Docker Networks for swarm instances in Desktop 3.4.0+

Docker Desktop for Mac
1

Our dev env consists of two swarms: rli and rls. It all works ok using Docker Desktop 3.3.2 and prior, but any version after that (3.4.0 onwards) the networking seems to fail. Our webapp container (in the rls swarm) isn’t able to see the redis container (located in the rli swarm). Furthermore, if I configure our webapp container to use a different redis store, it starts up ok, but it’s not possible to resolve http requests to it. There’s an nginx container in the rli swarm that handles traffic, but that seems to be working (judging from the logs). There didn’t seem to be anything in the release notes for either Docker Desktop 3.4.0 or Docker Engine 20.10.7 that would cause this sort of failure.

We use docker-compose yaml; the following is for rls:

version: '3.8'
services:
  webapp:
    image: webapp:${TAG:-latest}
    ports:
      - 3000:3000
    env_file:
      - ./env/.webapp.env
      - ./env/.webapp.secrets.env
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: on-failure

and this for rli:

version: '3.7'
  redis:
    image: redis:alpine
    ports:
      - '6379:6379'
    volumes:
      - ./volumes/redis:/data
    deploy:
      restart_policy:
        condition: on-failure
  nginx:
    image: nginx:alpine
    environment:
      - WEBAPP_LISTEN=3043
      - WEBAPP_UPSTREAM_PORT=3000
    volumes:
      - ./resources/infrastructure/nginx/templates:/etc/nginx/templates
      - ./resources/infrastructure/nginx/ssl:/etc/nginx/ssl
    ports:
      - '3043:3043'
      - '3143:3143'
    deploy:
      restart_policy:
        condition: on-failure

Our nginx config:

# WEBSALES
server {
    listen                              ${WEBAPP_LISTEN} ssl;
    ssl_certificate                     /etc/nginx/ssl/localhost.crt;
    ssl_certificate_key                 /etc/nginx/ssl/localhost.key;
    proxy_ssl_protocols                 TLSv1 TLSv1.1 TLSv1.2;
    proxy_ssl_ciphers                   HIGH:!aNULL:!MD5;
    server_name                         localhost;

    location / {
        proxy_pass                      http://host.docker.internal:${WEBAPP_UPSTREAM_PORT};
        proxy_ssl_session_reuse         on;
        proxy_set_header                Host $host:${WEBAPP_LISTEN};
        proxy_set_header                X-Forwarded-Proto https;
    }
}

Doing curl https://localhost:3043 results in:

curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:3043

Using Docker Desktop 3.3.2 (Docker Engine 20.10.6), this setup works fine and hitting localhost:3043 results in a normal http response with html payload.