search

byjg / docker-easy-haproxy

Discover services and create dynamically the haproxy.cfg based on the labels defined in docker containers or from a simple static Yaml
MIT License
55 stars 12 forks source link

No configuration generated when using docker discovery #54

Open zasdaym opened 9 months ago

zasdaym commented 9 months ago

Hi, I'm trying to use the standalone docker discovery but can't make it work.

root@z-srv-1:~# docker inspect haproxy | jq '.[].Config.Env'
[
  "EASYHAPROXY_DISCOVER=docker",
  "EASYHAPROXY_LOG_LEVEL=DEBUG",
  "HAPROXY_LOG_LEVEL=ERROR",
  "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
  "RELEASE_VERSION=\"4.4.0\"",
  "TZ=Etc/UTC"
]

root@z-srv-1:~# docker inspect haproxy | jq '.[].Mounts'
[
  {
    "Type": "bind",
    "Source": "/var/run/docker.sock",
    "Destination": "/var/run/docker.sock",
    "Mode": "ro",
    "RW": false,
    "Propagation": "rprivate"
  }
]

root@z-srv-1:~# docker inspect grafana | jq '.[].Config.Labels'
{
  "easyhaproxy.grafana.host": "grafana.zasdaym.my.id",
  "easyhaproxy.grafana.localport": "3000",
  "maintainer": "Grafana Labs <hello@grafana.com>"
}

root@z-srv-1:~# docker exec haproxy cat /etc/haproxy/haproxy.cfg
global
    log stdout  format raw  local0  err
    maxconn 2000
    tune.ssl.default-dh-param 2048

    # intermediate configuration
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-dh-param-file /etc/haproxy/dhparam

defaults
    log global
    option httplog

    timeout connect    3s
    timeout client    10s
    timeout server    10m

frontend stats
    bind *:1936
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    default_backend srv_stats

backend srv_stats
    mode http
    server Local 127.0.0.1:1936

backend certbot_backend
    mode http
    server certbot 127.0.0.1:2080
byjg commented 9 months ago

Would you mind sharing the command you are using to spin up the containers?

zasdaym commented 8 months ago 
docker run --name haproxy --detach --network host -v /var/run/docker.sock:/var/run/docker.sock:ro -e EASYHAPROXY_DISCOVER=docker byjg/easy-haproxy:4.4.0

docker run --name grafana --detach --network host --label easyhaproxy.grafana.host=grafana.zasdaym.my.id --label easyhaproxy.localport=3000 grafana/grafana-oss:10.2.3
byjg commented 8 months ago

Hello, the Easy HAProxy will not work with the network host.

Try change to:

docker run --name haproxy --detach -p 80:80 -p 443:443 -p 1936:1936  -v /var/run/docker.sock:/var/run/docker.sock:ro -e EASYHAPROXY_DISCOVER=docker byjg/easy-haproxy:4.4.0

docker run --name grafana --detach  --label easyhaproxy.grafana.host=grafana.zasdaym.my.id --label easyhaproxy.localport=3000 grafana/grafana-oss:10.2.3

You do not need map the port for the Grafana container since the access will be done by the EASYPROXY on the address http://grafana.zasdaym.my.id

zasdaym commented 8 months ago

May I know why it doesn't work on host network? I think it's good to mention it in the documentation too.

byjg commented 8 months ago

EasyHAProxy requires network inspection from within the Docker container where it's deployed. When a container resides in a different network, it must be added to the EasyHAProxy network (source: https://github.com/byjg/docker-easy-haproxy/blob/master/src/processor/__init__.py#L116-L143).

In this specific scenario, the container fails to detect other containers due to its inability to recognize the host network. This is the primary technical limitation.

Additionally, deploying EasyHAProxy in front of containers eliminates the need for exposing them individually, as all traffic can now be efficiently redirected through HAProxy.