Reputation: 578
Docker container for proxying ports to other containers of the stack
I am currently using Docker Compose for deployment of services in stacks. A typical simplified configuration looks like this:
version: '2'
services:
database:
image: database-v1
networks:
- internal
backend:
image: backend-v1
networks:
- internal
- external
frontend:
image: frontend-v1
networks:
- internal
- external
microservice:
image: microservice-v1
networks:
- internal
networks:
external:
external: true
name: macvlan
internal:
driver: bridge
It works, but there are problems with this configuration. I can access backend and frontend containers from my external network, but with macvlan configuration, the network addresses are assigned sequentially, and the address would depend on which container starts first. In other words, I can tell for sure that these containers got the addresses 192.168.0.120 and 192.168.0.121 on my network, but I can not tell which one of these is backend and which one is frontend without checking, and if the stack is restarted, the addresses might be swapped. The other problem is not being able to access the database and microservice containers without connecting to the internal network. Sure, I can proxy connections to REST microservice through either backend or frontend, but this wouldn't work with the database unless it's exposing some sort of interface over HTTP. An alternative solution would be to just attach all the containers to the external network, but this is also not what I want, because of the first problem (sequential address assignment), and using too many addresses on my network, ideally it should be just one address per stack.
I am aware of Docker being able to forward ports and expose them from the host machine, and this is not what I want. I would like to add another container that would be the only one attached to both networks, and all TCP ports would be forwarded through it. Ideally, I imagine a configuration like this:
version: '2'
services:
proxy:
image: proxy-v1
environment:
PROXY_CONFIG: "frontend:80->80 backend:80->8080 microservice:50051->51 database:5432->5432"
networks:
- internal
- external
database:
image: database-v1
networks:
- internal
backend:
image: backend-v1
networks:
- internal
frontend:
image: frontend-v1
networks:
- internal
microservice:
image: microservice-v1
networks:
- internal
networks:
external:
external: true
name: macvlan
internal:
driver: bridge
This would solve all the problems: the stack is only using one address on the external network (and it will be consistently 192.168.0.120 in my case), and all needed ports can be easily exposed through the proxy.
Was a similar configuration already implemented by someone? Is there an already existing container for just proxying TCP ports? I am looking at socat right now, and it looks like it can do what I want. Would there be any other problems with such configuration that I can't see at the moment?
Upvotes: 0
Views: 108
Answers (0)
Related Questions
- How do I pass environment variables to Docker containers?
- Copying files from Docker container to host
- How to list containers in Docker
- How to copy files from host to Docker container?
- How to force Docker for a clean build of an image
- What is the difference between ports and expose in docker-compose?
- How to get a Docker container's IP address from the host
- How to remove old Docker containers