Subdomain or subfolder route requests to running docker image

Hi! I have ISPConfig 3.1 git stable and works just fine. My setup includes apache and ubuntu server 16.04.
I wonder if there's a way to map a running docker image to a server subdomain or subfolder using some apache config.
I'm using gitlab through docker and works just fine, but I want to grant internet access to the container. I was thinking to access my docker container through git.domain.com or www.domain.com/git
Tanks in advise!

 

Hi! I'm answering to myself.

After a lot of investigation, here are the steps that I followed to get my gitlab docker container accessed from the internet using ISP Config and hosted in the same server that ISP Config

Considerations:

First of all, you need to access the ISP Config host as root

Then you need to install docker.io

After that, install Docker Compose and assign the right permissions

Then create the directories needed for the gitlab app

Restart the host (I struggled a lot with networking not being reachable because of not rebooting the host)

Inside ISP Config, you must create a new domain ie: git.domain.com and make shure it's accessible from the internet, otherways Let's Encrypt will fail granting new domain certificates

Inside ISP Config, enable SSL security and enable Let's Encrypt

Warning!, If no Let's Encrypt get's created, then docker container will fail with the following config

Copy certs from /etc/letsencrypt/archive/git.domain.com/,

Waning!! when LE renews the certificate, a number is added to the cert files, I don't know how to automatize this, because you can't use symlinks because docker gets confused and can't find the right files pointed out by the link

Warning! this names may change, you must review them previously. If thoose files has a number defore .pem, you must copy the ones that have the greatest number

Forget previous warnings, take a look at this shell script that will copy the most recent certs to gitlab ssl folder https://www.howtoforge.com/communit...ts-to-running-docker-image.73845/#post-363638

Create the docker-compose.yml file in the right folder

Paste this content to the file. You may modify hostname and external_url replacing them with your actual domain, the line real_ip_trusted_addresses replacing it for the host IP and if necessary,the left part of the ports lines (required to avoid port conflicts with other services or docker containers)

Code:

version: '2'
services:
    web:
        image: 'gitlab/gitlab-ce:latest'
        restart: always
        hostname: 'git.domain.com'
        container_name: gitlab
        environment:
            GITLAB_OMNIBUS_CONFIG: |
                external_url 'https://git.domain.com'
                nginx['redirect_http_to_https'] = true
                nginx['proxy_set_headers'] = {
                    "Host" => "$$http_host",
                    "X-Real-IP" => "$$remote_addr",
                    "X-Forwarded-For" => "$$proxy_add_x_forwarded_for",
                    "X-Forwarded-Proto" => "https",
                    "X-Forwarded-Ssl" => "on"
                }
                nginx['real_ip_trusted_addresses'] = ['DOCKER.HOST.IP']
                nginx['real_ip_header'] = 'X-Real-IP'
                nginx['real_ip_recursive'] = 'on'
        ports:
            - '180:80'
            - '1443:443'
            - '122:22'
        volumes:
            - '/opt/gitlab/config:/etc/gitlab'
            - '/opt/gitlab/logs:/var/log/gitlab'
            - '/opt/gitlab/data:/var/opt/gitlab'
            - '/opt/gitlab/ssl:/etc/gitlab/ssl'

Start the docker container

Wait 1 or 2 minutes, if everything went fine, this command may work from another LAN PC

The desired response may be

If it fails, we can access docker container shell to get some diagnostics

Inside the container shell we can check which gitlab services are running in order to diagnose possible issues

In case of problems, we can check out all gitlab services generated logs in this host folder (not inside the container)

Finally, we must tell apache that git.domain.com is a proxy to another host. Edit the domain inside ISP Config and add this directives in the Options.->Apache Directives text area

Code:

<Proxy *>
    Allow from localhost
</Proxy>
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ProxyPreserveHost    On
ProxyPass            /    https://DOCKER.HOST.NAME.OR.IP:1443/
ProxyPassReverse     /    https://DOCKER.HOST.NAME.OR.IP:1443/

Thats all, if everything is working right, you may access your gitlab container through https://git.domain.com

 

Hi! I just wanted to share this shell script that copies most recent LetsEncrypt cert files to gitlab folder. Put this into a cron to run once a day and you are done! Remember to edit the paths to fit your needs

Code:

#!/bin/bash

FILE1=$(find /etc/letsencrypt/archive/git.domain.com/ -name cert\*.pem | sort -n | tail -1)
FILE2=$(find /etc/letsencrypt/archive/git.domain.com/ -name privkey\*.pem | sort -n | tail -1)

cp $FILE1 /opt/gitlab/ssl/git.domain.com.crt;
cp $FILE2 /opt/gitlab/ssl/git.domain.com.key;