[HN Gopher] Working on Multiple Web Projects with Docker Compose... ___________________________________________________________________ Working on Multiple Web Projects with Docker Compose and Traefik Author : globular-toast Score : 48 points Date : 2023-10-03 19:46 UTC (3 hours ago) (HTM) web link (georgek.github.io) (TXT) w3m dump (georgek.github.io) | nickjj wrote: | The article mentions: | | _> What if that compose.yaml file is checked in as part of the | project? Does the whole team have to agree on a set of port | numbers to use for each project?_ | | That's only if you choose to use hard coded values. You can use | environment variables instead. | | You can change `- "8000:80"` to `- | "${DOCKER_WEB_PORT_FORWARD:-127.0.0.1:8000}:${PORT:-80}"` and now | any developer can customize the forwarded port however they see | fit in a git ignored `.env` file. This is what I've done in all | of my example Docker web apps at: | https://github.com/nickjj?tab=repositories&q=docker-*-exampl... | | No Traefik or override file is needed, at least not for allowing | a user to customize the forwarded port. | | I like the override file and used it for years but I stopped | using it entirely about 6 months ago. It's too much of a headache | to commit a `docker-compose.override.yml.example` file to version | control and then have folks copy that to a git ignored `docker- | compose.override.yml` file. You end up with serious config drift, | especially if you have a team with a few developers. It's been a | source of so many "oh yeah, I forgot to update my real file" type | of issues. | | Between environment variables and Docker Compose profiles[0] you | can have a single committed `docker-compose.yml` file that is | usable in all environments for all users. | | [0]: https://nickjanetakis.com/blog/docker-tip-94-docker- | compose-... | theK wrote: | Seriously, don't put traefik in front of your localdev if.you | don't explicitly have to. It is way too much complexity and | introduces an added layer of noise to bedug. | | Also, does local host subdomain resolution work on all OSes OOB | now? Iirc this was an apple exclusive feature in the past. | folmar wrote: | > local host subdomain resolution | | Works fine on current ubuntu, both with systemd stub-nameserver | and even if I replace it with a real one in /etc/resolv.conf. | CGamesPlay wrote: | Note that the article uses http://traefik.me/, one of those | sites that resolves all subdomains to localhost (like lvh.me, | http://readme.localtest.me/, or http://local.gd/), so you don't | need any "localhost subdomain resolution". | lux wrote: | This seems like an improvement over my current solution in that | it can keep multiple projects open simultaneously and route to | each of them, but does add more complexity to the setup. | | I'm using Dnsmasq (https://thekelleys.org.uk/dnsmasq/doc.html) to | map anything at .lo to the currently running project, like so: | brew install dnsmasq sh -c 'echo | "address=/.lo/127.0.0.1\naddress=/.lo/::1\n" > | /usr/local/etc/dnsmasq.conf' sudo mkdir -p /etc/resolver | sudo sh -c 'echo "nameserver 127.0.0.1\n" > /etc/resolver/lo' | sudo brew services start dnsmasq | | Would love to expand on that to route to specific projects, but | since it's working "well enough" I probably won't touch that for | the foreseeable future. | Jnr wrote: | I run some (20+) services using docker compose on my home server, | and Traefik is great. | | Cloudflare manages my domain and it allows Traefik to get | letsencrypt certificates even for internal services not exposed | to the outside world. | | I also have multiple Traefik entrypoints for internal and | external services. And cloudflared tunnel container set up to | manage access to the public resources. | | Then on the home router level I set/override DNS entries for | internal services so they would connect directly to Traefik, | instead of going through Cloudflare. | | Incredibly these Cloudflare services cost exactly 0$ for now. | | But I do not use compose overrides, don't really see the | benefits. | slig wrote: | I thought that the Cloudflare tunnel was the very expensive | pay-per-gb "argo route". Really nice to know that they offer a | simple and free reverse proxy, thanks! | 6LLvveMx2koXfwn wrote: | As per the article I guess the benefit is specifically for | managing compose files across teams through git. | CGamesPlay wrote: | You can set this up with even less customization. Here's my | snippet for doing so [0]. In this way, the default rule for all | containers that are part of compose projects gets assigned a | subdomain (service.compose-stack.lvh.me). Note that we also | expose the traffic admin interface on `lvh.me`, which is perhaps | a little more convenient than using `traefik.me`. | | However, even with my tweaks, the overall solution is still | limited. Because it's not on "localhost", the browser considers | it an "insecure context" unless you also set up local HTTPS. | | [0] | https://github.com/CGamesPlay/dotfiles/blob/13659d19ca899cea... | creativenolo wrote: | Nit: the justification of the text on mobile makes this straining | to read. | | One source: | https://www.powermapper.com/products/sortsite/rules/accwcag2... | flurdy wrote: | If Traefik is not your thing Im happily using | https://github.com/nginx-proxy/nginx-proxy and sslip.io for local | docker compose development. | | And then even plain nginx under that to proxy to non docker | services... | | (And ipv6 for really short urls. example.com.--1.sslip.io etc) | ravenstine wrote: | I've been using Yggdrasil to achieve something similar. | Basically, my docker compose file includes a service for | Yggdrasil that is configured to join the host Yggdrasil network | listening at host.docker.internal. The service uses socat to | forward ports from each of the other services. The end result is | that each docker-compose.yml gets its own IPv6 address, and all | the ports can be kept the same. No need for Let's Encrypt, unless | maybe you want the network to be exposed publicly. | | It just so happens that I wrote a gist recently that explains how | to do this. | | https://gist.github.com/Ravenstine/707180ef29e9d37a8f816e019... | teekert wrote: | I used traefik a lot, but man those labels get tedious. I still | don't get all the middleware stuff. I switched to using caddy, a | caddyfile feels like a huge improvement. Much less lines for the | same results. No routers no middleware just define a port mapping | to the container:port. | | If you go to a server you get https for free, no extra config. | apt-get wrote: | I personally use a file provider for the dynamic traefik | configs (yaml files) loaded from a bind mount in the same | folder I keep my compose. Auto-reload on changes, and it makes | it clear what I'm routing to and from by having proper | indentation for my router, service, and middleware fields. And | since everything is in the same network, I can just define the | container name as hostname -- the DNS entries are automatically | created. | patapong wrote: | I have had a great experience with using this: | https://github.com/lucaslorentz/caddy-docker-proxy | | It combines caddy with docker-compose labels, making it super | easy to spin up new projects that can immediately be exposed. | GabeIsko wrote: | I do something similar, but even managing a separate | configuration just for the reverse proxy gets tiring. I have | plans to move to something kubernetes based and use an ingress | controller to automatically set up everything based on a | deployment chart, but I never get around to it... | Jnr wrote: | Being able dynamically configure Traefik routes from docker | compose labels is the whole point. It is a very useful feature. | In most cases I get full overview in a single compose file, and | I do not have to configure or restart the http proxy | separately, `docker compose up -d` does everything. | theK wrote: | Compose overrides are quite cool but can get very involved. | | An easier way is to make the port range dynamic by adding a | prefix variable in .env/example.env. So, once configured, the | whole localdev binds to ports in the prefix range, eg: 342xx. | | Experience shows that localdevs will need that env file anyway | and adding this config step to the readme is quite effective. | dennisy wrote: | Could you elaborate a little more here please? | melolife wrote: | Edit: see TheK's answer, which is virtually identical. | theK wrote: | Well, the idea is that your port mappings in the docker | compose look roughly like this | | ``` | | ports: | | - "${PORT_PREFIX}01:80" | | ``` | | This means that devs can drive the port range that the | project bind to by editing their .env file. | nerdponx wrote: | I like this a lot. It works well alongside setting the | compose project name. | | However I'd suggest at least specifying a default value so | developers don't need to mess with version-controlled .env | files to customize their local setups. ___________________________________________________________________ (page generated 2023-10-03 23:00 UTC)