Docker container internal vs external dns resolution issue using Traefik

Question

Docker 18.06.1-ce, traefik 1.7.3, dnsmasq, Mac 10.14

I have docker-compose setup with Traefik and need to access several services from inside the docker network/containers and externally.

On a linux box (with Let'sEncrypt and http redirected to https), everything works using the same FQDN for both docker container internal and external access, and I don't have to use the service names.

When I run curl http://belapi.dev.biodati.test from inside the pipeline container using docker-compose exec belapi /bin/bash I get the following error (and I don't see it showing up in the Traefik access logs):

api@407cf7105aee:/app$ curl http://belapi.dev.biodati.test/status
curl: (7) Failed to connect to belapi.dev.biodati.test port 80: Connection refused

This works fine (using the servicename):

curl http://belapi:8000/status

I can also run the following fine from a bash shell on my Mac outside the docker containers (and I see it hitting the Traefik access logs):

curl http://belapi.dev.biodati.test/status

I have dnsmasq setup to forward all *.test domains to 127.0.0.1.

From inside the pipeline container:

dig belapi.dev.biodati.test

;; QUESTION SECTION:
;belapi.dev.biodati.test.   IN  A

;; ANSWER SECTION:
belapi.dev.biodati.test. 7  IN  A   127.0.0.1

My docker-compose file:

networks:
  biodati:
    external: true

services:

  pipeline:
    container_name: pipeline
    image: biodati/bel_pipeline:dev
    networks:
      biodati:

  traefik:
    image: traefik:1.7
    container_name: traefik
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./conf/traefik.toml:/traefik.toml
      - ./logs:/logs
    networks:
      biodati:
    labels:
      - traefik.enable=true
      - traefik.backend=traefik
      - traefik.frontend.rule=Host:traefik.${BS_HOST_NAME:?err}
      - traefik.port=8080
      - traefik.docker.network=biodati

  # BEL API - core requirement
  belapi:
    container_name: belapi
    image: belbio/bel_api:localdev
    networks:
      biodati:
    labels:
      - traefik.enable=true
      - traefik.backend=belapi
      - traefik.frontend.rule=Host:belapi.${BS_HOST_NAME:?err};
      - traefik.port=8000
      - traefik.docker.network=biodati

Answer 1

The write up here was pretty helpful and this is an issue that you can stumble upon today, which I believe is easier to resolve.

I have just created a working example and not recreated everything in clean state. Use wisely

You can now use on the docker-compose the option add extra_hosts 1 2 as in

    extra_hosts:
      - "service1.local.name:10.254.254.254"

This would require you to assign another IP on the host machine - loop device, as explained above. Also for the Debian side of things you can proceed with:

sudo ip addr add 10.254.254.254 dev lo label lo:2

Those changes seems to play well even if you have enabled the alias option for the docker network you work with aka:

    networks:
      services_net:
        aliases:
          - service1.local.name

references: 1 2

Answer 2

For full details on how to solve this: https://medium.com/@williamhayes/local-dev-on-docker-fun-with-dns-85ca7d701f0a

Basically - DNSMasq was working great, Mac Docker Desktop DNS mapping was working great. I could query for my service domain name (e.g. service1.test) dig service1.test1 and get back 127.0.0.1 which is exactly what I set up in DNSMasq. So my domain name was returning the correct IP address for my host. Except - I was getting this inside my container - so 127.0.0.1 was referring to my container environment.

Running the following command on the Mac host level in a terminal:

sudo ifconfig lo0 alias 10.254.254.254

added an alias for 127.0.0.1 that I could use in DNSMasq instead of 127.0.0.1 that would still map to my localhost but it would also work for routing from my docker containers.

Now I can use local domains on my Mac for local development in Docker and get to my containers from my host AND via inter-container requests.