to get a basic reverse proxy set up and successfully got the docker application to show on localhost/, but I would prefer using a subdirectory if possible.(image below).
I attempted to change (.*) to (.*)website3$ and it did what I wanted, but the website cannot load any files (i.e css, js, etc.) and gives me the following error
https://www.mywebsite.com/css/style.css net::ERR_ABORTED 404 (Not Found)
If IIS isn't the best option to accomplish what I need I am more than happy to use a different solution. As I mentioned before, I'm new to web hosting and it was just the simplest to set up.

Serving dockerized microservices over HTTPS

I'm currently struggling with docker and SSL. Let me give you an overview on what I'm trying to do.
I built a microservice-based architecture which is composed by a react web application and some "backend" services written in python and exposed with gunicorn on docker containers. I need to serve it over SSL because of Auth0 which needs the https communication. So, I built the server, bought a domain and got the SSL certificate for the domain with let's encrypt.
Now, here are the troubles, since mi services communicates to each other with a docker network, say services-network. For this reason they refer each other with the url `service:port/example.
At the moment I'm able to successfully connect to my web app with https but whenever this tries to contact the "backend" services the connection is refused because of it came from a non-secure resource (I used http://service:port/endpoint).
I tried to use the let's encrypt certificate generated for the webapp but the communication is blocked with message requests.exceptions.SSLError: HTTPSConnectionPool(host='service', port=8081): Max retries exceeded with url: /endpoint (Caused by SSLError(CertificateError("hostname 'service' doesn't match 'domain.com'",),))
I understand that a possible workaround for this error is to make the services communicate each other without using the docker network but the external one. Anyway I think that is not a good practice and that the communication among containers needs to be done through the docker network.
Finally, my question is: which is the best way to make the containers communicate through https over the docker network?
I personally like to use nginx as a reverse proxy. You would configure it normally and set it to proxy_pass <dockerIp:port>.
Many people like to use traefik.io which has many features including Let's Encrypt integration.

Simple configurable web server docker image for test environment

I have a microservice that sends HTTP requests to an external non-dockerized service.
Can anybody point me to a docker image of a simple web servicer, that I can start as part of my test environment? Ideally, it should be simple to customize (endpoints, ports, etc) and provide some meaningful logging of the incoming requests.
It depends on your preference for vendor. Here are some to choose from:
Linux:
Nginx
Apache httpd
Microsoft:
IIS
The links to those pages show you a few different distro's for each and contain the configuration information.
You can look at my project: https://github.com/mateuszgruszczynski/cinema its very crude and simple setup I use for performance test trainings. It contains few containers:
cinema-http / cinema-gateway - scala/akka based microservices
frontend - apache http server + simple php/js webpage
haproxy - haproxy as loadbalancer
plus some extra containers: postgres, mysql, jenkins, graphite, grafana
When it comes to dockerfiles and composer file it strongly depends on what technology you want to use for http server.
It does not have any extra logging but it should be easy to add, or maybe standard apache http logs will be enough for you.

How to view neo4j database on the hosted linode server

I am running standalone neo4j database server at localhost:7474 on a linode instance.
Is there any way to view this in the browser?
If you have SSH access to the Linode instance then you can run ssh -L 7474:localhost:7474 youruser#123.123.123.123 which will tunnel the remote port 7474 to localhost 7474. In your browser you can now use http://localhost:7474 to see the remote server without opening anything to the world.
You want what's called a "reverse proxy". Outside of your box, you can't talk about localhost:7474 as a hostname. So you want an external facing web server that "proxies" requests and sends them to localhost:7474.
One such option is Apache mod_proxy used as a reverse proxy. Examples on how to use it are behind the link. In general it's going to boil down to a configuration directive that looks something like:
ProxyPassReverse /neo4j http://localhost:7474
You also really want to read the documentation on securing the neo4j server.
WARNING - neo4j's web interface will let you do just about anything without authentication, including delete all of your data, change it, put new data in, and so on. It is a very bad idea to expose that functionality to the entire internet. So if you use a reverse proxy as suggested above, make sure you add some authentication layer (again you can do this with apache and mod_proxy) to permit just any random person from connecting to your instance and optionally deciding to trash it.

Resources