Introduction
Hello.
I’m trying to use docker-compose files instead of multiple scripts to launch my services.
But I have some troubles, and this time it’s about Networks use.
Networks
I have created two differents networks with docker.
docker network create --internal lan
and
docker network create proxy
The first one’s goal is to contain all non-web access, attached to others web services, like databases.
For exemple, redis and postgresql will be in that network (lan) and gitlab will be in the other one (proxy).
Reverse Proxy
I launch my reverse proxy with this docker-compose file :
version: '2'
services:
proxy:
image: jwilder/nginx-proxy
container_name: proxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /home/proxy/certs:/etc/nginx/certs:ro
- /etc/nginx/vhost.d
- /usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
environment:
- DEFAULT_HOST=www.DOMAIN.com
- MAX_UPLOAD_SIZE=200M
networks:
- proxy
nginx-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
restart: unless-stopped
depends_on:
- proxy
volumes_from:
- proxy
volumes:
- /home/proxy/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- ACME_CA_URI=https://acme-v01.api.letsencrypt.org/directory
networks:
- proxy
networks:
proxy:
external:
name: proxy
No problems with that.
8b81c2d8710e jrcs/letsencrypt-nginx-proxy-companion "/bin/bash /app/entry" 22 minutes ago Up 22 minutes letsencrypt
89cc3b2208b9 jwilder/nginx-proxy "/app/docker-entrypoi" 22 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp proxy
docker inspect give me this (truncated) :
"NetworkSettings": {
"Bridge": "",
"SandboxID": "e0c6272c7fdf09ffe19eefd77007866c55956b2c7356cf8275aa6d99617dadad",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"443/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "443"
}
],
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
}
]
},
"SandboxKey": "/var/run/docker/netns/e0c6272c7fdf",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"proxy": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"89cc3b2208b9",
"proxy"
],
"NetworkID": "10fb9a3f9524d91b16d892dadc41e2bf8110fb0b9677b909f8a479a45aff17de",
"EndpointID": "ff8eaff8987d6198a3e724d68d3db459a230d1091d5055e117e73118d0e62cb0",
"Gateway": "172.21.0.1",
"IPAddress": "172.21.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:15:00:02"
}
}
}
GitLab
Now, I’m been trying to launch GitLab with its 2 databases.
version: '2'
services:
redis:
image: sameersbn/redis:latest
container_name: gitlab_redis
restart: unless-stopped
command:
- --loglevel warning
volumes:
- /home/gitlab/redis:/var/lib/redis:Z
networks:
- lan
postgresql:
image: sameersbn/postgresql:9.5-1
container_name: gitlab_pgsql
restart: unless-stopped
volumes:
- /home/gitlab/postgresql:/var/lib/postgresql:Z
networks:
- lan
environment:
- DB_USER=gitlab
- DB_PASS=<PASSWORD>
- DB_NAME=gitlab_production
- DB_EXTENSION=pg_trgm
gitlab:
image: sameersbn/gitlab:latest
container_name: gitlab
restart: unless-stopped
expose:
- "22"
- "443"
- "80"
ports:
- "10022:22"
volumes:
- /home/gitlab/gitlab:/home/git/data:Z
networks:
- proxy
- lan
depends_on:
- redis
- postgresql
env_file:
- gitlab.env
networks:
proxy:
external:
name: proxy
lan:
external:
name: lan
3 containers are running, GitLab has no problem to connect to the 2 databases. Great.
17762199aac3 sameersbn/gitlab:latest "/sbin/entrypoint.sh " 18 minutes ago Up 18 minutes gitlab
05389c9274fd sameersbn/postgresql:9.5-1 "/sbin/entrypoint.sh" 25 minutes ago Up 25 minutes gitlab_pgsql
50c81ad772c1 sameersbn/redis:latest "/sbin/entrypoint.sh " 25 minutes ago Up 25 minutes gitlab_redis
But the reverse proxy cannot contact GitLab, who is not exposed its ports.
Inspect the GitLab container :
"NetworkMode": "lan",
"PortBindings": {
"22/tcp": [
{
"HostIp": "",
"HostPort": "10022"
}
]
},
///////
"Networks": {
"lan": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"gitlab",
"17762199aac3"
],
"NetworkID": "0319a0f946033870a160d06b5dc5508797781fcf526065dea687724f5a48b36d",
"EndpointID": "54ba49441682d893c85be8cd5e6358da1025109467dd35f4a452e1badbaac2e7",
"Gateway": "172.20.0.1",
"IPAddress": "172.20.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:14:00:04"
},
"proxy": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"gitlab",
"17762199aac3"
],
"NetworkID": "10fb9a3f9524d91b16d892dadc41e2bf8110fb0b9677b909f8a479a45aff17de",
"EndpointID": "3d8c7a241cfe6f01e4415ad80404c3abe395b418d8471668532da5689262a2a7",
"Gateway": "172.21.0.1",
"IPAddress": "172.21.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:15:00:04"
}
}
The problem
And this is my problem, I don’t understand how to solve it. I would like that the databases containers are in a separate network, and GitLab in the both of them. In order to reach the databases and the reverse proxy.
Thank you so much for your help 