When setting up Rancher via its Docker container, you are not able to configure SSL termination out-of-the-box. Instead the Rancher documentation gives some advice on how to set up SSL termination via nginx or Apache. But why would you install such a service on the host when Rancher is running in a container? Ideally the SSL proxy would also run in a container. Searching on Docker Hub for a solution, I found the dictcp/rancher-ssl image that provides exactly that. The set up is trivial.
We are running Rancher in combination with the in-built load balancer HAProxy. For each of our customers, our application is provided as a single container, many on the same physical server instance. Each of the customers' applications can be accessed via different URLs, so the usage of the HAProxy as the routing component part of the load balancer makes sense.
Linking Docker containers can be done in various ways. In my recent attempt of playing with Docker and our GitLab Review Apps setup, I experimented with different methods to figure out what would work best. These are the different options I played around with:
I wasn't really happy with the current approaches of dealing with different Dockerfiles and docker-compose.yaml files for development and production containers. I don't really see the point of managing multiple configuration files, building a few intermediate containers when the only difference between a development image and a production image is that the code is copied into the image during build. Adding files on every build is also not an ideal solution as you could potentially ship an old version of the application when you miss running a docker build after you made your final changes.
Last year GitLab introduced the Review Apps feature. Review Apps are app environments that are created dynamically every time you push a new branch up to GitLab. As a bonus point the app environments are automatically deleted when the branch is deleted. Since we moved to using docker for quite a few of our projects I was keen on figuring out how to combine Docker and the GitLab Review Apps functionality as the documentation only mentions NGINX as a way to run Review Apps. As it turns out, it is rather simple to deploy docker containers as a Review App.
A few months back I was looking for a HTTP reverse proxy and load balancer to put in front of our Docker setup. By accident I came across traefik. I deployed it on one of our internal servers and it worked out-of-the box. Recently we configured a Docker setup for one of our clients and I picked traefik again. Since this setup will host some public instances the customer demanded SSL encryption. Luckily traefik comes with support for Let's Encrypt built in. I added the needed configuration to the traefik configuration file:
Recently I was in the need to create multiple directories at once in my Dockerfile. Using bash as a shell the shell expansion feature comes in handy:
For quite a while I am looking for a private Docker registry server which is easy to set-up and fairly trivial to run in our IT infrastructure, e.g. being able to connect to our central LDAP server for user management. A few months back I realized that the next major version of Nexus will be able to host docker images. Since we already have a nexus instance running this seemed like a natural fit for us. Finally I found some time to play with the current M7 release which already offers the docker registry feature.