Docker Community Forums

Share and learn in the Docker community.

"Networks" parameter seems to remove the "expose" ports

docker

(Flex) #1

Introduction

Hello.

I’m trying to use docker-compose files instead of multiple scripts to launch my services.

But I have some troubles, and this time it’s about Networks use.

Networks

I have created two differents networks with docker.

docker network create --internal lan

and

docker network create proxy

The first one’s goal is to contain all non-web access, attached to others web services, like databases.
For exemple, redis and postgresql will be in that network (lan) and gitlab will be in the other one (proxy).

Reverse Proxy

I launch my reverse proxy with this docker-compose file :

version: '2'

services:
    proxy:
        image: jwilder/nginx-proxy
        container_name: proxy
        restart: unless-stopped
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - /home/proxy/certs:/etc/nginx/certs:ro
            - /etc/nginx/vhost.d
            - /usr/share/nginx/html
            - /var/run/docker.sock:/tmp/docker.sock:ro
            - /etc/localtime:/etc/localtime:ro
        environment:
            - DEFAULT_HOST=www.DOMAIN.com
            - MAX_UPLOAD_SIZE=200M
        networks:
            - proxy

    nginx-companion:
        image: jrcs/letsencrypt-nginx-proxy-companion
        container_name: letsencrypt
        restart: unless-stopped
        depends_on:
            - proxy
        volumes_from:
            - proxy
        volumes:
            - /home/proxy/certs:/etc/nginx/certs:rw
            - /var/run/docker.sock:/var/run/docker.sock:ro
        environment:
            - ACME_CA_URI=https://acme-v01.api.letsencrypt.org/directory
        networks:
            - proxy

networks:
    proxy:
        external:
            name: proxy

No problems with that.

8b81c2d8710e        jrcs/letsencrypt-nginx-proxy-companion   "/bin/bash /app/entry"   22 minutes ago      Up 22 minutes                                                  letsencrypt
89cc3b2208b9        jwilder/nginx-proxy                      "/app/docker-entrypoi"   22 minutes ago      Up 22 minutes       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   proxy

docker inspect give me this (truncated) :

"NetworkSettings": {
            "Bridge": "",
            "SandboxID": "e0c6272c7fdf09ffe19eefd77007866c55956b2c7356cf8275aa6d99617dadad",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "443/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "443"
                    }
                ],
                "80/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "80"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/e0c6272c7fdf",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "proxy": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "89cc3b2208b9",
                        "proxy"
                    ],
                    "NetworkID": "10fb9a3f9524d91b16d892dadc41e2bf8110fb0b9677b909f8a479a45aff17de",
                    "EndpointID": "ff8eaff8987d6198a3e724d68d3db459a230d1091d5055e117e73118d0e62cb0",
                    "Gateway": "172.21.0.1",
                    "IPAddress": "172.21.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:15:00:02"
                }
            }
        }

GitLab

Now, I’m been trying to launch GitLab with its 2 databases.

version: '2'

services:
    redis:
        image: sameersbn/redis:latest
        container_name: gitlab_redis
        restart: unless-stopped
        command:
            - --loglevel warning
        volumes:
            - /home/gitlab/redis:/var/lib/redis:Z
        networks:
            - lan

    postgresql:
        image: sameersbn/postgresql:9.5-1
        container_name: gitlab_pgsql
        restart: unless-stopped
        volumes:
            - /home/gitlab/postgresql:/var/lib/postgresql:Z
        networks:
            - lan
        environment:
            - DB_USER=gitlab
            - DB_PASS=<PASSWORD>
            - DB_NAME=gitlab_production
            - DB_EXTENSION=pg_trgm

    gitlab:
        image: sameersbn/gitlab:latest
        container_name: gitlab
        restart: unless-stopped
        expose:
            - "22"
            - "443"
            - "80"
        ports:
            - "10022:22"
        volumes:
            - /home/gitlab/gitlab:/home/git/data:Z
        networks:
            - proxy
            - lan
        depends_on:
            - redis
            - postgresql
        env_file:
            - gitlab.env

networks:
    proxy:
        external:
            name: proxy
    lan:
        external:
            name: lan

3 containers are running, GitLab has no problem to connect to the 2 databases. Great.

17762199aac3        sameersbn/gitlab:latest                  "/sbin/entrypoint.sh "   18 minutes ago      Up 18 minutes                                                  gitlab
05389c9274fd        sameersbn/postgresql:9.5-1               "/sbin/entrypoint.sh"    25 minutes ago      Up 25 minutes                                                  gitlab_pgsql
50c81ad772c1        sameersbn/redis:latest                   "/sbin/entrypoint.sh "   25 minutes ago      Up 25 minutes                                                  gitlab_redis

But the reverse proxy cannot contact GitLab, who is not exposed its ports.

Inspect the GitLab container :

"NetworkMode": "lan",
            "PortBindings": {
                "22/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "10022"
                    }
                ]
            },
///////
"Networks": {
                "lan": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "gitlab",
                        "17762199aac3"
                    ],
                    "NetworkID": "0319a0f946033870a160d06b5dc5508797781fcf526065dea687724f5a48b36d",
                    "EndpointID": "54ba49441682d893c85be8cd5e6358da1025109467dd35f4a452e1badbaac2e7",
                    "Gateway": "172.20.0.1",
                    "IPAddress": "172.20.0.4",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:14:00:04"
                },
                "proxy": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "gitlab",
                        "17762199aac3"
                    ],
                    "NetworkID": "10fb9a3f9524d91b16d892dadc41e2bf8110fb0b9677b909f8a479a45aff17de",
                    "EndpointID": "3d8c7a241cfe6f01e4415ad80404c3abe395b418d8471668532da5689262a2a7",
                    "Gateway": "172.21.0.1",
                    "IPAddress": "172.21.0.4",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:15:00:04"
                }
            }

The problem

And this is my problem, I don’t understand how to solve it. I would like that the databases containers are in a separate network, and GitLab in the both of them. In order to reach the databases and the reverse proxy.

Thank you so much for your help :slight_smile: