Created
May 12, 2021 03:16
-
-
Save a1994sc/65ae0443a510a5451e6e60fedec94016 to your computer and use it in GitHub Desktop.
Docker Swarm stack network issues
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # docker network create \ | |
| --driver=overlay \ | |
| --subnet=10.50.0.0/24 \ | |
| --ip-range=10.50.0.0/24 \ | |
| --gateway=10.50.0.1 \ | |
| --attechable \ | |
| proxy | |
| # docker stack deploy -c traefik-stack.yml traefik | |
| # docker stack deploy -c gitea-stack.yml gitea |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http: | |
| routers: | |
| pihole: | |
| entryPoints: | |
| - "https" | |
| rule: "Host(`pihole.<url>`)" | |
| middlewares: | |
| - default-headers | |
| - addprefix-pihole | |
| tls: {} | |
| service: pihole | |
| services: | |
| pihole: | |
| loadBalancer: | |
| servers: | |
| - url: "http://<dns-server>:80" | |
| passHostHeader: true | |
| middlewares: | |
| addprefix-pihole: | |
| addPrefix: | |
| prefix: "/admin" | |
| https-redirect: | |
| redirectScheme: | |
| scheme: https | |
| default-headers: | |
| headers: | |
| frameDeny: true | |
| sslRedirect: true | |
| browserXssFilter: true | |
| contentTypeNosniff: true | |
| forceSTSHeader: true | |
| stsIncludeSubdomains: true | |
| stsPreload: true | |
| stsSeconds: 15552000 | |
| customFrameOptionsValue: SAMEORIGIN | |
| customRequestHeaders: | |
| X-Forwarded-Proto: https | |
| default-whitelist: | |
| ipWhiteList: | |
| sourceRange: | |
| - "10.0.0.0/8" | |
| - "192.168.0.0/16" | |
| - "172.16.0.0/12" | |
| secured: | |
| chain: | |
| middlewares: | |
| - default-whitelist | |
| - default-headers |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.2' | |
| services: | |
| gitea: | |
| container_name: gitea | |
| image: gitea/gitea:latest-rootless | |
| volumes: | |
| - /etc/localtime:/etc/localtime:ro | |
| - /etc/timezone:/etc/timezone:ro | |
| - gitea_data:/data | |
| networks: | |
| - proxy | |
| ports: | |
| - 222:22 | |
| - 3000:3000 | |
| environment: | |
| - GITEA_CUSTOM=/data/gitea | |
| - GITEA_WORK_DIR=/data/gitea | |
| - USER=git | |
| - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
| restart: unless-stopped | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.gitea.rule=Host(`gitea.<url>`)" | |
| - "traefik.http.routers.gitea.entrypoints=https,http" | |
| - "traefik.http.routers.gitea.tls=true" | |
| - "traefik.http.services.gitea.loadbalancer.server.port=8123" | |
| volumes: | |
| gitea_data: | |
| driver: local | |
| driver_opts: | |
| type: "nfs" | |
| o: addr=<ip-of-nfs>,rw,sync,nfsvers=4.1 | |
| device: ":/mnt/nfs/gitea_data" | |
| networks: | |
| proxy: | |
| external: | |
| name: proxy |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I have am trying to setup traefik routing on my docker swarm (3 raspberry pis and 3 x86_64 vms, one manager from each group). | |
| I have traefik working perfectly in its own stack, but would like for it to be able to route traffic from different stacks as I deploy them. | |
| From my reseach I could solve this by having all my containers in one stack and running it that way....... | |
| But I want to try something a bit more difficult. (Maybe a bit masochistic?) | |
| From my understanding, I need to use an overlay network that is attachable so that the containers from different stacks can communicate properly. | |
| The trouble is that if I inspect the container that treafik creates and that gitea creates they are not on the same network... | |
| Even though from my understanding they should be... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| traefik: | |
| image: traefik:v2.4.8 | |
| networks: | |
| - proxy | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| environment: | |
| - <dns-01_challenage-stuff> | |
| volumes: | |
| - /etc/localtime:/etc/localtime:ro | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - /home/lord/traefik/data/traefik.yml:/traefik.yml:ro | |
| - /home/lord/traefik/data/acme.json:/acme.json | |
| - /home/lord/traefik/data/config.yml:/config.yml:ro | |
| deploy: | |
| placement: | |
| constraints: | |
| - node.labels.traefik-public.traefik-public-certificates == true | |
| - node.role == manager | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.traefik.entrypoints=http" | |
| - "traefik.http.routers.traefik.rule=Host(`traefik.<url>`)" | |
| - "traefik.http.middlewares.traefik-auth.basicauth.users=<user>:<pass-hash>" | |
| - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" | |
| - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" | |
| - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" | |
| - "traefik.http.routers.traefik-secure.entrypoints=https" | |
| - "traefik.http.routers.traefik-secure.rule=Host(`traefik.<url>`)" | |
| - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" | |
| - "traefik.http.routers.traefik-secure.tls=true" | |
| - "traefik.http.routers.traefik-secure.tls.certresolver=<dns-01>" | |
| - "traefik.http.routers.traefik-secure.tls.domains[0].main=<url>" | |
| - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.<url>" | |
| - "traefik.http.routers.traefik-secure.service=api@internal" | |
| networks: | |
| proxy: | |
| external: | |
| name: proxy |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| entryPoints: | |
| http: | |
| address: ":80" | |
| https: | |
| address: ":443" | |
| api: | |
| dashboard: true | |
| debug: true | |
| serversTransport: | |
| insecureSkipVerify: true | |
| providers: | |
| docker: | |
| endpoint: "unix:///var/run/docker.sock" | |
| exposedByDefault: true | |
| file: | |
| filename: /config.yml | |
| certificatesResolvers: | |
| <dns-01>: | |
| acme: | |
| email: [email protected] | |
| storage: acme.json | |
| dnsChallenge: | |
| provider: <dns-01> | |
| resolvers: | |
| - "1.1.1.1:53" | |
| - "1.0.0.1:53" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment