Docker Community Forums

Share and learn in the Docker community.

URL context dispatching

General Discussions Feature Requests
#1

Hello to all,
in a docker sworm environment I have N conatainers that expose, on port 8080, some http context (/ application1, / application2 …)

Then I have a container with Apache http server reachable on port 80 where, inside, I configured reverse proxy rules to reach all contexts from the other containers of the type:

ProxyPass / application1 / http: // container1: 8080 / application1 /
ProxyPassReverse / application1 / http: // container1: 8080 / application1 /

This solution works, but it forces me to edit the file with the reverse proxy rules for each new context.

Is there a more “elegant” mechanism to make the management of contexts dynamic?

Thanks

#2

So, destination doesn’t start with / which makes its location to be dependent on the path of the calling servlet?

Fix it accordingly:

request.getRequestDispatcher("/" + destination).forward(request, response);
By the way, if you’d like to prevent direct access to JSP as well (enduser could change the URL to point to the JSP without calling the controller first), then consider placing the JSPs in /WEB-INF folder. Don’t forget to change the RequestDispatcher path accordingly: “/WEB-INF/” + destination.

#3

I badly explained myself.
What I would like to do is access from a single domain (configured on container with Apache http server) to others context root exposed by different containers on port 8080

#4

Yep, use Treafik traefik as reverse proxy instead. By adding traefik rules as service labels, you get event based updating of the reverse proxy rules whenever a service is deployed/removed.

#5

Great traefik! I already use it to route domains.
Containers with Apace servers have in the docher-compose the labels to publish the domain on traefik.
Then I have many containers in the Back-end that expose contexts that I currently “hook” to the domains with proxypass rules written in Apache configuration files … I would like to avoid this.

#6

There must be something I can not see…

Your Apache servers must do something additionaly, that prevents you from using Treafik for the context part as well… I would try to cut out the middleman (=the apache acting as reverse proxy).

#7

Yes meyay. Apache plays the role of “controller”. Incorporates a security module that checks authorized and unauthorized URLs.

#8

Secure module as in WAF (an apache module like mod secure?)? Or as in OIDC Client or SAML Service Provider? Or something entirely different?

You could mimic what treafik or jwilder’s nginx-proxy do: mount the docker.sock into your apache containers, register for docker events, parse their labels, render the values into a template, then reload apache. thought this will involve programming or clever scripting to some degree… If your security module would run with nginx as well (!=non apache module) you might be able to replace apache with jwilder’s nginx-proxy.

I hope someone will provide a better solution. Good luck!

#9

Thanks Metin !! Great ideas … I’ll try

The security module is a customized component of a security suite