I've created my docker-compose file with 3 dockerfile attached. Everything is working but currently I'd like to expose outside port 8000.
This is not happening. The host is unreachable :(
What's wrong with this?
version: '3'
services:
elastic:
build: ./elastic
ports:
- 5500:80
tty: true
networks:
- default
api:
build: ./api
ports:
- 5000:80
depends_on:
- elastic
tty: true
networks:
- default
web:
build: ./web
ports:
- 8000:80
depends_on:
- api
tty: true
networks:
- outside
- default
networks:
outside:
external:
name: docker_gwbridge
I had a similar issue with an app running on port other than 80/443. I deployed the app on AWS EC2, and the host could not be reached. In order to make it visible, I had to add an inbound rule in "Security Groups" of EC2 instance, which exposed other ports (8000 in my case).
Related
What I am trying is to create a container isolated otherwise but having a port open for access from outside. I'd like to keep it so that container can't access internet.
I have internal network and container that has a single port open for accessing the service.
example docker-compose.yml:
version: '3.8'
networks:
vaultwarden:
driver: default
internal: true
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
ports:
- 8050:80
stdin_open: true
tty: true
volumes:
- /home/user/password_test:/data/
environment:
- WEBSOCKET_ENABLED=true
- ROCKET_WORKERS=8
networks:
- vaultwarden
It seems to work, service is accessible in localhost:8050 and from the container I can't access internet.
Still I am wondering is this right way to do it?
EDIT: I'm using podman-compose where this works but in docker-compose I have to put bridge instead of default. And it seems with docker this solution does not work at all
Solution of some sorts was to create a reverse-proxy and attach it to to the internal and to a driver:bridge network. Now the traffic to vaultwarden app goes through the other network and vaultwarden itself can't access internet.
networks:
vaultwarden_net_internal:
internal: true
vaultwarden_net_outside:
driver: bridge
services:
vaultwarden:
image: vaultwarden/server:latest
restart: always
stdin_open: true
tty: true
volumes:
- /home/user/password_test:/data/
environment:
- WEBSOCKET_ENABLED=true
- ROCKET_WORKERS=8
networks:
- vaultwarden_net_internal
proxy:
build:
context: ./
dockerfile: Dockerfile
restart: always
stdin_open: true
tty: true
networks:
- vaultwarden_net_internal
- vaultwarden_net_outside
ports:
- 8051:80
depends_on:
- vaultwarden
I have 2 containers that belongs to the same network:
version: '3'
services:
#PHP Service
app:
build:
context: ./website
dockerfile: Dockerfile
image: travellist
container_name: app
restart: unless-stopped
depends_on:
- db
tty: true
...
networks:
- app-network
administration:
build:
dockerfile: Dockerfile
image: travellist
container_name: administration
restart: unless-stopped
depends_on:
- db
tty: true
environment:
....
networks:
- app-network
#Nginx Service
webserver:
container_name: webserver
image: nginx:1.17-alpine
restart: unless-stopped
depends_on:
- db
ports:
- 8000:80
- 7999:81
...
networks:
- app-network
#Docker Networks
networks:
app-network:
driver: bridge
as you can see the two applications runs over NGINX over 2 different ports... however, I'm unable to send a request from one application to the other one... non of the following works (from administration, that is the one that works over 81:7999):
localhost:80
localhost:8000
app:80
app:8000
From the administration container you should send your request to the webserver on port 80.
From the administration container, you can first check that you can ping the webserver, if it succeeds it means that the two can reach each other on the network and for this reason, you can execute your request.
Please note that the port 8000 is only exposed to the host machine.
I'm little bit confused with docker and network communication. I tried many things but it didn't work :-(.
I have following docker compose:
version: '3'
services:
nginx:
container_name: nginx
image: nginx:stable-alpine
restart: unless-stopped
tty: true
ports:
- 80:80
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d:ro
depends_on:
- app
networks:
- frontend
- backend
app:
restart: unless-stopped
tty: true
build:
context: .
dockerfile: Dockerfile
container_name: app
expose:
- "9090"
ports:
- 9090:9090
networks:
- backend
networks:
frontend:
backend:
And I would like to communicate:
From nginx to app //this probably works
From app to postgreSQL which is installed on server (no docker container)
I cannot do this, I tried many things but something is wrong :-(
You can choose any of these two options:
Make your postgresql listen to all your network interfaces (or the docker bridge for more secure but complex setup), to achieve that you need to make sure your config looks like this:
# grep listen /var/lib/pgsql/data/postgresql.conf
listen_addresses = '*'
Use host network mode in your docker compose, which runs docker in your host network name space instead of creating a new network:
network_mode: "host"
I'm trying to use traefik in my docker-compose file. My php app is listening on port 8000
version: '3'
services:
traefik:
image: traefik:1.7.4
container_name: traefik-${PROJECT_NAME}
ports:
- ${TRAEFIK_PORT}:80
- ${TRAEFIK_PORT_HTTPS}:443
- ${TRAEFIK_DASHBOARD_PORT}:8080
volumes:
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
networks:
- webgateway
php-fpm:
build:
context: .
dockerfile: Dockerfile-php
container_name: php-fpm-${PROJECT_NAME}
ports:
- 8000
working_dir: /var/www/html/
volumes:
- ../app:/var/www/html
tty: true
env_file:
- ./.env
entrypoint: /entrypoint.sh
networks:
- traefik
networks:
webgateway:
driver: bridge
traefik:
external:
name: traefik_webgateway
volumes:
data-volume: {}
Trefik watch every container
[docker]
domain = "local"
watch = true
All container appear in Traefik dashboard but frontend Host do not match with IP address. I can't access the app.
But when I go directly through the container IP address, it works.
Did I missed something in the configuration?
Found it. I have added host name in my /etc/hosts file.
Works fine with that
I have several domains sharing one public IP (EC2 instance). My setup is like this:
/home/ubuntu contains docker-compose.yml:
version: '3'
services:
nginx-proxy:
image: "jwilder/nginx-proxy"
container_name: nginx-proxy
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
ports:
- "80:80"
restart: "always"
This creates a network named ubuntu_default which will allow other compose instances to join. The nginx-proxy image creates reverse proxies for these other compose instances so that you can visit example.com and be routed to the appropriate UI within the appropriate compose instance.
/home/ubuntu/example.com/project-1 contains a docker-compose.yml like:
version: '3'
services:
db:
build: "./db" # mongo
volumes:
- "./data:/data/db"
restart: "always"
api:
build: "./api" # a node backend
ports:
- "9005:9005"
restart: "always"
depends_on:
- db
ui:
build: "./ui" # a react front end
ports:
- "8005:8005"
restart: "always"
environment:
- VIRTUAL_HOST=project-1.example.com # this tells nginx-proxy which domain to proxy
- VIRTUAL_PORT=8005 # this tells nginx-proxy which port to proxy
networks:
default:
external:
name: ubuntu_default
/home/ubuntu/testing.com/project-2 contains a docker-compose.yml like:
version: '3'
services:
db:
build: "./db" # postgres
volumes:
- "./data:/var/lib/postgresql/data"
restart: "always"
api:
build: "./api" # a python backend
ports:
- "9000:9000"
restart: "always"
depends_on:
- db
ui:
build: "./ui" # a react front end
ports:
- "8000:8000"
restart: "always"
environment:
- VIRTUAL_HOST=testing.com,www.testing.com # tells nginx-proxy which domains to proxy
- VIRTUAL_PORT=8000 # tells nginx-proxy which port to proxy
networks:
default:
external:
name: ubuntu_default
So basically:
project-1.example.com:80 forwards to the UI running on :8005
project-1.example.com:80/api forwards to the API running on :9005
testing.com forwards to the UI running on :8000
testing.com/api forwards to the API running on :9000
...and that all works perfectly as long as I only run one at a time. The moment I start both Compose instances, the /api urls start clashing. I can sit on one of them and refresh repeatedly and sometimes I'll see the one for example.com/api and sometimes I'll see the one for testing.com/api.
I have no idea whats going on at this point. Maybe the premise I'm working against is fundamentally flawed but it seems like an intended use of Docker/Compose. I'm open to suggestions to accomplish the same otherwise.
Docker containers communicate using DNS lookups on their network. If multiple containers have the same alias on the same network, it will round robin load balance between the containers with each network connection. If you don't want containers to talk to each other, then you don't want them on the same docker network. The good news is you solve this by using more than one network, and not putting the api and db server on the frontend proxy network:
version: '3'
services:
db:
build: "./db" # postgres
volumes:
- "./data:/var/lib/postgresql/data"
restart: "always"
api:
build: "./api" # a python backend
ports:
- "9000:9000"
restart: "always"
depends_on:
- db
ui:
build: "./ui" # a react front end
ports:
- "8000:8000"
restart: "always"
networks:
- default
- proxy
environment:
- VIRTUAL_HOST=testing.com,www.testing.com # tells nginx-proxy which domains to proxy
- VIRTUAL_PORT=8000 # tells nginx-proxy which port to proxy
networks:
proxy:
external:
name: ubuntu_default
If you do not override the default network, docker will create one for your compose project and use it for any containers not assigned to another network.