Express gateway return redirect 307 instead of forward requests - express-gateway

Scenario
I have two services service1 and service2. First is written in net5 and second in net6.
I also would like to have some gateway. I used express gateway.
I hosted it as 3 containers with docker compose.
There are 3 ports localhost:10443 for service1 localhost:10445 for service2 and localhost:10444 for gateway. But I want all traffic thru gateway.
Expected bahaviour
When I enter in my browser address localhost:10444/app/path1 I should receive response from service2. In browser I should see port 10444.
Problem
Unfortunately gateway redirects my reuqest instead of forwarding it.
It return http 307 and Location header like https://container2:10445/...
I have following express gateway config:
http:
port: 8080
https:
port: 9443
tls:
"default":
key: /var/lib/eg/certs/xyz.key
cert: /var/lib/eg/certs/xyz.crt
admin:
port: 9876
host: localhost
apiEndpoints:
service1:
paths:
- '/app/path1/*'
- '/external/*'
service2:
paths:
- '/'
- ''
- '/static/*'
- '/products/*'
serviceEndpoints:
service1end:
url: 'http://container1'
service2end:
url: 'http://container2'
policies:
- basic-auth
- cors
- expression
- key-auth
- log
- oauth2
- proxy
- rate-limit
pipelines:
pipeline1:
apiEndpoints:
- service1
policies:
- proxy:
- action:
serviceEndpoint: service1end
pipeline2:
apiEndpoints:
- service2
policies:
- proxy:
- action:
serviceEndpoint: service2end
docker compose
version: '3.4'
services:
gw:
image: express-gateway:latest
container_name: gw
depends_on:
- service1
- service2
mssql:...
redis:...
storage: ...
service1:
image: ${DOCKER_REGISTRY-}service1
container_name: service1
build:
context: .
dockerfile: somepath/Dockerfile
depends_on:
- mssql
- redis
- storage
service2:
image: ${DOCKER_REGISTRY-}service2
container_name: service2
build:
context: .
dockerfile: some path 2/Dockerfile
depends_on:
- mssql
docker compose override
version: '3.4'
services:
gw:
ports:
- 10081:8080
- 10444:9443
volumes:
- C:somepath:/var/lib/eg
mssql:
redis:
storage:
service1:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ConnectionStrings__Conn=XXXX
ports:
- "10083:80"
- "10446:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
service2:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ConnectionStrings__PADb=XXXX -
ports:
- "10082:80"
- "10445:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
volumes:
sqldbVolume:
external: false
redisVolume:
external: false

Related

How to host multiple django apps with nginx proxy and redirect by subdomain?

I create proxy container with docker and generate ssl certificates to my domain with jwilder/nginx-proxy. It's works, but now tried redirect my django apps by subdomain and every request return 502 bad gateway. I'm a noob to this. I need help to know what I'm doing wrong.
This is my docker-compose nginx-proxy:
version: '3'
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
- certs:/etc/nginx/certs:rw
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
www:
image: nginx
restart: always
expose:
- "80"
volumes:
- /Users/kbs/git/peladonerd/varios/1/www:/usr/share/nginx/html:ro
environment:
- VIRTUAL_HOST=pablokbs.com,www.pablokbs.com
- LETSENCRYPT_HOST=pablokbs.com,www.pablokbs.com
- LETSENCRYPT_EMAIL=pablo#pablokbs.com
depends_on:
- nginx-proxy
- letsencrypt
volumes:
certs:
html:
vhostd:
and this is docker-compose django app (bak_web is app to redirect by subdomain):
version: "3"
services:
core_api:
build:
context: .
env_file: .env
container_name: "bak-api"
ports:
- 8181:8181
volumes:
- ./BAK_API:/bak_api
- ./bak:/bak_api
command: uvicorn bak.asgi:app --host 0.0.0.0 --port 8181
bak_web:
build:
context: .
expose:
- "80"
env_file: .env
container_name: "bak-web"
volumes:
- static:/bak_web/static
- .:/bak_web
- ./bak_chatbot:/app
nginx-bak-web:
image: nginx
restart: always
expose:
- "80"
volumes:
- ./config/nginx/conf.d:/etc/nginx/conf.d
- static:/bak_web/static
environment:
- VIRTUAL_HOST=bakzion.duckdns.org
- LETSENCRYPT_HOST=bakzion.duckdns.org
- LETSENCRYPT_EMAIL=omar.cravioto.p#gmail.com
depends_on:
- bak_web
volumes:
.:
static:
last this is local.conf configuration:
upstream bakzion.duckdns.org {
server bak_web:80;
}
server {
listen 80;
server_name bakzion.duckdns.org;
location /static/{
alias /bak_web/static/;
}
location / {
include uwsgi_params;
uwsgi_pass uwsgi://webapp.docker.localhost;
include /etc/nginx/vhost.d/default_location;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
uwsgi_read_timeout 180;
}
}
I tried create proxy docker with nginx to redirect every django app host in server

do you really need this part?:
www:
image: nginx
restart: always
expose:
- "80"
volumes:
- /Users/kbs/git/peladonerd/varios/1/www:/usr/share/nginx/html:ro
environment:
- VIRTUAL_HOST=pablokbs.com,www.pablokbs.com
- LETSENCRYPT_HOST=pablokbs.com,www.pablokbs.com
- LETSENCRYPT_EMAIL=pablo#pablokbs.com
depends_on:
- nginx-proxy
- letsencrypt
It's pointed to a domain of another Person, maybe that is making a conflic.
I've recently hosted two sites with jwilder an both of them work.
Example of my jwilder config:
nginx-proxy:
image: bbtsoftwareag/nginx-proxy-unrestricted-requestsize:alpine
networks:
- nginx-net
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
# If you have default config, user next line: (from a config folder of your project)
- ./config/default_location:/etc/nginx/vhost.d/default_location
- myProject_static_myProject:/myProject/static
- myProject_media_myProject:/myProject/media
- myProject2_static_myProject2:/myProject2/static
- myProject2_media_myProject2:/myProject2/media
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
- certs:/etc/nginx/certs:rw
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
certs:
html:
vhostd:
myProject_static_myProject:
external: true
myProject_media_myProject:
external: true
myProject2_static_myProject2:
external: true
myProject2_media_myProject2:
external: true
#If you have a network
networks:
nginx-net:
name: network_name
As the Pelado Nerd says... IMPRESIONANTE!

VueJS + Django Rest Framework in dockers

I have a VueJS front end and a Django Rest Framework Backend which are independant (Django does not serve my VueJS app)
In local they work very well together but after using a docker-compose to deploy them on the server they don't want to communicate anymore. I can see my frontend but the axios requests get a TimeOut.
How it's made in my docker compose:
version: '3'
networks:
intern:
external: false
extern:
external: true
services:
backend:
image: #from_registry
container_name: Backend
env_file:
- ../.env
depends_on:
- db
networks:
- intern
volumes:
- statics:/app/static_assets/
- medias:/app/media/
expose:
- "8000"
db:
image: "postgres:latest"
container_name: Db
environment:
POSTGRES_PASSWORD: ****
networks:
- intern
volumes:
- pgdb:/var/lib/postgresql/data
frontend:
image: from_registry
container_name: Frontend
volumes:
- statics:/home/app/web/staticfiles
- medias:/home/app/web/mediafiles
env_file:
- ../.env.local
depends_on:
- backend
networks:
- intern
- extern
labels:
- traefik.http.routers.site.rule=Host(`dev.x-fantasy.com`)
- traefik.http.routers.site.tls=true
- traefik.http.routers.site.tls.certresolver=lets-encrypt
- traefik.port=80
volumes:
pgdb:
statics:
medias:
In my AxiosConfiguration I put:
baseURL="http://backend:8000"
And my front try to access on this URL but get a timeout error.
In the console I have an error
xhr.js:177 POST https://backend:8000/api/v1/token/login net::ERR_TIMED_OUT
It seems that there is a https in place of the http. Can it come from here?
Any idea how to make them communicate?
Thanks

How to serve static files using Traefik and Nginx in docker-compose

I am trying to serve static files using Traefik and Nginx, also docker. My Django application works well, I can access all pages, but can't setup static files serving. When I open site.url/staic/ It redirects me to the 404 page. For the code skeleton, I am using cookiecutter-django.
Here is my docker configuration:
django:
build:
context: .
dockerfile: ./compose/production/django/Dockerfile
image: dreamway_team_production_django
depends_on:
- postgres
- redis
env_file:
- ./.envs/.production/.django
- ./.envs/.production/.postgres
command: /start
postgres:
**
traefik:
build:
context: .
dockerfile: ./compose/production/traefik/Dockerfile
image: dreamway_team_production_traefik
depends_on:
- django
- nginx
volumes:
- production_traefik:/etc/traefik/acme
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
redis:
**
nginx:
image: nginx:1.17.4
depends_on:
- django
volumes:
- ./config/nginx.conf:/etc/nginx/conf.d/default.conf
- ./dreamway_team/static:/static
and my config for traefik:
log:
level: INFO
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
certificatesResolvers:
letsencrypt:
acme:
email: "mail"
storage: /etc/traefik/acme/acme.json
httpChallenge:
entryPoint: web
http:
routers:
web-router:
rule: "Host(`[DOMAIN_NAME]`)"
entryPoints:
- web
middlewares:
- redirect
- csrf
service: django
web-secure-router:
rule: "Host(`[DOMAIN_NAME]`)"
entryPoints:
- web-secure
middlewares:
- csrf
service: django
tls:
certResolver: letsencrypt
middlewares:
redirect:
redirectScheme:
scheme: https
permanent: true
csrf:
headers:
hostsProxyHeaders: ["X-CSRFToken"]
services:
django:
loadBalancer:
servers:
- url: http://django:5000
providers:
file:
filename: /etc/traefik/traefik.yml
watch: true
Any help would be appreciated! Thanks!

Traefik2 route multiple services to multiple subpaths in flask

I have an issue with multiple services running by flask.
If I comment service app1 or app2, everything works great.
But when I run two sevicves simultaneously and "curl localhost/app1", I got 404 error.
"curl localhost/app2" works great.
Here's the docker-compose.yml.
version: "2.4"
services:
traefik:
image: "traefik:v2.1.3"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
app1:
image: pytorch:1.4.0
build:
context: .
target: prod
dockerfile: ./app1/Dockerfile
labels:
- traefik.enable=true
- "traefik.http.routers.app1.rule=Path(`/app1`)"
- "traefik.http.routers.app1.entrypoints=web"
app2:
image: pytorch:1.4.0
build:
context: .
target: prod
dockerfile: ./app2/Dockerfile
labels:
- traefik.enable=true
- "traefik.http.routers.app2.rule=Path(`/app2`)"
- "traefik.http.routers.app2.entrypoints=web"

Setting up traefik with docker services on aws

I'm trying to use traefik in fron't of my docker services (although only 1 docker service to start with) I've been able to set-up traefik however it is ignoring the labels that I include in my docker compose file. I'm using a docker swarm on AWS.
The log indicates
"Filtering container without port and no traefik.port label service_myapp.3"
I've inspected both the service, and a the containers, using docker service inspect and docker container inspect and the labels are present.
The traefik web console shows a docker tab, but with nothing under it.
Here is my traefik.toml
logLevel = "DEBUG"
traefikLogsFile = "/var/logs/traefik.log"
[entryPoints]
[entryPoints.http]
address = ":80"
[web]
address = ":8080"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true
swarmmode = true
exposedbydefault = false
and here is my docker compose yml
version: "3.4"
configs:
traefik:
external:
name: traefik
services:
traefik:
image: traefik:1.3.5
configs:
- source: traefik
target: /etc/traefik/traefik.toml
mode: 0400
depends_on:
- myapp
volumes:
- traefiklogs:/var/logs
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- public
- private
tty: true
deploy:
mode: global
placement:
constraints:
- node.role == manager
myapp:
image: myapp
deploy:
endpoint_mode: vip
replicas: 3
restart_policy:
condition: on-failure
ports:
- "4000:8080"
networks:
- public
- private
labels:
traefik.frontend.rule: "Host:myapp.myapp.com"
traefik.backend: "myapp"
traefik.docker.network=: "public"
traefik.enable: "true"
traefik.port: "4000"
networks:
public:
driver_opts:
encrypted: 1
private:
driver_opts:
encrypted: 1
volumes:
sqldata:
traefiklogs:

With swarmmode = true, you need to set the labels on the service instead of the containers. That's done by defining the labels within the deploy section:
version: "3.4"
configs:
traefik:
external:
name: traefik
services:
traefik:
image: traefik:1.3.5
configs:
- source: traefik
target: /etc/traefik/traefik.toml
mode: 0400
depends_on:
- myapp
volumes:
- traefiklogs:/var/logs
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- public
- private
tty: true
deploy:
mode: global
placement:
constraints:
- node.role == manager
myapp:
image: myapp
deploy:
endpoint_mode: vip
replicas: 3
restart_policy:
condition: on-failure
labels:
traefik.frontend.rule: "Host:myapp.myapp.com"
traefik.backend: "myapp"
traefik.docker.network=: "public"
traefik.enable: "true"
traefik.port: "4000"
ports:
- "4000:8080"
networks:
- public
- private
networks:
public:
driver_opts:
encrypted: 1
private:
driver_opts:
encrypted: 1
volumes:
sqldata:
traefiklogs: