separate active-proxies with own pool of backend containers

[stevenmunro]

Hello

Is it possible to have two separate instances of rancher-active-proxy on two hosts - but certain backend containers are attributed to either one or the other?

[Toruide]

Hi,

I have a setup like that. Works just fine !

[stevenmunro]

How do you do it?

[Toruide]

Let's say you have host A & B

If you have 1 container on each host there is no conflict it's strait forward just setup your labels and dns record and you are good to go.

If the 2 proxy are on the same host one must use another port since 80 and 443 will be taken.

What's important is that your dns route to the good server.

DomainA gives ip of hostA DomainB gives ip of hostB

Then it doesn't matter where your final container is. As long as he is in the same environment it will work.

You can also make it work with subdomain.

Where are you stuck ?

[stevenmunro]

I'll just clarify my scenario.

I have three hosts. A B and C. I have heaps of containers running websites, all over the place. They are distributed across A B and C.

Host A - I want to run active-proxy, this is IP address 1 Host B - I want to run a separate active-proxy (not a copy), this is IP address 2.

I want half of the websites to respond to IP address 1. I want the other half to respond to IP address 2.

[ValentinOdier]

If half of your domains point to adress 1 and the other half to adress 2 it should work.

It might be possible that both proxy will register every domain but since your dns will tell the client to go to the correct address it should not be an issue. I've never tried it with SSL it might be tricky since you don't want to create 2 certificates

[stevenmunro]

Yeh I figured that too. This proxy is brilliant. I'm trying to work out how it works. I've changed the location of /etc/letsencrypt to a virtual directory on a NFS mount. I've also spun up a clone. The only issue I can see is that if a clone is created, it creates a new account id for letsencrypt and the /app/letsencrypt.sh script that runs quite frequently doesn't know what to do with more than one account.

Obviously - I'm pushing this to do something it was not designed to do.

[ValentinOdier]

This proxy is brilliant : agree :D

Yes i see, sorry i'm just a user and i don't know if the account id is configurable.

ps : lovely setup ;)

[ValentinOdier]

maybe you can deactivate the cron on of of the two proxy, might do the trick

[fflo]

Since a few days I'm using jmcarbo/btsync to synchronize the rancher-active-proxy volumes, i.e.:

volumes:
    - /opt/docker/btsync/rancher-active-proxy/htpasswd:/etc/nginx/htpasswd
    - /opt/docker/btsync/rancher-active-proxy/vhost.d:/etc/nginx/vhost.d
    - /opt/docker/btsync/rancher-active-proxy/letsencrypt:/etc/letsencrypt

Running rancher-active-proxy on multiple hosts, how do you disable cron on all but one host? I'm still running it with the default values on three hosts.

[stevenmunro]

I think the ability to be able to scale the rancher-active-proxy service would be awesome. The ability to have something like rap.host=thisdomain.com and rap2.host=thatdomain.com would equally be awesome.

[fflo]

I think the ability to be able to scale the rancher-active-proxy service would be awesome.

Per default all rancher-active-proxy instances share the same configuration automatically and I think that's awesome: Pointing the DNS (record) to any active rancher-active-proxy host works for all available rap.host(s). Rancher automatically routes the internal traffic to the serving container(s).

Why do you like to restrict the configuration on your hosts to some domains only?

[stevenmunro]

Why do you like to restrict the configuration on your hosts to some domains only?

It is because of the simple fact that some websites I am hosting prefer/require their own dedicated IP address.

[fflo]

It is because of the simple fact that some websites I am hosting prefer/require their own dedicated IP address.

yeah, but that's no problem: just setup a dedicated ip/host with another rancher-active-proxy service running and point the dns to that host.

Of course that node also shares the full virtual host configuration of all other nodes but that's no big deal. On the contrary you can move your (intranet) docker containers to wherever you like in case that's necessary for maintenance or ressource issues; rancher-active-proxy automatically takes care to route (forward) the traffic from the hosts to the docker containers.

[adi90x]

Just push an update : adding RAP_NAME and rap.rap_name label support. You can now start several RAP instance , and configure which containers will be publish by which RAP instance !