struanb
commented
3 years ago Hi @dacamposol. Thanks for trying DIRD.
Let's check that you are using the correct service name with --services. Can you share the results of docker service ls and confirm that your service name is spelt exactly haproxy_haproxy as you've used on your command line? It needs to be exactly the same. Otherwise DIRD will not match the HAProxy container when it is launched.
Also, if indeed you are only interested into having the real user's IP in the HAProxy container, then please also add --tcp-ports 80 to the command line too. Otherwise, DIRD will disable NAT on all ports, which will prevent access to the Apigee service on 8000 using traditional NAT (as you have specified
(Essentially, if using --services, you must use --tcp-ports, and the ports listed must correspond with the services listed).
dacamposol
Environment
I have a Docker Swarm cluster with a single node where are two services:
The Apigee Microgateway has two replicas, meanwhile HAproxy has only one.
Context
Since I'm only interested into having the real user's IP in the HAProxy container, I perform the following command:
And effectively, if I scale the service to zero replicas and to one afterwards, the daemon notifies the service and starts working perfect: the logs start showing the real user's IP instead of 10.255.0.2
Problem
When the daemon is installed, I have problems accessing Docker services through the external IP from the machine where the daemon is installed.
Example:
telnet XX.XXX.XXX.XXX 8000-> The connection with Apigee Microgateway doesn't work./docker-ingress-routing-daemon --uninstalltelnet XX.XXX.XXX.XXX 8000-> The connection with Apigee Microgateway works perfectly