Closed soumyadipDe closed 6 years ago
tifayuki
commented
7 years ago @soumyadipDe
I tried the following and it works:
1) attach app1 to network net1
2) attach app2 to network net2
3) run haproxy using the option --network net1 --network net2.
It is like, instead of attaching apps to proxy network, attach the proxy to application networks.
Same here I didn't find how to attach a service to a network using docker service update :(
soumyadipDe
commented
7 years ago @tifayuki We would be having multiple services deployed and removed multiple times. Running haproxy on each of the network would not be a good option for us.
tifayuki
commented
7 years ago I am not sure if the docker built-in network has the ability to define the access rules. Maybe you can try other network plugins, like weave for example.
We are trying to set dockercloud-haproxy on top of docker v1.13 swarm mode. So we have app1 and app2 both are tied to haproxy with the same router network and life is happy. But the issue is now app1 can access app2 via name "app2" as they are in same overlay network and this is not desired in security point of view.
Is there any way to restrict this or any other way to setup haproxy to avoid this? We thought of setting up different overlay network but service update appears not having any add-network option (Anyway we would not be happy with this approach though).
Thanks in advance!