Hello, Below 2 questions assumes that : Path to docker image, app container (e.g. tracim), and container volumes is var/lib/docker... My VPS is networking with docker, and connecting app container, through the docker network IP ADDRESS assigned to it by default docker bridge network. Website e.g. https://subdom.domain.net, and corresponding database were set in ISPConfig A “.env“ file was set and now contains the database environment variable to be passed to the app container I edited “docker run“ command line and completed it with infos relating the “.env“ file content /// QUESTION /// Q1 : How should I set my website redirection to app container (see below), so to have https://subdom.domain.net being redirected to https://tracim.domain.net:8087 ? Q2 : Should I replace the <container_name> with its ID, or change the path to have it pointing the docker image, or volume ? REDIRECTION SETTING Redirect Type: ? Redirect Path: /var/lib/docker/overlay2/<container_name> ? If you think that such a redirection from ISPConfig panel to app container should not be set, please let me know why. If you think that the redirection should better be set from my client space OVH (my hosting provider), please let me know too. Regards
I assumes your container is inside your ISPConfig web server itself, so basically, you may change its website root to that container to run from it directly. Alternatively, which is easier I think, create a proxy instead.
Usually you expose the port of the docker container to the host network and setup a proxy pass similar to this with apache2: Code: ProxyPass /myapp http://127.0.0.1:4223/ ProxyPassReverse /myapp http://127.0.0.1:4223/ This assums that the container itself is running on the ISPConfig server.
Ain’t that already the case if content for containerized app (image, volume container) are located at var/lib/docker, and if app container get run from this location ? Or should I set something to have the app container specifically running “on the ISPConfig server“ ?
I did never proceed such a task, and didn’t know that host network can be set so to expose a specific port. Within what file may the host network be set so to have it exposing the container’s port ? Where is this file located ? What line to search in file, to modify or add the port to be exposed ? Could this be done reversely form a “docker run“ command line such as : ~$ docker run -d —add-host mydomain.com:IPV4 ADDRESS Source : https://codeopolis.com/posts/add-a-host-entry-to-a-docker-container/ Do you mean that using ISPConfig panel, above strings have to be pasted in the apache directives field of the relevant website ? As being newbie to docker, I am not sure about what to replace “/myapp“ with : should this be replaced with container name (or id), with docker image name… ?
I see there is a lot of lacking knowledge on these topics so let me help you with that. The first question was is the server where you installed ISPConfig on, the same server where you run your docker containers on? You don't have to configure anything special to "expose" the port to the host. In most cases docker containers run with "host" network. You can get more info here: https://docs.docker.com/network/host/. But to make this easier for you, just show us with what command you use to run the docker container or post the docker-compose.yml file if that is the way to run this container. Exactly. But again let's go through this step by step. You create a website within ISPConfig with the domain you want to use. Then within the apache directives you set the "ProxyPass" settings as described above. The "myapp" part is telling the webserver that this will be served under "domain.tld/myapp" you can leave this at "/" if you want to access it with "domain.tld". The port shown in the ProxyPass line is the port your docker container exposes to the host. You can see them in the last column "ports" in the "docker ps" output.
You made the question clearer, and the reply is YES I do know that docker assignes an IP ADDRESS to the host where it get installed, through its default bridge network. I did replace the MariaDB server default bind-address to this IP ADDRESS : 172.17.0.1
~$ docker run --name tracim -p 8087:80 --env-file .env - p 3306:3306 -v ~/var/www/clients/client1/web1/web/tracim/etc:/etc/tracim -v ~/var/www/clients/client1/web1/web/tracim/var:/var/tracim -d algoo/tracim Assuming that tracim directory (and sub directories) stands as a docker project directory. Assuming that I created it within the root directory of a website set with ISPConfig. Being admited that docker image and docker container directories are located at var/lib/docker Assuming that I expect the relevant docker container to be run from executing above command line /// QUESTIONS /// Does it still make sens to change the website’s root directory, or to alternatively maybe add in the .env file (see next post) the environment variable “APP_URL=https...“ ? Is such a configuration allow accessing tracim app login page from URL, e.g. https://tracim.mydomain.net:8087 ? Would it be redundant with some previous setting to amend the docker command line with “--add-host mydomain.com:IPV4 ADDRESS“ Source : https://codeopolis.com/posts/add-a-host-entry-to-a-docker-container/
~$ docker run --name tracim -p 8087:80 --env-file .env - p 3306:3306 -v ~/var/www/clients/client1/web1/web/tracim/etc:/etc/tracim -v ~/var/www/clients/client1/web1/web/tracim/var:/var/tracim -d algoo/tracim The .env file passing host environment variables to the container, is located at - /var/www/clients/client1/web1/web/tracim/ - and was edited as shown here below (refers to MariaDB server) . I put in bold the environment variables that maybe need to be added... : DATABASE_TYPE=<mysql> MYSQL_ROOT_HOST=<IPV4 ADDRESS> MYSQL_PORT=3306 MYSQL_USER=<username> MYSQL_PASSWORD=<password> MYSQL_DATABASE=<tracimdb> APP_URL=e.g. https://tracim.mydomain.net:8087 I put online a pdf file that details the 5 steps I went through to edit the command line as it results here above : https://dochub.com/keoz/nO1YzvAwA1o9vaaw6L4WP2/tracim-steps02-pdf?dt=Kr6Zv34VYfvENxt7mXxi
I am not sure if docker can possibly be jailed / chrooted or not but did you install docker as server root or website root? Because if you can jailed/ chrooted docker, you set create shell access for the website thus can use its root to run docker. Try checking if this is working: https://github.com/chazlever/docker-jail. The idea is if you use chroot, you should be able to use /web/tracim, /etc/tracim and /var/tracim which is all under your exampled path /var/www/clients/client1/web1. Why port 8087 for https when you can use the standard 443? As so far that I can see in theory, since I do not really use or understand docker that much, the 443 is easier since you should be able to access your exampled URL https://tracim.mydomain.net directly. I read some discussions about docker but some say it is the same as jail some say it is not, because it is containerized, but I think it is almost the same: https://news.ycombinator.com/item?id=8213206 Another good article I found on using docker is here: https://www.peterspython.com/en/blo...flask-docker-container-as-a-jailed-shell-user which should also work well but it has a different approach compared to the idea given above.
Docker is a container, so basically a virtual machine like lxc. It shares the kernel with the main system but runs software within its own environment but it can map directories and ports to the outside world. So if you have a web based app in docker, then this app runs on a http server inside the container, this http server port is then mapped to an external port which can be reached from outside of the container and when you want to make this accessible from the internet on a server which is a hosting system itself (like an ispconfig web server), then you use a proxy on the ispconfig web server to redirect traffic to the exposed port of the docker container which listens on localhost. Port 443 is already used by the apache or Nginx server on the system and you can not have two applications listening on the same port and IP. That's why one uses a different (unused) port for docker on localhost and then redirect traffic from apache/nginx to docker via a proxy rule.
In my use case, both docker script and ISPConfig server are installed in the same host (my VPS), but have their respective environment, and their contents deployed in different locations. In such a configuration, the ISPConfig server environment may be considered as being in the outside of whatever container to be run : Docker : var/lib/docker Website set in ISPConfig : /var/www/clients/client1/web1/web Effectively, a docker container can map the outside world (website set in ISPConfig), in different ways : I opted for the one that rely on the bridge network which is a docker default functionality, that requires the following settings to get activated : Create required volumes that the container (tracim app) may map to. The .env file allows to pass the environment variable (database) to the container : /var/www/clients/client1/web1/web/tracim /var/www/clients/client1/web1/web/tracim/etc /var/www/clients/client1/web1/web/tracim/var /var/www/clients/client1/web1/web/tracim/.env Change MariaDB server’s bind-address to 172.17.0.1, the IP ADDRESS that is by default assigned to the ISPConfig server’s host (my VPS), so to allow remote connexion from container. Allow the dbuser to remotly access the database from any host. Would you say that this is achieved in ISPConfig (under dbuser tab) when checking the box for “remote access“ ? /// HELP REQUEST /// I am requesting help from experimented forumer that already had to map a docker container to content set in ISPConfig server environment, so to know if following further settings are potentially redundant or conflictual with above bridge network settings : Set a proxy pass : I now believe that this is not necessary, if the bridge network is already set to allow containers to map required contents in the ISPConfig server’s environment. Add the “APP_URL=value“ variable to the .env file : the value may be such as https://tracim.mydomain.net:8087 Add a host entry to the container by completing the command line with e.g. : –add-host tracim.mydomain.net:8087 https://codeopolis.com/posts/add-a-host-entry-to-a-docker-container/
There seems to be quiet a bit confusion here. You don't need to run a reverse proxy, but that means that the app within container is not accessible without specifing the port when browsing it, for example http://domain.tld:8123. You don't need to use any ISPConfig related stuff in this case. You don't need a webspace the data can reside anywhere on the host. You only would use a webspace to create the reverse proxy config to route traffic from https://tracim.domain.tld for example to your docker Container.
As I have done in previous situations, such a traffic routing may then be set from my client space at OVH (my hosting provider), isn’t it ?
