search

vfarcic / docker-flow-proxy

Docker Flow Proxy
http://proxy.dockerflow.com/
599 stars 17 forks source link

Latest build on docker hub yields incorrect haproxy config #303

Closed alshabib closed 7 years ago

alshabib commented 7 years ago

Description

Loading simple stack yaml file yields the following haproxy error:

/cfg # haproxy -f /cfg/haproxy.cfg -D -p /var/run/haproxy.pid -sf 10
[ALERT] 210/214002 (102) : parsing [/cfg/haproxy.cfg:52] : error detected in frontend 'services' while parsing redirect rule : error in condition: no such ACL : 'url_web_rest8080'.
[ALERT] 210/214002 (102) : Error(s) found in configuration file : /cfg/haproxy.cfg
[ALERT] 210/214002 (102) : Fatal errors found in configuration.

with this yaml file:

version: "3.3"

services:

  webui:
    image: nginx
    networks:
      - proxy
    deploy:
      labels:
        - com.df.httpsOnly=true
        - com.df.redirectWhenHttpProto=true
        - com.df.notify=true
        - com.df.distribute=true
        - com.df.servicePath=/
        - com.df.port=80

  rest:
    image: some-other-container
    networks:
      - proxy
    deploy:
      labels:
        - com.df.httpsOnly=true
        - com.df.redirectWhenHttpProto=true
        - com.df.notify=true
        - com.df.distribute=true
        - com.df.servicePath=/api
        - com.df.port=8080

networks:
  proxy:
    driver: overlay
    external: true

Steps to reproduce the issue: Assuming running swarm with dfp and swarm-listener.

  1. docker stack deploy -c stack-file.yml web
  2. docker service logs -f proxy_proxy
  3. Observe dfp not reconfiguring correctly

Describe the results you received:

Unable to reach my services. dfp had following error.

/cfg # haproxy -f /cfg/haproxy.cfg -D -p /var/run/haproxy.pid -sf 10
[ALERT] 210/214002 (102) : parsing [/cfg/haproxy.cfg:52] : error detected in frontend 'services' while parsing redirect rule : error in condition: no such ACL : 'url_web_rest8080'.
[ALERT] 210/214002 (102) : Error(s) found in configuration file : /cfg/haproxy.cfg
[ALERT] 210/214002 (102) : Fatal errors found in configuration.

Describe the results you expected:

dfp reconfig and being able to reach my services.

Additional information you deem important (e.g. issue happens only occasionally):

Reverted to dfp version 17.07.20-7 and everything worked out of the box and as expected.

vfarcic commented 7 years ago

Can you please post the proxy configuration (from the version that is failing)? You can get it by entering into one of the containers and executing cat /cfg/haproxy.cfg.

vfarcic commented 7 years ago

I think I found the problem. Can you please try the tag vfarcic/docker-flow-proxy:17.07.30-18 and let me know if the issue is gone?

alshabib commented 7 years ago 
/ # cat /cfg/haproxy.cfg
global
    pidfile /var/run/haproxy.pid
    tune.ssl.default-dh-param 2048

    # disable sslv3, prefer modern ciphers
    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

    ssl-default-server-options no-sslv3
    ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

resolvers docker
    nameserver dns 127.0.0.11:53

defaults
    mode    http
    balance roundrobin

    option  dontlognull
    option  dontlog-normal
    option  http-keep-alive
    option  forwardfor
    option  redispatch

    errorfile 400 /errorfiles/400.http
    errorfile 403 /errorfiles/403.http
    errorfile 405 /errorfiles/405.http
    errorfile 408 /errorfiles/408.http
    errorfile 429 /errorfiles/429.http
    errorfile 500 /errorfiles/500.http
    errorfile 502 /errorfiles/502.http
    errorfile 503 /errorfiles/503.http
    errorfile 504 /errorfiles/504.http

    maxconn 5000
    timeout connect 5s
    timeout client  20s
    timeout server  20s
    timeout queue   30s
    timeout tunnel  3600s
    timeout http-request 5s
    timeout http-keep-alive 15s

frontend services
    bind *:80
    bind *:443
    mode http

    acl url_web_webui80_0 path_beg /
    use_backend web_webui-be80_0 if url_web_webui80_0

backend web_rest-be8080_0
    mode http
    server web_rest web_rest:8080

backend web_webui-be80_0
    mode http
    server web_webui web_webui:80

Will try 17.07.30-18 in a sec.

alshabib commented 7 years ago

17.07.30-18 works and so does latest as I see you have updated that one as well.

Thanks for fixing that so fast!

vfarcic commented 7 years ago

You're welcome :)