A reverse proxy server is a server that is usually located in front of the web server and can provide attachment functions that the web server itself does not have.
For example, a reverse proxy can provide SSL termination, load balancing, requestrouting,caching, compression, and even A/B testing.
When using docker containers to run web services, running a reverse proxy can simplify deployment.
**
Why use reverse proxy for docker?
**
Docker containers are assigned random IPs and ports, which makes locating these containers difficult from a client perspective. By default, these IPs and ports are private and cannot be accessed from the outside unless they are bound to the host.
Binding the container to the host will prevent containers running on the same port. For example, only one docker can be bound to port 80 at a time. Additionally, this complicates the deployment of new versions of containers. Because the new version can only start the service after the old version stops the service.
Reverse proxy can solve the above problems while improving reliability by providing 0 downtime.
**
Generate reverse proxy configuration
Set the reverse proxy when the container starts and stops Configuration is a responsible matter. Typically configurations require manualupdate, which takes a lot of time and is error-prone.
Fortunately, docker provides a remote callAPIthat can easily observe and access the container's IP and port, already configured metadata. In addition, docker also provides a real-timeeventAPI, which can be used to send notifications when the container starts and stops. These APIs can be used to automatically generate reverse proxy configurations.
docker-gen is a small application. It uses docker's API to import the container's metadata into the template. After the template is generated, you can use it to restart the service.
Using docker-gen, you can automatically generate nginx configuration and reload nginx when the configuration changes. The same method can be used for docker log management.
**
nginx reverse proxy for docker
**
The following nginx template example can be used to generate docker containers Reverse proxy configuration. This template uses golang. The groupby templatefunctionis used to group the running container. The grouping is based on the VIRTUAL_HOST environmentvariable. This method simplifies traversing containers to generate a load-balanced backend, and also supports zero-downtime deployment.
{{range
#containers := groupBy“Env.VIRTUAL_HOST” }}upstream {{
{{ range
containers }}{{ with
value.Addresses 0 }}server {{
address.IP }}:{{ $address.Port }};
{{end}}
{{ end }}
}
server {
#ssl_certificate /etc/nginx/certs/demo.pem;
#ssl_certificate_key/etc/nginx/certs/demo.key;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; server_name {{ $host }}; location / { proxy_pass http://{{ $host }}; include /etc/nginx/proxy_params; }
}
{{ end }}
This template is run using the following command:
docker-gen -only-exposed -watch -notify “/etc/init.d/nginx reload” templates/nginx.tmpl /etc/nginx/sites-enabled/default
-only-exposed - 仅使用暴露出端口的容器. -watch - 运行后,观察容器的事件,并重新生成模板. -notify "/etc/init.d/nginx reload" - 重新加载nginx. templates/nginx.tmpl - nginx模板. /etc/nginx/sites-enabled/default - 目标文件.
The following is the configuration Created templates for two containers demo1 and demo2
upstream demo1.localhost {
server 172.17.0.4:5000;
server 172.17.0.3:5000;
}
server {
#ssl_certificate /etc/nginx/certs/demo.pem;
#ssl_certificate_key /etc/nginx/certs/demo.key;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; server_name demo1.localhost; location / { proxy_pass http://demo.localhost; include /etc/nginx/proxy_params; }
}
upstream demo2.localhost {
server 172.17.0.5:5000;
}
server {
#ssl_certificate /etc/nginx/certs/demo.pem;
#ssl_certificate_key /etc/nginx/certs/demo.key;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; server_name demo2.localhost; location / { proxy_pass http://demo2.localhost; include /etc/nginx/proxy_params; }
}
**
Try it
* *
You can try the build I made.https://index.docker.io/u/jwilder/nginx-proxy/
Run the nginx proxy container:
docker run -e VIRTUAL_HOST=foo.bar.com -t …
If you use HTTPS and want to run other containers, you can take a look atgitproject on the hub for more information.
**
Conclusion
**
Generating nginx reverse proxy configuration for docker containers can be done automatically by using the docker API . This approach simplifies deployment and improves availability.
This solution is very convenient for containers running on a single host. Provides configuration dependency service discovery for distributed hosts. You can take a look at what the docker service discovered and find a solution.
translate. See the original text: http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/
A reverse proxy server is a type of server that is usually located in front of the web server. Server, which can provide attachment functions that the web server itself does not have.
For example, a reverse proxy can provide SSL termination, load balancing, request routing, caching, compression, and even A/B testing.
When using docker containers to run web services, running a reverse proxy can simplify deployment.
**
Why use reverse proxy for docker?
**
Docker containers are assigned random IPs and ports, which makes locating these containers difficult from a client perspective. By default, these IPs and ports are private and cannot be accessed from the outside unless they are bound to the host.
Binding the container to the host will prevent containers running on the same port. For example, only one docker can be bound to port 80 at a time. Additionally, this complicates the deployment of new versions of containers. Because the new version can only start the service after the old version stops the service.
Reverse proxy can solve the above problems while improving reliability by providing 0 downtime.
**
Generate reverse proxy configuration
Set the reverse proxy when the container starts and stops Configuration is a responsible matter. Often configurations need to be updated manually, which takes a lot of time and is error-prone.
Fortunately, docker provides a remote call API that can easily observe and access the container's IP and port, with metadata already configured. In addition, docker also provides a real-time event API that can be used to send notifications when the container starts and stops. These APIs can be used to automatically generate reverse proxy configurations.
docker-gen is a small application. It uses docker's API to import the container's metadata into the template. After the template is generated, you can use it to restart the service.
Using docker-gen, you can automatically generate nginx configuration and reload nginx when the configuration changes. The same method can be used for docker log management.
**
nginx reverse proxy for docker
**
The following nginx template example can be used to generate docker containers Reverse proxy configuration. This template uses golang. The groupby template function is used to group running containers. The grouping is based on the VIRTUAL_HOST environment variable. This method simplifies traversing containers to generate a load-balanced backend, and also supports zero-downtime deployment.
{{ range
containers := groupBy“Env.VIRTUAL_HOST” }}
upstream {{
host }} {
{{ range
##value :=containers }}{{ with
value.Addresses 0 }}server {{
}
#ssl_certificate /etc/nginx/certs/demo.pem;
#ssl_certificate_key /etc/nginx/certs/demo.key;gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; server_name {{ $host }}; location / { proxy_pass http://{{ $host }}; include /etc/nginx/proxy_params; }
This template is run using the following command:
docker-gen - only-exposed -watch -notify “/etc/init.d/nginx reload” templates/nginx.tmpl /etc/nginx/sites-enabled/default
-only-exposed - 仅使用暴露出端口的容器. -watch - 运行后,观察容器的事件,并重新生成模板. -notify "/etc/init.d/nginx reload" - 重新加载nginx. templates/nginx.tmpl - nginx模板. /etc/nginx/sites-enabled/default - 目标文件.
The following are configured two containers demo1 and demo2 Template
server 172.17.0.4:5000;
server 172.17.0.3:5000;}
server {
#ssl_certificate /etc/nginx/certs/demo.pem;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; server_name demo1.localhost; location / { proxy_pass http://demo.localhost; include /etc/nginx/proxy_params; }
server 172.17.0.5:5000;
}
server {
#ssl_certificate /etc/nginx/certs/demo.pem;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; server_name demo2.localhost; location / { proxy_pass http://demo2.localhost; include /etc/nginx/proxy_params; }
Try it
* *
You can try the build I made. https://index.docker.io/u/jwilder/nginx-proxy/Run the nginx proxy container:
##docker run -e VIRTUAL_HOST=foo.bar.com -t …
**
Conclusion**Generating nginx reverse proxy configuration for docker containers can be done automatically by using the docker API . This approach simplifies deployment and improves availability.
This solution is very convenient for containers running on a single host. Provides configuration dependency service discovery for distributed hosts. You can take a look at what the docker service discovered and find a solution.The above is the detailed content of Create nginx reverse proxy with Docker. For more information, please follow other related articles on the PHP Chinese website!