Subdomain or subfolder route requests to running docker image

Discussion in 'Server Operation' started by razor7, Aug 30, 2016.

  1. razor7

    razor7 Member

    Hi! I have ISPConfig 3.1 git stable and works just fine. My setup includes apache and ubuntu server 16.04.
    I wonder if there's a way to map a running docker image to a server subdomain or subfolder using some apache config.
    I'm using gitlab through docker and works just fine, but I want to grant internet access to the container. I was thinking to access my docker container through git.domain.com or www.domain.com/git
    Tanks in advise!
     
  2. razor7

    razor7 Member

    Hi! I'm answering to myself.

    After a lot of investigation, here are the steps that I followed to get my gitlab docker container accessed from the internet using ISP Config and hosted in the same server that ISP Config

    Considerations:
    First of all, you need to access the ISP Config host as root
    Then you need to install docker.io
    After that, install Docker Compose and assign the right permissions
    Then create the directories needed for the gitlab app
    Restart the host (I struggled a lot with networking not being reachable because of not rebooting the host)
    Inside ISP Config, you must create a new domain ie: git.domain.com and make shure it's accessible from the internet, otherways Let's Encrypt will fail granting new domain certificates

    Inside ISP Config, enable SSL security and enable Let's Encrypt

    Warning!, If no Let's Encrypt get's created, then docker container will fail with the following config

    Copy certs from /etc/letsencrypt/archive/git.domain.com/,

    Waning!! when LE renews the certificate, a number is added to the cert files, I don't know how to automatize this, because you can't use symlinks because docker gets confused and can't find the right files pointed out by the link

    Warning! this names may change, you must review them previously. If thoose files has a number defore .pem, you must copy the ones that have the greatest number


    Forget previous warnings, take a look at this shell script that will copy the most recent certs to gitlab ssl folder
    https://www.howtoforge.com/communit...ts-to-running-docker-image.73845/#post-363638

    Create the docker-compose.yml file in the right folder
    Paste this content to the file. You may modify hostname and external_url replacing them with your actual domain, the line real_ip_trusted_addresses replacing it for the host IP and if necessary,the left part of the ports lines (required to avoid port conflicts with other services or docker containers)
    Code:
    version: '2'
    services:
        web:
            image: 'gitlab/gitlab-ce:latest'
            restart: always
            hostname: 'git.domain.com'
            container_name: gitlab
            environment:
                GITLAB_OMNIBUS_CONFIG: |
                    external_url 'https://git.domain.com'
                    nginx['redirect_http_to_https'] = true
                    nginx['proxy_set_headers'] = {
                        "Host" => "$$http_host",
                        "X-Real-IP" => "$$remote_addr",
                        "X-Forwarded-For" => "$$proxy_add_x_forwarded_for",
                        "X-Forwarded-Proto" => "https",
                        "X-Forwarded-Ssl" => "on"
                    }
                    nginx['real_ip_trusted_addresses'] = ['DOCKER.HOST.IP']
                    nginx['real_ip_header'] = 'X-Real-IP'
                    nginx['real_ip_recursive'] = 'on'
            ports:
                - '180:80'
                - '1443:443'
                - '122:22'
            volumes:
                - '/opt/gitlab/config:/etc/gitlab'
                - '/opt/gitlab/logs:/var/log/gitlab'
                - '/opt/gitlab/data:/var/opt/gitlab'
                - '/opt/gitlab/ssl:/etc/gitlab/ssl'
    Start the docker container
    Wait 1 or 2 minutes, if everything went fine, this command may work from another LAN PC
    The desired response may be
    If it fails, we can access docker container shell to get some diagnostics
    Inside the container shell we can check which gitlab services are running in order to diagnose possible issues
    In case of problems, we can check out all gitlab services generated logs in this host folder (not inside the container)
    Finally, we must tell apache that git.domain.com is a proxy to another host. Edit the domain inside ISP Config and add this directives in the Options.->Apache Directives text area
    Code:
    <Proxy *>
        Allow from localhost
    </Proxy>
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ProxyPreserveHost    On
    ProxyPass            /    https://DOCKER.HOST.NAME.OR.IP:1443/
    ProxyPassReverse     /    https://DOCKER.HOST.NAME.OR.IP:1443/
    Thats all, if everything is working right, you may access your gitlab container through https://git.domain.com
     
    Last edited: Aug 3, 2017
    gbe and till like this.
  3. razor7

    razor7 Member

    Hi! I just wanted to share this shell script that copies most recent LetsEncrypt cert files to gitlab folder. Put this into a cron to run once a day and you are done! Remember to edit the paths to fit your needs

    Code:
    #!/bin/bash
    
    FILE1=$(find /etc/letsencrypt/archive/git.domain.com/ -name cert\*.pem | sort -n | tail -1)
    FILE2=$(find /etc/letsencrypt/archive/git.domain.com/ -name privkey\*.pem | sort -n | tail -1)
    
    cp $FILE1 /opt/gitlab/ssl/git.domain.com.crt;
    cp $FILE2 /opt/gitlab/ssl/git.domain.com.key;
    
     

Share This Page