maybe someone can help me.
I have keycloak, my nodejs-server, and traefik all installed with docker-compose. Everything seemed to be fine until I called a route from my frontend to the nodejs API. No matter what I tried I get a 403 all the time. When the nodejs server is running not in a docker it works. Strange in my opinion.
Here my Docker Compose if it helps:
version: '3.8'
services:
mariadb:
image: mariadb:latest
container_name: mariadb
labels:
- "traefik.enable=false"
networks:
- keycloak-network
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
command: mysqld --lower_case_table_names=1
volumes:
- ./:/docker-entrypoint-initdb.d
keycloak:
image: jboss/keycloak
container_name: keycloak
labels:
- "traefik.http.routers.keycloak.rule=Host(`keycloak.localhost`)"
- "traefik.http.routers.keycloak.tls=true"
networks:
- keycloak-network
environment:
- DB_DATABASE=
- DB_USER=
- DB_PASSWORD=
- KEYCLOAK_USER=
- KEYCLOAK_PASSWORD=
- KEYCLOAK_IMPORT=/tmp/example-realm.json
- PROXY_ADDRESS_FORWARDING=true
ports:
- 8443:8443
volumes:
- ./realm-export.json:/tmp/example-realm.json
depends_on:
- mariadb
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin
labels:
- "traefik.http.routers.phpmyadmin.rule=Host(`phpmyadmin.localhost`)"
networks:
- keycloak-network
links:
- mariadb:db
ports:
- 8081:80
depends_on:
- mariadb
spectory-backend:
image: spectory-backend
container_name: spectory-backend
labels:
- "traefik.http.routers.spectory-backend.rule=Host(`api.localhost`)"
- "traefik.port=4000"
ports:
- 4000:4000
networks:
- keycloak-network
depends_on:
- mariadb
- keycloak
spectory-frontend:
image: spectory-frontend
container_name: spectory-frontend
labels:
- "traefik.http.routers.spectory-frontend.rule=Host(`spectory.localhost`)"
ports:
- 4200:80
depends_on:
- mariadb
- keycloak
- spectory-backend
traefik-reverse-proxy:
image: traefik:v2.2
command:
- --api.insecure=true
- --providers.docker
- --entrypoints.web-secure.address=:443
- --entrypoints.web.address=:80
- --providers.file.directory=/configuration/
- --providers.file.watch=true
labels:
- "traefik.http.routers.traefik-reverse-proxy.rule=Host(`traefik.localhost`)"
ports:
- "80:80"
- "443:443"
- "8082:8080"
networks:
- keycloak-network
volumes:
- ./traefik.toml:/configuration/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
- ./ssl/tls.key:/etc/https/tls.key
- ./ssl/tls.crt:/etc/https/tls.crt
networks:
keycloak-network:
name: keycloak-network
I also tried static ip addresses for nodejs and keycloak -> didn't work.
Here on StackOverflow someone mentioned using https would help -> didn't work
Pretty much my situation: Link . The goal for me is that even the API is reachable through traefik
Btw my angular frontend can communicate with keycloak. Also in a docker. I can also ping the keycloak docker from the nodejs docker. Nodejs configuration parameters directly form keycloak.
I really don't know what to do next.
Did someone tried something similar?
Related
How can i add multiple ports
I have nodejs and django application
webapp:
image: "python-node-buster"
ports:
- "8001:8000"
command:
- python manage.py runserver --noreload 0.0.0.0:8000
networks:
- django_network
node:
image: "python-node-buster"
ports:
- "3000:3000"
stdin_open: true
networks:
- node_network
ngrok:
image: wernight/ngrok:latest
ports:
- 4040:4040
environment:
NGROK_PROTOCOL: http
NGROK_PORT: node:3000
NGROK_AUTH: ""
depends_on:
- node
- webapp
networks:
- node_network
- django_network
networks:
django_network:
driver: bridge
node_network:
driver: bridge
Assuming i get the url for node at http://localhost:4040/inspect/http
http://xxxx.ngrok.io
and in my nodejs application, i want to access
http://xxxx.ngrok.io:8001
for apis
How to configure this
My docker-compose file as below,
cassandra-db:
container_name: cassandra-db
image: cassandra:4.0-beta1
ports:
- "9042:9042"
restart: on-failure
volumes:
- ./out/cassandra_data:/var/lib/cassandra
environment:
- CASSANDRA_CLUSTER_NAME='cassandra-cluster'
- CASSANDRA_NUM_TOKENS=256
- CASSANDRA_RPC_ADDRESS=0.0.0.0
networks:
- my-network
client-service:
container_name: client-service
image: client-service
environment:
- SPRING_PROFILES_ACTIVE=dev
ports:
- 8087:8087
links:
- cassandra-db
networks:
- my-network
networks:
my-network:
I use Datastax Java driver to connect cassandra in client service, which also runs inside docker.
CqlSession.builder()
.addContactEndPoint(new DefaultEndPoint(
InetSocketAddress.createUnresolved("cassandra-db",9042)))
.withKeyspace(CassandraConstant.KEY_SPACE_NAME.getValue())
.build()
I use DNS name to connect but not connected, i tried with Docker IP of cassandra container, and depends-on also.
Any issue with docker-compose file?
I'm trying to deploy three services with docker-compose and Traefik:
version: '3.5'
services:
reverse-proxy:
image: traefik
command: --web --docker --logLevel=INFO
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.frontend.rule=Host:traefik.localhost"
- "traefik.port=8080"
db:
build: ./db
environment:
- MONGO_INITDB_DATABASE=example
volumes:
- ./volumes/db:/data/db
restart: always
labels:
- "traefik.enable=false"
api:
build: ./api
environment:
- DATABASE_CLIENT=mongo
- DATABASE_HOST=db
- DATABASE_PORT=27017
- DATABASE_NAME=example
- HOST=localhost
expose:
- "1337"
depends_on:
- db
restart: always
labels:
- "traefik.frontend.rule=Host:api.localhost"
website:
build: ./app
labels:
- "traefik.frontend.rule=Host:web.localhost"
The last container (website) is an static website build with create-react-app that consumes the API (api):
let response = await fetch(`http://api:1337/news`);
The problem is that the website is not able to resolve the host http://api:1337 (i.e. by container name), but if I change that line to:
let response = await fetch(`http://<container-ip>:1337/news`);
Everything works perfectly. I tried to setup a network and it's not working either. Any help? Thank you!
You can access containers with their names only from other containers.
If you change your react code to:
let response = await fetch('http://localhost:8080/news', {
headers: 'Host': 'api.localhost'
})
You should be able to access your container
How can I configure my digital ocean boxes to have the correct firewall settings?
I've followed the official guide for getting Digital Ocean and Docker containers working together.
I have 3 docker nodes that I can see when I docker-machine ls. I have created a master docker node and have joined the other docker nodes as workers. However, if I attempt to visit the url of the node, the connection hangs. This setup is working on local.
Here is my docker-compose that I am using for production.
version: "3"
services:
api:
image: "api"
command: rails server -b "0.0.0.0" -e production
depends_on:
- db
- redis
deploy:
replicas: 3
resources:
cpus: "0.1"
memory: 50M
restart_policy:
condition: on-failure
env_file:
- .env-prod
networks:
- apinet
ports:
- "3000:3000"
client:
image: "client"
depends_on:
- api
deploy:
restart_policy:
condition: on-failure
env_file:
- .env-prod
networks:
- apinet
- clientnet
ports:
- "4200:4200"
- "35730:35730"
db:
deploy:
placement:
constaints: [node.role == manager]
restart_policy:
condition: on-failure
env_file: .env-prod
image: mysql
ports:
- "3306:3306"
volumes:
- ~/.docker-volumes/app/mysql/data:/var/lib/mysql/data
redis:
deploy:
placement:
constaints: [node.role == manager]
restart_policy:
condition: on-failure
image: redis:alpine
ports:
- "6379:6379"
volumes:
- ~/.docker-volumes/app/redis/data:/var/lib/redis/data
nginx:
image: app_nginx
deploy:
restart_policy:
condition: on-failure
env_file: .env-prod
depends_on:
- client
- api
networks:
- apinet
- clientnet
ports:
- "80:80"
networks:
apinet:
driver: overlay
clientnet:
driver: overlay
I'm pretty confident that the problem is with the firewall settings. I'm not sure however, the ports that need to be open though. I've consulted this guide.
If I use command docker-compose build, I'll get error that looks like:
ERROR: Validation failed in file './docker-compose.yml', reason(s):
Service 'php' configuration key 'expose' '0' is invalid: should be of
the format 'PORT[/PROTOCOL]'
I use the last version docker and docker-compose.
My docker-compose.yml has the next code:
application:
build: code
volumes:
- ./symfony:/var/www/symfony
- ./logs/symfony:/var/www/symfony/app/logs
tty: true
db:
image: mysql
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: symfony
MYSQL_USER: root
MYSQL_PASSWORD: root
php:
build: php-fpm
expose:
- 9000:9000
volumes_from:
- application
links:
- db
nginx:
build: nginx
ports:
- 80:80
links:
- php
volumes_from:
- application
volumes:
- ./logs/nginx/:/var/log/nginx
elk:
image: willdurand/elk
ports:
- 81:80
volumes:
- ./elk/logstash:/etc/logstash
- ./elk/logstash/patterns:/opt/logstash/patterns
volumes_from:
- application
- php
- nginx
I use an ubuntu 14.04
Could you tell me how is fix it?
You need to put the port definitions in quotes for short ports (2 digits). This is a result of the nature of YAML and the used parser in docker-compose.
application:
build: code
volumes:
- ./symfony:/var/www/symfony
- ./logs/symfony:/var/www/symfony/app/logs
tty: true
db:
image: mysql
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: symfony
MYSQL_USER: root
MYSQL_PASSWORD: root
php:
build: php-fpm
expose:
- "9000"
volumes_from:
- application
links:
- db
nginx:
build: nginx
ports:
- "80:80"
links:
- php
volumes_from:
- application
volumes:
- ./logs/nginx/:/var/log/nginx
elk:
image: willdurand/elk
ports:
- "81:80"
volumes:
- ./elk/logstash:/etc/logstash
- ./elk/logstash/patterns:/opt/logstash/patterns
volumes_from:
- application
- php
- nginx
Also the expose statement should come with a single number only and also be quoted.
Added all needed changes in the above.