Swarm setup at La Scuola Open Source for reverse-proxying per service and Portainer interface. Based on Docker Flow Proxy with Docker Swarm Listener, using harmburml/docker-flow-letsencrypt for certificates handling, jwilder/whoami for testing and Portainer to manage the Swarm.
This command will start the Swarm and join it as manager:
sudo docker swarm init
Then use the printed command to let every node join the swarm as worker. You can retrieve the manager token with:
sudo docker swarm join-token manager
Create the proxy network to let services communicate with reverse-proxy:
sudo docker network create -d overlay proxy
For now the setup needs a folder to store container. It will probably be implemented with Volumes soon.
sudo mkdir /etc/letsencrypt/
You need to set your Leader Manager node ID in proxy/flow.yml
.
You can retrieve it with:
sudo docker node ls
Copy and paste the ID in proxy/flow.yml
at line:
constraints: [node.id == paste node id here ]
You can set your domains name as DOMAIN1, DOMAIN2, etc. If you tweak them you should also match 'em in each service labels. Be sure your DNS and routerd are forwarding requests to one of your Swarm nodes.
Deploy the Docker Flow Proxy (with letsencrypt) stack to start generating certificates:
sudo docker stack deploy -c flow.yml proxy
Deploy Portainer stack:
sudo docker stack deploy -c portainer-agent-stack.yml portainer
Deploy the Whoami test service:
sudo docker stack deploy -c who.yml who
You can now access portainer at: https://portainer.lascuolaopensource.xyz:9000
and Whoami: https://admin.lascuolaopensource.xyz