No configuration generated when using docker discovery
Opened this issue · 5 comments
Hi, I'm trying to use the standalone docker discovery but can't make it work.
root@z-srv-1:~# docker inspect haproxy | jq '.[].Config.Env'
[
"EASYHAPROXY_DISCOVER=docker",
"EASYHAPROXY_LOG_LEVEL=DEBUG",
"HAPROXY_LOG_LEVEL=ERROR",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"RELEASE_VERSION=\"4.4.0\"",
"TZ=Etc/UTC"
]
root@z-srv-1:~# docker inspect haproxy | jq '.[].Mounts'
[
{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Destination": "/var/run/docker.sock",
"Mode": "ro",
"RW": false,
"Propagation": "rprivate"
}
]
root@z-srv-1:~# docker inspect grafana | jq '.[].Config.Labels'
{
"easyhaproxy.grafana.host": "grafana.zasdaym.my.id",
"easyhaproxy.grafana.localport": "3000",
"maintainer": "Grafana Labs <hello@grafana.com>"
}
root@z-srv-1:~# docker exec haproxy cat /etc/haproxy/haproxy.cfg
global
log stdout format raw local0 err
maxconn 2000
tune.ssl.default-dh-param 2048
# intermediate configuration
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-dh-param-file /etc/haproxy/dhparam
defaults
log global
option httplog
timeout connect 3s
timeout client 10s
timeout server 10m
frontend stats
bind *:1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
default_backend srv_stats
backend srv_stats
mode http
server Local 127.0.0.1:1936
backend certbot_backend
mode http
server certbot 127.0.0.1:2080
Would you mind sharing the command you are using to spin up the containers?
docker run --name haproxy --detach --network host -v /var/run/docker.sock:/var/run/docker.sock:ro -e EASYHAPROXY_DISCOVER=docker byjg/easy-haproxy:4.4.0
docker run --name grafana --detach --network host --label easyhaproxy.grafana.host=grafana.zasdaym.my.id --label easyhaproxy.localport=3000 grafana/grafana-oss:10.2.3Hello, the Easy HAProxy will not work with the network host.
Try change to:
docker run --name haproxy --detach -p 80:80 -p 443:443 -p 1936:1936 -v /var/run/docker.sock:/var/run/docker.sock:ro -e EASYHAPROXY_DISCOVER=docker byjg/easy-haproxy:4.4.0
docker run --name grafana --detach --label easyhaproxy.grafana.host=grafana.zasdaym.my.id --label easyhaproxy.localport=3000 grafana/grafana-oss:10.2.3
You do not need map the port for the Grafana container since the access will be done by the EASYPROXY on the address http://grafana.zasdaym.my.id
May I know why it doesn't work on host network? I think it's good to mention it in the documentation too.
EasyHAProxy requires network inspection from within the Docker container where it's deployed. When a container resides in a different network, it must be added to the EasyHAProxy network (source: https://github.com/byjg/docker-easy-haproxy/blob/master/src/processor/__init__.py#L116-L143).
In this specific scenario, the container fails to detect other containers due to its inability to recognize the host network. This is the primary technical limitation.
Additionally, deploying EasyHAProxy in front of containers eliminates the need for exposing them individually, as all traffic can now be efficiently redirected through HAProxy.