diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a66252b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/ssl/* diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..cc1f8d4 --- /dev/null +++ b/Makefile @@ -0,0 +1,13 @@ +.DEFAULT_GOAL := all + +ifeq (, $(shell which mkcert)) + $(error "No mkcert in $(PATH). Please install mkcert, see https://github.com/FiloSottile/mkcert#installation") +endif + +ssl/test.key: + mkdir -p ./ssl + mkcert --key-file ./ssl/test.key --cert-file ./ssl/test.crt "*.docker.test" 127.0.0.1 ::1 + +all: ssl/test.key + docker network inspect traefik-docker > /dev/null 2>&1 || docker network create traefik-docker + docker-compose up -d --remove-orphans diff --git a/README.md b/README.md index 03a2230..2fe8b25 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,35 @@ -# Local load balancer for docker-compose projects - -This project allows to access individual docker compose containers through `http://(.+\.)?..docker`. - -This is how it works: -- A docker container runs a dns server that always returns 127.0.0.1 (exposed to localhost:10053) -- The system needs to be configured to resolve any .docker hostname with localhost:10053 -- A docker container runs an nginx load balancer exposed on localhost:80 that proxies `*..docker` - http requests to `__1`. This container is attached to all the docker networks. - -The containers will start when docker starts since they are configured with `restart: always`. - ## Installation ``` -# Start load balancer and dns -docker-compose up -d - -# Give load balancer access to all the compose networks -docker network ls --filter driver=bridge --filter scope=local -q \ - | xargs -I {} docker network connect {} "$(docker-compose ps -q lb)" +# Generate ssl certificates using mkcert and start traefik, dns +make # Configure system to resolve all .docker domains using the spun up dns server sudo mkdir -p /etc/resolver -sudo tee /etc/resolver/docker > /dev/null < /dev/null <_default "$(docker-compose ps -q lb)" +services: + webserver: + # image, volumes, etc + networks: + - traefik-docker + labels: + traefik.enable: true + traefik.http.routers.webserver.rule: 'Host(`my-webserver.docker.test`)' ``` diff --git a/docker-compose.yml b/docker-compose.yml index ad9f22d..c7b45a8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,13 +1,33 @@ -version: "3" +version: '3' + +networks: + traefik-docker: + external: true services: - lb: - image: nginx:1.15-alpine + traefik: + image: traefik:v2.2 + restart: always + command: + #- '--log.level=DEBUG' + - '--api.insecure=true' + - '--providers.docker=true' + - '--providers.docker.exposedbydefault=false' + - '--providers.docker.network=traefik-docker' + - '--entrypoints.http.address=:80' + - '--entrypoints.https.address=:443' + - '--entrypoints.https.http.tls=true' + - '--providers.file.filename=/etc/traefik/traefik-ssl.toml' ports: - - 80:80 + - '80:80' + - '443:443' + - '8080:8080' + networks: + - traefik-docker volumes: - - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro - restart: always + - '/var/run/docker.sock:/var/run/docker.sock:ro' + - './traefik-ssl.toml:/etc/traefik/traefik-ssl.toml' + - './ssl/:/etc/traefik/ssl/:ro' logging: &logging options: max-size: '10k' diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index 736090a..0000000 --- a/nginx.conf +++ /dev/null @@ -1,11 +0,0 @@ -server { - listen 80; - - server_name ~^(.+\.)?(?P.+)\.(?P.+)\.docker$; - - location / { - resolver 127.0.0.11; - proxy_set_header Host $host; - proxy_pass "http://${project}_${service}_1"; - } -} diff --git a/traefik-ssl.toml b/traefik-ssl.toml new file mode 100644 index 0000000..20f0895 --- /dev/null +++ b/traefik-ssl.toml @@ -0,0 +1,5 @@ +[tls.stores] + [tls.stores.default] + [tls.stores.default.defaultCertificate] + certFile = "/etc/traefik/ssl/test.crt" + keyFile = "/etc/traefik/ssl/test.key"