Swarm mode

[jasonchi38]

How do we deploy this in Swarm mode? I'm to a point that everything works when run as docker-compose, however this only works if you run everything on the same host. Great for testing and single site. I can't seems to find a way to attach "docker-compose up" container to -overlay network, which is needed to run in swarm mode.

Running in Swarm mode (docker stack deploy ...) return this error: Sending container 'nginx-test' signal '1' Error sending signal to container: No such container: nginx

[jasonchi38]

Has anyone successfully implemented in swarm mode where you deploy nginx-letsencrypt service on one node, and deploy web application on another node?

Please let me know if it's not possible at this time, google various answers are driving me nuts. Thanks.

[kevindesousa]

Hello,

I have the same problem, I want to use this with the Swarm. If anyone can help us.

Thanks

[oronoa]

There are other issues with the swarm. You would want to run this replicated, but it needs a design where one would be the leader and acquire the new certs and write them to a share (NFS?) path while the others only listen for changes.

[cchris-org]

my basic idea is to run nginx-proxy-letsencrypt in mode=global. so .. each node have its one proxy with its own external ip. Wordpress could be deploy in replicated mode, because each node shoud be noified via docker-gen if a service replicated on it. but .. on v3 there is no name to define. Docker-gen need a container-name for notify the nginx-container. how can i define a name in v3??

[fbandrey]

Hey guys, you can find the solution of "no containers name in Swarm mode" issue over here: https://hub.docker.com/r/helder/docker-gen/

This image using labels instead of container names or IDs. I've fixed this problem few minutes ago. Yay!

[hugokoopmans]

Hi, I am looking for a solution to setup the compagnion in (or infront of) a swarm. It seems docker-gen finds the service (and creates the certs for the service, only the routing from nginx into the swarm does not find the service provided by the swarm. Any suggestions how to get this working?

[hugokoopmans]

Hey guys, you can find the solution of "no containers name in Swarm mode" issue over here: https://hub.docker.com/r/helder/docker-gen/

This image using labels instead of container names or IDs. I've fixed this problem few minutes ago. Yay!

Hi @fbandrey can you elaborate how this helps our issue here? Thx

[pupattan]

I am facing the same issue. @fbandrey Could you please elaborate ?

[fbandrey]

Hey @hugokoopmans and @pupattan, sorry for delay.

I stopped using Swarm in favor of Kubernetes few years ago, so I even don't remember how I deal with this issue before. BUT! Want to tell you that it's super easy to setup certs issuer in K8s, so I recommend to take a look at this software.

[netlander]

@fbandrey any pointers in terms of tuts or docs regarding this "super easy" setup?

[fbandrey]

@netlander yeah, this one: https://cert-manager.io/docs/ Just a few commands and cert manager is up and running. Hope you have already dealt with this by yourself.

FYI: I'm hosting my domains at www.gandi.net and cert-manager has integration with Gandi to solve challenges via DNS. But HTTP solver exising as well of course.

So I can issue certs using simple CRDs. Example for wildcard cert:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wc-domain-cert
spec:
  dnsNames:
    - '*.domain.com'
  issuerRef:
    name: le-dns-prod
  secretName: wc-domain-tls

And prod issuer:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: le-dns-prod
  namespace: default
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: user@email.com
    privateKeySecretRef:
      name: le-dns-prod
    solvers:
    - dns01:
        webhook:
          groupName: acme.bwolf.me
          solverName: gandi
          config:
            apiKeySecretRef:
              key: api-token
              name: gandi-credentials

Some more info about integration with Gandi: https://github.com/bwolf/cert-manager-webhook-gandi Rest of the list: https://cert-manager.io/docs/configuration/acme/dns01/#webhook

Have fun 😄