0

Following this question, I edited my gateway container to use the host network mode:

services:
  gateway:
  ...
  network_mode: "host"

and then the docker compose up -d gives me this:

Error response from daemon: failed to add interface veth701c890 to sandbox: error setting interface "veth701c890" IP to 172.26.0.11/16: cannot program address 172.26.0.11/16 in sandbox interface because it conflicts with existing route {Ifindex: 4 Dst: 172.26.0.0/16 Src: 172.26.0.1 Gw: Flags: [] Table: 254

I restarted the docker and even the server. No luck.

The docker-compose.yml looks like this (only the gateway container has published ports):

version: '3.4'

services:
  gateway:
    image: <ms-yarp>
    environment:
      - ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./tls/:/tls/
    networks:
      - mynet
    restart: on-failure

  orders:
    image: <registry>/orders
    environment:
      - ASPNETCORE_URLS=http://+:80
    networks:
      - mynet
    restart: on-failure

  users:
    image: <registry>/users
    environment:
      - ASPNETCORE_URLS=http://+:80
    networks:
      - mynet
    restart: on-failure

  smssender:
    image: <registry>/smssender
    environment:
      - ASPNETCORE_URLS=http://+:80
    networks:
      - mynet
    restart: on-failure

  logger:
    image: <registry>/logger
    environment:
      - ASPNETCORE_URLS=http://+:80
    networks:
      - mynet
    restart: on-failure

  notifications:
    image: <registry>/notifications
    environment:
      - ASPNETCORE_URLS=http://+:80
    networks:
      - mynet
    restart: on-failure

  cacheserver:
    image: <registry>/redis
    networks:
      - mynet
    restart: on-failure

  ...

networks:
  mynet:
Parsa99
  • 307
  • 1
  • 13
  • Host networking is almost never necessary. I see where the related question recommends it, but you can't use it in combination with any other Docker networking features. – David Maze Nov 28 '22 at 11:46
  • Yes, everything I try, I get a new error. Do you have any solution for the original problem? (getting the public IP address) – Parsa99 Nov 28 '22 at 11:51
  • Do you have a more complete excerpt of the `docker-compose.yml` file? – David Maze Nov 28 '22 at 11:56
  • @Parsa99 you will need to drop `networks: mynetwork` from "gateway" container and use `network_mode: host` instead so it can use the network of the host. After that you need to forward ports of the other containers to the host that you want to reach from the "gateway" container. – zsolt Nov 29 '22 at 08:25
  • @DavidMaze Yes, almost, but OP use case falls into the "sometimes you need" category. OP could also do [macvlan](https://docs.docker.com/network/macvlan/) but it is more complicated. If I was him I would just use kubernetes the de facto container orchestrator or even use ansible to deploy it to a bare metal or vm environment and use docker/docker compose only to develop the stuff but he specifically wants to solve this with compose. – zsolt Nov 29 '22 at 08:50
  • @zsolt | Could you please provide an answer with example configurations, other containers should not be accessible from public internet. – Parsa99 Nov 29 '22 at 09:40

2 Answers2

1

You can't combine host networking with any other Docker networking option. At least some versions of Compose have given warnings if you combine network_mode: host with other networks: or ports: options.

The other thing host networking means in this particular setup is that the one container that's using it is "outside Docker" for purposes of connecting to other containers. It works exactly the same way a non-container process would. That means the other containers need to publish ports: to be reachable from the gateway, and in turn the gateway configuration needs to use localhost and the published port numbers to reach the other containers.

version: '3.8'
services:
  gateway:
    image: <ms-yarp>
    network_mode: host
  orders:
    image: <registry>/orders
    ports:
      - '8001:80'
    networks:
      - mynet

{
  "ReverseProxy": {
    "Clusters": {
      "cluster": {
        "Destinations": {
          "orders": {
            "Address": "http://localhost:8001"
          }
        }
      }
    }
  }
}
David Maze
  • 130,717
  • 29
  • 175
  • 215
1

Something like this: (doesn't work with Docker Desktop on windows WSL2, at least I couldn't even run the nginx example that is here in the docs)

version: '3.4'

services:
  gateway:
    image: <ms-yarp>
    environment:
      - ASPNETCORE_URLS=https://+:443;http://+:80
    network_mode: host
    volumes:
      - ./tls/:/tls/
    restart: on-failure

  orders:
    image: <registry>/orders
    environment:
      - ASPNETCORE_URLS=http://+:80
    ports:
      - 8080:80  
    networks:
      - mynet      
    restart: on-failure

  users:
    image: <registry>/users
    environment:
      - ASPNETCORE_URLS=http://+:80
    ports:
      - 8081:80            
    networks:
      - mynet      
    restart: on-failure

  smssender:
    image: <registry>/smssender
    environment:
      - ASPNETCORE_URLS=http://+:80
    ports:
      - 8082:80                  
    networks:
      - mynet      
    restart: on-failure

  logger:
    image: <registry>/logger
    environment:
      - ASPNETCORE_URLS=http://+:80
    ports:
      - 8082:80                  
    networks:
      - mynet      
    restart: on-failure

  notifications:
    image: <registry>/notifications
    environment:
      - ASPNETCORE_URLS=http://+:80
    ports:
      - 8083:80                  
    networks:
      - mynet      
    restart: on-failure

  cacheserver:
    image: <registry>/redis
    restart: on-failure
    networks:
      - mynet

Also in your gateway service configuration you will need to change the

http://orders:80 to http://localhost:8080

http://users:80 to http://localhost:8081 and so on

Also restrict ports on the docker host of 8080 to 8083 to be accessible only from localhost and not from the internet.

You could even put all the containers (except the gateway) to a different docker host that is accessible only from the docker host where the gateway container is running and change the config in gateway from http://orders:80 to http://otherdockerhost:80 and so on.

But for this docker compose will not be viable you will need to "manually" create the containers with docker run commands (or have 2 separate compose project one for the gateway and one for the rest of the services) so this is where more serious container orchestration tools are required like kubernetes (you could try docker swarm or nomad or any other container orchestrator, but these are not so popular so if you are new to both kubernetes and docker swarm or all the other you are better off with starting with kubernetes, you will reap the benefits in the long run for both this project and your personal carrier too)

zsolt
  • 1,233
  • 8
  • 18