From b431f213b3a1fcbd782ad8a1f82abce878cc34cc Mon Sep 17 00:00:00 2001 From: Adrien Brault Date: Sat, 11 Apr 2020 19:15:48 +0200 Subject: [PATCH 1/2] Use traefik 2 --- .gitignore | 1 + Makefile | 13 ++++++++++++ README.md | 50 ++++++++++++++++++---------------------------- docker-compose.yml | 32 +++++++++++++++++++++++------ nginx.conf | 11 ---------- traefik-ssl.toml | 5 +++++ 6 files changed, 64 insertions(+), 48 deletions(-) create mode 100644 .gitignore create mode 100644 Makefile delete mode 100644 nginx.conf create mode 100644 traefik-ssl.toml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a66252b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/ssl/* diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..cc1f8d4 --- /dev/null +++ b/Makefile @@ -0,0 +1,13 @@ +.DEFAULT_GOAL := all + +ifeq (, $(shell which mkcert)) + $(error "No mkcert in $(PATH). Please install mkcert, see https://github.com/FiloSottile/mkcert#installation") +endif + +ssl/test.key: + mkdir -p ./ssl + mkcert --key-file ./ssl/test.key --cert-file ./ssl/test.crt "*.docker.test" 127.0.0.1 ::1 + +all: ssl/test.key + docker network inspect traefik-docker > /dev/null 2>&1 || docker network create traefik-docker + docker-compose up -d --remove-orphans diff --git a/README.md b/README.md index 03a2230..2fe8b25 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,35 @@ -# Local load balancer for docker-compose projects - -This project allows to access individual docker compose containers through `http://(.+\.)?..docker`. - -This is how it works: -- A docker container runs a dns server that always returns 127.0.0.1 (exposed to localhost:10053) -- The system needs to be configured to resolve any .docker hostname with localhost:10053 -- A docker container runs an nginx load balancer exposed on localhost:80 that proxies `*..docker` - http requests to `__1`. This container is attached to all the docker networks. - -The containers will start when docker starts since they are configured with `restart: always`. - ## Installation ``` -# Start load balancer and dns -docker-compose up -d - -# Give load balancer access to all the compose networks -docker network ls --filter driver=bridge --filter scope=local -q \ - | xargs -I {} docker network connect {} "$(docker-compose ps -q lb)" +# Generate ssl certificates using mkcert and start traefik, dns +make # Configure system to resolve all .docker domains using the spun up dns server sudo mkdir -p /etc/resolver -sudo tee /etc/resolver/docker > /dev/null < /dev/null <_default "$(docker-compose ps -q lb)" +services: + webserver: + # image, volumes, etc + networks: + - traefik-docker + labels: + traefik.enable: true + traefik.http.routers.webserver.rule: 'Host(`my-webserver.docker.test`)' ``` diff --git a/docker-compose.yml b/docker-compose.yml index ad9f22d..a0fad1c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,13 +1,33 @@ -version: "3" +version: '3' + +networks: + traefik-docker: + external: true services: - lb: - image: nginx:1.15-alpine + traefik: + image: traefik:v2.2 + restart: always + command: + - '--log.level=DEBUG' + - '--api.insecure=true' + - '--providers.docker=true' + - '--providers.docker.exposedbydefault=false' + - '--providers.docker.network=traefik-docker' + - '--entrypoints.http.address=:80' + - '--entrypoints.https.address=:443' + - '--entrypoints.https.http.tls=true' + - '--providers.file.filename=/etc/traefik/traefik-ssl.toml' ports: - - 80:80 + - '80:80' + - '443:443' + - '8080:8080' + networks: + - traefik-docker volumes: - - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro - restart: always + - '/var/run/docker.sock:/var/run/docker.sock:ro' + - './traefik-ssl.toml:/etc/traefik/traefik-ssl.toml' + - './ssl/:/etc/traefik/ssl/:ro' logging: &logging options: max-size: '10k' diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index 736090a..0000000 --- a/nginx.conf +++ /dev/null @@ -1,11 +0,0 @@ -server { - listen 80; - - server_name ~^(.+\.)?(?P.+)\.(?P.+)\.docker$; - - location / { - resolver 127.0.0.11; - proxy_set_header Host $host; - proxy_pass "http://${project}_${service}_1"; - } -} diff --git a/traefik-ssl.toml b/traefik-ssl.toml new file mode 100644 index 0000000..20f0895 --- /dev/null +++ b/traefik-ssl.toml @@ -0,0 +1,5 @@ +[tls.stores] + [tls.stores.default] + [tls.stores.default.defaultCertificate] + certFile = "/etc/traefik/ssl/test.crt" + keyFile = "/etc/traefik/ssl/test.key" From 4a422d063e895ff78a1113280a6632cb27ee62ef Mon Sep 17 00:00:00 2001 From: Adrien Brault Date: Sat, 11 Apr 2020 19:16:57 +0200 Subject: [PATCH 2/2] remove debug logs --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index a0fad1c..c7b45a8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: image: traefik:v2.2 restart: always command: - - '--log.level=DEBUG' + #- '--log.level=DEBUG' - '--api.insecure=true' - '--providers.docker=true' - '--providers.docker.exposedbydefault=false'