The DevOps 2.1 Toolkit:Docker Swarm
上QQ阅读APP看书,第一时间看更新

Running a service through a reverse proxy

We want the go-demo service to be able to communicate freely with the go-demo-db service and to be accessible only through the reverse proxy. We already know how to accomplish the first part. All we have to do is make sure that both services belong to the same network go-demo.

How can we accomplish the integration with a reverse proxy?

We can start by creating a new network and attach it to all services that should be accessible through a reverse proxy:

docker network create --driver overlay proxy

Let's list the currently running overlay networks:

docker network ls -f "driver=overlay"

The output is as follows:

NETWORK ID   NAME    DRIVER  SCOPE
b17kzasd3gzu go-demo overlay swarm
0d7ssryojcyg ingress overlay swarm
9e4o7abyts0v proxy overlay swarm

We have the go-demo and proxy networks we created earlier. The third one is called ingress. It is set up by default and has a special purpose that we'll explore later.

Now we are ready to run the go-demo service. We want it to be able to communicate with the go-demo-db service so it must be attached to the go-demo network. We also want it to be accessible to a proxy (we'll create it soon) so we'll attach it to the proxy network as well.

The command that creates the go-demo service is as follows:

docker service create --name go-demo \
-e DB=go-demo-db \
--network go-demo \
--network proxy \
vfarcic/go-demo:1.0

It is very similar to the command we executed in the previous chapter with the addition of the --network proxy argument:

Figure 3-3: Docker Swarm cluster with three nodes, two networks and a few containers

Now both services are running somewhere inside the cluster and can communicate with each other through the go-demo network. Let's bring the proxy into the mix. We'll use the Docker Flow Proxy (https://github.com/vfarcic/docker-flow-proxy) project that is a combination of HAProxy (http://www.haproxy.org/) and a few additional features that make it more dynamic. The principles we'll explore are the same no matter which one will be your choice.

Please note that, at this moment, none of the services are accessible to anyone except those attached to the same network.