Open marclennox opened 8 years ago
It should be possible -- you'd need to either specify all TLDs up front, or a more seamless approach would be to have code dynamically build up the list of TLDs and reconfigure dnsmasq on-the-fly. This could be done with docker-gen
and a dnsmasq.tmpl
file, just like how the nginx.tmpl
config is generated.
You should be able to specify ssl cert per tld already, by placing it at /etc/nginx/certs/docker.crt
etc, but I haven't tried it: https://github.com/codekitchen/dinghy-http-proxy/blob/master/nginx.tmpl#L59
Thanks @codekitchen I may give this a shot and submit a PR.
Oh sorry, now that I think about it again, the second more automatic approach wouldn't work as I've described it. You'd also need something running on the host OS X machine, watching for changes and updating /etc/resolver
as necessary. That'd be a significant new piece.
Alternatively, we could in theory stop using the /etc/resolver
functionality and actually reconfigure the OS X host to resolve using our DNS proxy. I want to avoid that though, it'd be a lot of work to make that function correctly for all possible installs.
Why would /etc/resolver
need to change? My understanding is that /etc/resolver/docker
only tells OSX to connect to the container's dnsmasq server for name resolution. If the containerized dnsmasq handles different TLDs and restarts itself dynamically, why would OSX not be able to resolve those names?
The filename is significant -- /etc/resolver/docker
tells OS X to use that config for DNS only for the docker
TLD. To resolve *.dev
you'd need an /etc/resolver/dev
as well, for example.
Oh I see... yeah, that's a show stopper. :(
I was actually thinking of setting up the CNAME records on our DNS host provider anyway, so if I take dnsmasq out of the equation, I would just need to have dockergen update the nginx configuration for the specified TLD.
How feasible would it be to allow each individual container to specify an alternate tld (instead of the default '.docker' one. I realize you can change the default but not on a per container basis.
Ideally you could specify ssl keys per tld also.
Just curious is this is even feasible.