Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No configuration generated when using docker discovery #54

Open
zasdaym opened this issue Feb 3, 2024 · 5 comments
Open

No configuration generated when using docker discovery #54

zasdaym opened this issue Feb 3, 2024 · 5 comments

Comments

@zasdaym
Copy link
Contributor

zasdaym commented Feb 3, 2024

Hi, I'm trying to use the standalone docker discovery but can't make it work.

root@z-srv-1:~# docker inspect haproxy | jq '.[].Config.Env'
[
  "EASYHAPROXY_DISCOVER=docker",
  "EASYHAPROXY_LOG_LEVEL=DEBUG",
  "HAPROXY_LOG_LEVEL=ERROR",
  "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
  "RELEASE_VERSION=\"4.4.0\"",
  "TZ=Etc/UTC"
]

root@z-srv-1:~# docker inspect haproxy | jq '.[].Mounts'
[
  {
    "Type": "bind",
    "Source": "/var/run/docker.sock",
    "Destination": "/var/run/docker.sock",
    "Mode": "ro",
    "RW": false,
    "Propagation": "rprivate"
  }
]

root@z-srv-1:~# docker inspect grafana | jq '.[].Config.Labels'
{
  "easyhaproxy.grafana.host": "grafana.zasdaym.my.id",
  "easyhaproxy.grafana.localport": "3000",
  "maintainer": "Grafana Labs <hello@grafana.com>"
}

root@z-srv-1:~# docker exec haproxy cat /etc/haproxy/haproxy.cfg
global
    log stdout  format raw  local0  err
    maxconn 2000
    tune.ssl.default-dh-param 2048

    # intermediate configuration
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-dh-param-file /etc/haproxy/dhparam

defaults
    log global
    option httplog

    timeout connect    3s
    timeout client    10s
    timeout server    10m

frontend stats
    bind *:1936
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    default_backend srv_stats

backend srv_stats
    mode http
    server Local 127.0.0.1:1936

backend certbot_backend
    mode http
    server certbot 127.0.0.1:2080
@byjg
Copy link
Owner

byjg commented Feb 3, 2024

Would you mind sharing the command you are using to spin up the containers?

@zasdaym
Copy link
Contributor Author

zasdaym commented Feb 14, 2024
edited
Loading 

docker run --name haproxy --detach --network host -v /var/run/docker.sock:/var/run/docker.sock:ro -e EASYHAPROXY_DISCOVER=docker byjg/easy-haproxy:4.4.0

docker run --name grafana --detach --network host --label easyhaproxy.grafana.host=grafana.zasdaym.my.id --label easyhaproxy.localport=3000 grafana/grafana-oss:10.2.3

@byjg
Copy link
Owner

byjg commented Feb 19, 2024

Hello, the Easy HAProxy will not work with the network host.

Try change to:

docker run --name haproxy --detach -p 80:80 -p 443:443 -p 1936:1936  -v /var/run/docker.sock:/var/run/docker.sock:ro -e EASYHAPROXY_DISCOVER=docker byjg/easy-haproxy:4.4.0

docker run --name grafana --detach  --label easyhaproxy.grafana.host=grafana.zasdaym.my.id --label easyhaproxy.localport=3000 grafana/grafana-oss:10.2.3

You do not need map the port for the Grafana container since the access will be done by the EASYPROXY on the address http://grafana.zasdaym.my.id

@zasdaym
Copy link
Contributor Author

zasdaym commented Feb 22, 2024

May I know why it doesn't work on host network? I think it's good to mention it in the documentation too.

@byjg
Copy link
Owner

byjg commented Feb 22, 2024

EasyHAProxy requires network inspection from within the Docker container where it's deployed. When a container resides in a different network, it must be added to the EasyHAProxy network (source: https://github.com/byjg/docker-easy-haproxy/blob/master/src/processor/__init__.py#L116-L143).

In this specific scenario, the container fails to detect other containers due to its inability to recognize the host network. This is the primary technical limitation.

Additionally, deploying EasyHAProxy in front of containers eliminates the need for exposing them individually, as all traffic can now be efficiently redirected through HAProxy.

byjg added a commit that referenced this issue Feb 22, 2024
@byjg
Improve documentation for issue #54
f9e94c7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@byjg @zasdaym