[HN Gopher] Working on Multiple Web Projects with Docker Compose...
___________________________________________________________________
Working on Multiple Web Projects with Docker Compose and Traefik
Author : globular-toast
Score : 48 points
Date : 2023-10-03 19:46 UTC (3 hours ago)
(HTM) web link (georgek.github.io)
(TXT) w3m dump (georgek.github.io)
| nickjj wrote:
| The article mentions:
|
| _> What if that compose.yaml file is checked in as part of the
| project? Does the whole team have to agree on a set of port
| numbers to use for each project?_
|
| That's only if you choose to use hard coded values. You can use
| environment variables instead.
|
| You can change `- "8000:80"` to `-
| "${DOCKER_WEB_PORT_FORWARD:-127.0.0.1:8000}:${PORT:-80}"` and now
| any developer can customize the forwarded port however they see
| fit in a git ignored `.env` file. This is what I've done in all
| of my example Docker web apps at:
| https://github.com/nickjj?tab=repositories&q=docker-*-exampl...
|
| No Traefik or override file is needed, at least not for allowing
| a user to customize the forwarded port.
|
| I like the override file and used it for years but I stopped
| using it entirely about 6 months ago. It's too much of a headache
| to commit a `docker-compose.override.yml.example` file to version
| control and then have folks copy that to a git ignored `docker-
| compose.override.yml` file. You end up with serious config drift,
| especially if you have a team with a few developers. It's been a
| source of so many "oh yeah, I forgot to update my real file" type
| of issues.
|
| Between environment variables and Docker Compose profiles[0] you
| can have a single committed `docker-compose.yml` file that is
| usable in all environments for all users.
|
| [0]: https://nickjanetakis.com/blog/docker-tip-94-docker-
| compose-...
| theK wrote:
| Seriously, don't put traefik in front of your localdev if.you
| don't explicitly have to. It is way too much complexity and
| introduces an added layer of noise to bedug.
|
| Also, does local host subdomain resolution work on all OSes OOB
| now? Iirc this was an apple exclusive feature in the past.
| folmar wrote:
| > local host subdomain resolution
|
| Works fine on current ubuntu, both with systemd stub-nameserver
| and even if I replace it with a real one in /etc/resolv.conf.
| CGamesPlay wrote:
| Note that the article uses http://traefik.me/, one of those
| sites that resolves all subdomains to localhost (like lvh.me,
| http://readme.localtest.me/, or http://local.gd/), so you don't
| need any "localhost subdomain resolution".
| lux wrote:
| This seems like an improvement over my current solution in that
| it can keep multiple projects open simultaneously and route to
| each of them, but does add more complexity to the setup.
|
| I'm using Dnsmasq (https://thekelleys.org.uk/dnsmasq/doc.html) to
| map anything at .lo to the currently running project, like so:
| brew install dnsmasq sh -c 'echo
| "address=/.lo/127.0.0.1\naddress=/.lo/::1\n" >
| /usr/local/etc/dnsmasq.conf' sudo mkdir -p /etc/resolver
| sudo sh -c 'echo "nameserver 127.0.0.1\n" > /etc/resolver/lo'
| sudo brew services start dnsmasq
|
| Would love to expand on that to route to specific projects, but
| since it's working "well enough" I probably won't touch that for
| the foreseeable future.
| Jnr wrote:
| I run some (20+) services using docker compose on my home server,
| and Traefik is great.
|
| Cloudflare manages my domain and it allows Traefik to get
| letsencrypt certificates even for internal services not exposed
| to the outside world.
|
| I also have multiple Traefik entrypoints for internal and
| external services. And cloudflared tunnel container set up to
| manage access to the public resources.
|
| Then on the home router level I set/override DNS entries for
| internal services so they would connect directly to Traefik,
| instead of going through Cloudflare.
|
| Incredibly these Cloudflare services cost exactly 0$ for now.
|
| But I do not use compose overrides, don't really see the
| benefits.
| slig wrote:
| I thought that the Cloudflare tunnel was the very expensive
| pay-per-gb "argo route". Really nice to know that they offer a
| simple and free reverse proxy, thanks!
| 6LLvveMx2koXfwn wrote:
| As per the article I guess the benefit is specifically for
| managing compose files across teams through git.
| CGamesPlay wrote:
| You can set this up with even less customization. Here's my
| snippet for doing so [0]. In this way, the default rule for all
| containers that are part of compose projects gets assigned a
| subdomain (service.compose-stack.lvh.me). Note that we also
| expose the traffic admin interface on `lvh.me`, which is perhaps
| a little more convenient than using `traefik.me`.
|
| However, even with my tweaks, the overall solution is still
| limited. Because it's not on "localhost", the browser considers
| it an "insecure context" unless you also set up local HTTPS.
|
| [0]
| https://github.com/CGamesPlay/dotfiles/blob/13659d19ca899cea...
| creativenolo wrote:
| Nit: the justification of the text on mobile makes this straining
| to read.
|
| One source:
| https://www.powermapper.com/products/sortsite/rules/accwcag2...
| flurdy wrote:
| If Traefik is not your thing Im happily using
| https://github.com/nginx-proxy/nginx-proxy and sslip.io for local
| docker compose development.
|
| And then even plain nginx under that to proxy to non docker
| services...
|
| (And ipv6 for really short urls. example.com.--1.sslip.io etc)
| ravenstine wrote:
| I've been using Yggdrasil to achieve something similar.
| Basically, my docker compose file includes a service for
| Yggdrasil that is configured to join the host Yggdrasil network
| listening at host.docker.internal. The service uses socat to
| forward ports from each of the other services. The end result is
| that each docker-compose.yml gets its own IPv6 address, and all
| the ports can be kept the same. No need for Let's Encrypt, unless
| maybe you want the network to be exposed publicly.
|
| It just so happens that I wrote a gist recently that explains how
| to do this.
|
| https://gist.github.com/Ravenstine/707180ef29e9d37a8f816e019...
| teekert wrote:
| I used traefik a lot, but man those labels get tedious. I still
| don't get all the middleware stuff. I switched to using caddy, a
| caddyfile feels like a huge improvement. Much less lines for the
| same results. No routers no middleware just define a port mapping
| to the container:port.
|
| If you go to a server you get https for free, no extra config.
| apt-get wrote:
| I personally use a file provider for the dynamic traefik
| configs (yaml files) loaded from a bind mount in the same
| folder I keep my compose. Auto-reload on changes, and it makes
| it clear what I'm routing to and from by having proper
| indentation for my router, service, and middleware fields. And
| since everything is in the same network, I can just define the
| container name as hostname -- the DNS entries are automatically
| created.
| patapong wrote:
| I have had a great experience with using this:
| https://github.com/lucaslorentz/caddy-docker-proxy
|
| It combines caddy with docker-compose labels, making it super
| easy to spin up new projects that can immediately be exposed.
| GabeIsko wrote:
| I do something similar, but even managing a separate
| configuration just for the reverse proxy gets tiring. I have
| plans to move to something kubernetes based and use an ingress
| controller to automatically set up everything based on a
| deployment chart, but I never get around to it...
| Jnr wrote:
| Being able dynamically configure Traefik routes from docker
| compose labels is the whole point. It is a very useful feature.
| In most cases I get full overview in a single compose file, and
| I do not have to configure or restart the http proxy
| separately, `docker compose up -d` does everything.
| theK wrote:
| Compose overrides are quite cool but can get very involved.
|
| An easier way is to make the port range dynamic by adding a
| prefix variable in .env/example.env. So, once configured, the
| whole localdev binds to ports in the prefix range, eg: 342xx.
|
| Experience shows that localdevs will need that env file anyway
| and adding this config step to the readme is quite effective.
| dennisy wrote:
| Could you elaborate a little more here please?
| melolife wrote:
| Edit: see TheK's answer, which is virtually identical.
| theK wrote:
| Well, the idea is that your port mappings in the docker
| compose look roughly like this
|
| ```
|
| ports:
|
| - "${PORT_PREFIX}01:80"
|
| ```
|
| This means that devs can drive the port range that the
| project bind to by editing their .env file.
| nerdponx wrote:
| I like this a lot. It works well alongside setting the
| compose project name.
|
| However I'd suggest at least specifying a default value so
| developers don't need to mess with version-controlled .env
| files to customize their local setups.
___________________________________________________________________
(page generated 2023-10-03 23:00 UTC)