Different tld per container

[marclennox]

How feasible would it be to allow each individual container to specify an alternate tld (instead of the default '.docker' one. I realize you can change the default but not on a per container basis.

Ideally you could specify ssl keys per tld also.

Just curious is this is even feasible.

[codekitchen]

It should be possible -- you'd need to either specify all TLDs up front, or a more seamless approach would be to have code dynamically build up the list of TLDs and reconfigure dnsmasq on-the-fly. This could be done with docker-gen and a dnsmasq.tmpl file, just like how the nginx.tmpl config is generated.

You should be able to specify ssl cert per tld already, by placing it at /etc/nginx/certs/docker.crt etc, but I haven't tried it: https://github.com/codekitchen/dinghy-http-proxy/blob/master/nginx.tmpl#L59

[marclennox]

Thanks @codekitchen I may give this a shot and submit a PR.

[codekitchen]

Oh sorry, now that I think about it again, the second more automatic approach wouldn't work as I've described it. You'd also need something running on the host OS X machine, watching for changes and updating /etc/resolver as necessary. That'd be a significant new piece.

Alternatively, we could in theory stop using the /etc/resolver functionality and actually reconfigure the OS X host to resolve using our DNS proxy. I want to avoid that though, it'd be a lot of work to make that function correctly for all possible installs.

[marclennox]

Why would /etc/resolver need to change? My understanding is that /etc/resolver/docker only tells OSX to connect to the container's dnsmasq server for name resolution. If the containerized dnsmasq handles different TLDs and restarts itself dynamically, why would OSX not be able to resolve those names?

[codekitchen]

The filename is significant -- /etc/resolver/docker tells OS X to use that config for DNS only for the docker TLD. To resolve *.dev you'd need an /etc/resolver/dev as well, for example.

[marclennox]

Oh I see... yeah, that's a show stopper. :(

[marclennox]

I was actually thinking of setting up the CNAME records on our DNS host provider anyway, so if I take dnsmasq out of the equation, I would just need to have dockergen update the nginx configuration for the specified TLD.