Develop Reference

How to use Traefik to reverse proxy an already running node service?

I've got a node process running on port 3000 using pm2.
I want to configure Traefik so that it reverse proxies this service on port 80.
Following this excellent blog post, I was able to quickly start Traefik using docker compose and set up a skeleton config for the node-server.
However, that example assumes the node process is hosted inside a docker as well. I couldn't get this to work for my node process (*) so I just want to be able to configure Traefik by pointing to port 3000 in some way. Seems straightforward but couldn't get it to work.
I'm stuck with the following config (which is a mix of various blog-posts without actually knowing what I'm doing):
services:
reverse-proxy:
image: traefik:v2.4
container_name: "traefik"
command:
- "--api.insecure=true"
- "--api.dashboard=true"
- "--api.debug=true"
- "--providers.docker=true"
- "--log.LEVEL=DEBUG"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--providers.docker.exposedbydefault=false"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=xxxx#xxx.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "80:80"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
node-server:
loadBalancer:
servers:
- url: http://127.0.0.1:3000/
labels:
- "traefik.enable=true"
- "traefik.http.routers.node-server.rule=Host(`xxxxxx.com`)"
- "traefik.http.routers.node-server.entrypoints=websecure"
- "traefik.http.routers.node-server.tls.certresolver=myresolver"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
This gives the error: 'Unsupported config option for services.node-server: 'loadBalancer'"
Long story short: how would I configure Traefik to just reverse proxy a service running on port 3000?
*) A total newbie to Docker and I couldn't get the situation to work, where the node process depends on custom javascript modules in a parent directory. Perhaps there's a way to do this and I could do it in the 'host node in docker' way instead. I'm all ears

A few months ago I have configured a reverse proxy, here you go my configuration:
version: '3'
services:
reverse-proxy:
image: traefik:v2.5
container_name: selling-point-reverse-proxy
ports:
- 80:80
- 8080:8080
volumes:
# Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
command:
# Enables the web UI
- --api.insecure=true
# Tells Traefik to listen to docker
- --providers.docker
# Creates a new entrypoint called web
- --entrypoints.web.address=:80
# Disable container exposition
- --providers.docker.exposedByDefault=false
# Traefik matches against the container's labels to determine whether to create any route for that container
- --providers.docker.constraints=Label(`traefik.scope`,`selling-point`)
# Enable tracing (using jaeger by default)
- --tracing=true
# Name of the tracing service on Jaeger
- --tracing.serviceName=reverse-proxy
# Host and port of the Jaeger agent
- --tracing.jaeger.localAgentHostPort=jaeger:6831
labels:
# Matcher for creating a route
- traefik.scope=selling-point
# Exposes container
- traefik.enable=true
# Creates circuit breaker middleware
- traefik.http.middlewares.latency.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 10000
# Creates a forward auth middleware
- traefik.http.middlewares.auth.forwardauth.address=http://auth:3000/auth/authorize
# Enables cross origin requests
- traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*
# Enables forwarding of the request headers
- traefik.http.middlewares.cors.headers.accessControlAllowHeaders=*
networks:
- selling-point
api:
image: selling-point-api
container_name: selling-point-api
build:
context: ./selling-point-api
labels:
# Tells Traefik where to redirect the request if the url has the specified prefix
- traefik.http.routers.api.rule=PathPrefix(`/api`)
# Attaches a middleware for forwarding the authentication
- traefik.http.routers.api.middlewares=cors,auth,latency
# Attaches entrypoints
- traefik.http.routers.api.entrypoints=web
# Exposes container
- traefik.enable=true
# Matcher for creating a route
- traefik.scope=selling-point
# Creates a service called selling-point-api
- traefik.http.services.selling-point-api.loadbalancer.server.port=3000
# Attach the container to a service
- traefik.http.routers.api.service=selling-point-api
volumes:
- ./selling-point-api/src:/app/src
networks:
- selling-point
environment:
WAIT_HOSTS: mysql:3306
DATABASE_URL: mysql://root:huachinango#mysql:3306/selling_point
NODE_ENV: development
auth:
image: selling-point-auth
container_name: selling-point-auth
build:
context: ./selling-point-auth
labels:
# Tells Traefik where to redirect the request if the url has the specified prefix
- traefik.http.routers.auth.rule=PathPrefix(`/auth`)
# Attaches a circuit breaker middleware
- traefik.http.routers.auth.middlewares=cors,latency
# Attaches entrypoints
- traefik.http.routers.auth.entrypoints=web
# Exposes container
- traefik.enable=true
# Matcher for creating a route
- traefik.scope=selling-point
# Creates a service called selling-point-auth
- traefik.http.services.selling-point-auth.loadbalancer.server.port=3000
# Attach the container to a service
- traefik.http.routers.auth.service=selling-point-auth
environment:
WAIT_HOSTS: mysql:3306
IGNORE_ENV_FILE: 'true'
DATABASE_URL: mysql://root:huachinango#mysql:3306/selling_point
PASSWORD_SALT: $$2b$$10$$g0OI8KtIE3j6OQqt1ZUDte
NODE_ENV: development
volumes:
- ./selling-point-auth/src:/app/src
networks:
- selling-point
mysql:
image: mysql:5
container_name: selling-point-mysql
environment:
MYSQL_ROOT_PASSWORD: huachinango
MYSQL_DATABASE: selling_point
networks:
- selling-point
volumes:
- mysql-db:/var/lib/mysql
jaeger:
image: jaegertracing/all-in-one:1.29
container_name: selling-point-tracing
environment:
COLLECTOR_ZIPKIN_HOST_PORT: :9411
ports:
- 16686:16686
networks:
- selling-point
volumes:
mysql-db:
networks:
selling-point:
name: selling-point
driver: bridge

consumer: Cannot connect to amqp://user:**#rabbit1:5672//: failed to resolve broker hostname

I have perused through very similar stackoverflow questions and changed my code to what it is now. I am still getting the cannot resolve broker hostname error. If I just use amqp:user:mypass#locahost:5672 I get the a connection refused
# docker-compoose.yml
version: "3.8"
services:
broker:
image: rabbitmq:3-management-alpine
hostname: rabbit1
environment: &env
RABBITMQ_ERLANG_COOKIE: "SWQOKODSQALRPCLNMEQG"
RABBITMQ_DEFAULT_USER: "user"
RABBITMQ_DEFAULT_PASS: "password"
RABBITMQ_DEFAULT_VHOST: "/"
CELERY_BROKER_URL: "amqp://user:password#rabbit1:5672"
ports:
- "5672:5672"
- "15672:15672"
expose:
- "5672"
networks:
- webnet
volumes:
- .:/home/user
worker:
build:
context: .
dockerfile: ./worker/Dockerfile
command: ["celery", "worker", "--app=worker.tasks.app", "--loglevel=INFO"]
environment:
<<: *env
links:
- broker
depends_on:
- broker
networks:
- webnet
volumes:
- .:/home/user
networks:
webnet:
# Dockerfile
FROM python:3.7-slim
RUN groupadd user && useradd --create-home --home-dir /home/user -g user user
ENV CELERY_USER = user
WORKDIR /home/user
COPY . .
RUN pip install --no-cache-dir -r requirements.txt
RUN rm requirements.txt
I have tried just starting the rabbitmq broker through docker-compose and then manually doing a celery worker --app=tasks.app and that will work after setting the CELERY_BROKER_URL=amqp://user:mypass#localhost:5672
It throws the error when I have the worker and broker in the same yaml. I've tried it without the network, manually setting the CELERY_BROKER_URL in the Dockerfile also. If anyone has ideas what I'm doing wrong, I would really appreciate it.

There are a few things going on here. The first, addressed in comments, is that from the perspective of your worker container, your rabbitmq service is available on host broker, so your CELERY_BROKER_URL variable should point at amqp://user:password#broker:5672.
The second issue is that rabbitmq takes a while to start up. This means you'll initially see errors from celery worker when it first starts up, because it will attempt to connect before rabbitmq is ready. However, it will retry until it is successful.
I was able to get everything to work correctly with the following docker-compose.yml:
version: "3.3"
services:
broker:
image: rabbitmq:3-management-alpine
hostname: rabbit1
environment: &env
RABBITMQ_ERLANG_COOKIE: "SWQOKODSQALRPCLNMEQG"
RABBITMQ_DEFAULT_USER: "user"
RABBITMQ_DEFAULT_PASS: "password"
RABBITMQ_DEFAULT_VHOST: "/"
CELERY_BROKER_URL: "amqp://user:password#broker:5672"
ports:
- "5672:5672"
- "15672:15672"
expose:
- "5672"
volumes:
- .:/home/user
worker:
image: celery
command: ["celery", "worker", "-l" "INFO"]
environment:
<<: *env
volumes:
- .:/home/user
That's very similar to yours, but (a) I'm using the official celery image, since you didn't show us your Dockerfile, and (b) I've removed the links: key, because links has been deprecated in favor of the DNS-based service discovery that is now the default. Oh, and (c) I got rid of the custom network, since if you're creating a single network you might as well just use the default that docker-compose creates for you.
When I bring this up, I eventually see:
broker_1 | 2020-05-11 21:46:10.098 [info] <0.634.0> connection <0.634.0> (172.26.0.3:39372 -> 172.26.0.2:5672): user 'user' authenticated and granted access to vhost '/'
broker_1 | 2020-05-11 21:46:10.111 [info] <0.639.0> accepting AMQP connection <0.639.0> (172.26.0.3:39374 -> 172.26.0.2:5672)
worker_1 | [2020-05-11 21:46:10,100: INFO/MainProcess] Connected to amqp://user:**#broker:5672//
worker_1 | [2020-05-11 21:46:10,115: INFO/MainProcess] mingle: searching for neighbors
worker_1 | [2020-05-11 21:46:11,140: INFO/MainProcess] mingle: all alone

Communication between microservices with docker-compose and traefik

I have a microservice based node app. I am using docker, docker-compose and traefik for service discovery.
I have 2 microservices at this moment:
the server app: running at node-app.localhost:8000
the search microservice running at search-microservice.localhost:8002
The issue I can't make a request from one microservice to another.
Here are my docker compose config:
# all variables used in this file are defined in the .env file
version: "2.2"
services:
node-app-0:
container_name: node-app
restart: always
build: ./backend/server
links:
- ${DB_HOST}
depends_on:
- ${DB_HOST}
ports:
- "8000:3000"
labels:
- "traefik.port=80"
- "traefik.frontend.rule=Host:node-app.localhost"
reverse-proxy:
image: traefik # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
volumes:
- /var/run/docker.sock:/var/run/docker.sock
search-microservice:
container_name: ${CONTAINER_NAME_SEARCH}
restart: always
build: ./backend/search-service
links:
- ${DB_HOST}
depends_on:
- ${DB_HOST}
ports:
- "8002:3000"
labels:
- "traefik.port=80"
- "traefik.frontend.rule=Host:search-microservice.localhost"
volumes:
node-ts-app-volume:
external: true
Both the node-app and the search-microservice expose the port 3000.
Why can't I call http://search-microservice.localhost:8002 from the node app ? calling it from the browser works though.

Because node-app is a container and to access other containers it has to use service name and internal port.
In your case it is search-microservice:3000.
To access host PC and exposed ports, you have to use host.docker.internal name for all services and external port.

If you want to access other services from in a different container with their hostnames, you can use the "extra_hosts" parameter in your docker-compose.yml file. Also, you have to use the "ipv4_address" parameter under the network parameter for each all services.
For example;
services:
node-app-1:
container_name: node-app
networks:
apps:
ipv4_address: 10.1.3.1
extra_hosts:
"search-microservice.localhost:10.1.3.2"
node-app-2:
container_name: search-microservice
networks:
apps:
ipv4_address: 10.1.3.2
extra_hosts:
"node-app.localhost:10.1.3.1"
Extra hosts in docker-compose

Drone.IO – GitLab address with hosts file

I have a GitLab instance on a fixed internal IP, and configured the hosts file on the clients if a hostname which points to that IP.
But we are unable to make Drone work when using the hostname. We have Gitlab on port 80 and Drone on port 8000. It does work when it’s configured to the fixed ip:
Our compose file:
version: '2'
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
restart: always
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://our.host.name.com'
gitlab_rails['gitlab_shell_ssh_port'] = 22
# Add any other gitlab.rb configuration here, each on its own line
ports:
- '80:80'
- '443:443'
- '22:22'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
drone-server:
image: drone/drone:0.7.3
links:
- "gitlab:our.host.name.com"
ports:
- "8000:8000"
volumes:
- /home/drone:/var/lib/drone/
- /home/drone/cache:/var/lib/drone/cache/
- /home/foresight/keys:/var/lib/drone/keys
environment:
DRONE_OPEN: "true"
DRONE_SERVER_ADDR: ":8000"
DRONE_HOST: "http://our.host.name.com:8000"
DRONE_ADMIN: <redacted>
DRONE_GITLAB: "true"
DRONE_GITLAB_URL: "http://our.host.name.com"
DRONE_GITLAB_CLIENT: <redacted>
DRONE_GITLAB_SECRET: <redacted>
DRONE_SECRET: <redacted>
drone-agent:
image: drone/drone:0.7.3
command: agent
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
DRONE_SERVER: ws://drone-server:8000/ws/broker
DRONE_DEBUG: "true"
DRONE_SECRET: <redacted>
When i configure it this way, drone doesn’t seem to accept triggers from GitLab.
Naturally, i reset the drone cache, updated the callback url to use the domain name also, and re-activated the repositories.
i couldn’t find any log file for drone that provides insight on why the trigger fails.

How to run docker-compose in Azure Container Service and deploy to agent rather than master?

I follow this article (https://blogs.msdn.microsoft.com/jcorioland/2016/04/25/create-a-docker-swarm-cluster-using-azure-container-service/#comment-1015) to setup a swarm docker host cluster. There are 1 master and 2 agents.The good points for this article is to use "-H 172.16.0.5:2375" which creates new containers on "agent" rather than "master" one.
My question is: if I want to make docker-compose.yml work with that, how could I do it? I have tried command like:
docker-compose -H 172.16.0.5:2375 up
But it doesn't work. If I just use:
docker-compose up
Then the containers will be created on master host and I couldn't even use public DNS to visit the website.
Here is the yml file I use for 1 magento & 1 mariadb containers:
version: '2'
services:
mariadb:
image: 'bitnami/mariadb:latest'
environment:
- ALLOW_EMPTY_PASSWORD=yes
ports:
- '3306:3306'
volumes:
- 'mariadb_data:/bitnami/mariadb'
magento:
image: 'bitnami/magento:latest'
environment:
- MAGENTO_HOST=172.16.0.5
- MARIADB_HOST=172.16.0.5
ports:
- '80:80'
volumes:
- 'magento_data:/bitnami/magento'
- 'apache_data:/bitnami/apache'
- 'php_data:/bitnami/php'
depends_on:
- mariadb
volumes:
mariadb_data:
driver: local
magento_data:
driver: local
apache_data:
driver: local
php_data:
driver: local
And this section is from my guess based on that article,
environment:
- MAGENTO_HOST=172.16.0.5
- MARIADB_HOST=172.16.0.5
but yml doesn't like port appended, e.g.
environment:
- MAGENTO_HOST=172.16.0.5:2375
- MARIADB_HOST=172.16.0.5:2375
Thanks a lot!