[Regression] Cannot work on multiple projects on the same computer, external amazeeio-network is added to all `php` containers.

[silverham]

PROBLEM

Hi Team, due to commit:

[ https://github.com/govCMS/scaffold commit ]

commit 95f75ddeb846df17c24addeac4fb064491c6f6c5
Merge: f5e50f0 5f315bf
Author: Steve Worley <sj.worley88@gmail.com>
Date:   Mon Nov 27 16:00:55 2023 +1100

Merge pull request #72 from govCMS/fix/compose-network-stanzas
Fix: Add missing network stanzas.

Commit: 5f315bf4a1d4dffacb87f73c343d84a506b086ce PR: https://github.com/govCMS/scaffold/pull/72

[ Per project GovCMS SaaS commit ]

Author: GovCMS service account <govhosting@finance.gov.au>
Date:   Wed Jul 17 11:39:27 2024 +0000

[skip ci] GovCMS Service: Upgrade platform scaffold.

When you multiple GovCMS projects running, the nginx docker container will connect to any projects' php container, as all projects have access to each others php container via the external amazeeio-network network. So then local development is broken. Previously this issue didn't exist because the amazeeio-network network only existed on the nginx container.

Additionally, local development override for oembed is now broken, so if the internet goes down, local development of firewalled GovCMS instances cannot function. e.g.

$config['media.settings']['oembed_providers_url'] = 'http://nginx:8080/themes/custom/my_theme/assets/json/providers.json';

@see here nginx connects to php container (which the hostname is not unique per network), where it should connects over default network which is per project so issues.

fastcgi_pass ${NGINX_FASTCGI_PASS:-php}:9000;

https://github.com/uselagoon/lagoon-images/blob/main/images/nginx-drupal/drupal.conf#L78

I propose to revert this commit.

WHAT SHOULD OF BEEN DONE INSTEAD for mailhog etc.

These services should be defined in a docker-compose.override.yml file and use the default network so no conflicts.

WORKAROUND

Option 1) FOR ALL PROJECTS - revert the commit by commenting out the - amazeeio-network line except for nginix.

OLD:

networks:
  - amazeeio-network
  - default

NEW:

networks:
#  - amazeeio-network
  - default

Then docker-compose up -d on all projects.

Option 2)

Create a new separate network e.g. amazeeio-network-additional.

Run: docker network create amazeeio-network-additional

Attach the pygmy reverse proxy to the new network

docker network connect amazeeio-network-additional amazeeio-haproxy

Then per project, comment out the - amazeeio-network line and add the - amazeeio-network-additional line.

OLD:

networks:
  - amazeeio-network
  - default

NEW:

networks:
#  - amazeeio-network
  - amazeeio-network-additional
  - default

And same with the external network definition at the bottom of thedocker-compose.yml` file.

OLD:

networks:
#  amazeeio-network:
#     external: true
  amazeeio-network-additional:
    external: true

Then docker-compose up -d on that project.

[tobybellwood]

That's great sleuthing @silverham - that's why our lagoon default setup only uses the default network for pod networking.

[silverham]

No worries ^^

Joshua Stuart Graham

[silverham]

I had an idea/consideration, maybe create an second network "amazeeio-network-tooling", if needing to share a central mailhog etc. then make sure to NOT attach a pmagy/http proxy server to it. Also, it might be good to have a different/additional hostname for mailhog e.g "mailhog.shared" so it's less confusing where mail is going and no conflict if a project already has a mailhog setup locally.

[tobybellwood]

The Lagoon images configure the mailhub settings (to use the mailhog provided with pygmy or similar) in an entrypoint, based on the host docker network - so it shouldn't require a different network to access it. https://github.com/uselagoon/lagoon-images/blob/main/images/php-fpm/entrypoints/50-ssmtp.sh#L24C42-L24C63

If you're not running pygmy - any docker service exposing a mailhog/mailpit instance on port 1025 will collect the outbound mail

  mailhog:
    image: pygmystack/mailhog:latest
    labels:
      lagoon.type: none
    ports:
      - "1025:1025"
      - "8025:8025"

[steveworley]

Thanks for digging in @silverham — I think you're right with the local stack should define the mailhog service (either in docker.compose.yml with a lagoon.type of none or in the override) and we can provide default configuration to connect Drupal to it rather than using the one provided by pygmy.

I'll get a PR going to resolve.

[steveworley]

@silverham — after doing some extra digging, it looks like the standard entrypoint for Lagoon has a hardcoded IP for the docker bridge that it checks to see if mailhog is listening with:

elif nc -z -w 1 172.17.0.1 1025 &> /dev/null; then
  echo -e "\nmailhub=172.17.0.1:1025" >> /etc/ssmtp/ssmtp.conf
  return

on mac in particular, this IP is not available by default unless the container is attached to the network

I've added https://github.com/uselagoon/lagoon-images/pull/1073 to add support for host.docker.internal.

[silverham]

Wow, that's amazing that support is mostly already built in. Awesome digging to you too!