Full Circle Magazine FR

Ceci est une ancienne révision du document !

After having set up my intel NUC (see last month’s article for more information), I started using NGINX and Apache to serve my in-progress web projects. However, setting up various virtual hosts, managing it, and a complicated series of dependencies, had me abandon that plan relatively quickly. Instead, I switched to Vagrant for a few projects. Unfortunately, while setting up a Vagrant system is pretty quick, it’s also heavier than it needs to be resource-wise. Instead, I looked into Docker. This month, I’d like to cover what Docker is, and how I’ve set it up to manage my various web projects.

What is Docker?

Docker is a way of creating virtualized containers for running software and services. The main difference between Docker and Vagrant is that Docker shares the base of the virtualization with all containers. So while Vagrant creates a standalone full-fledged VM, Docker instead creates a VM that uses a shared kernel between all VMs, and is based on LXC.

While it’s difficult to explain the difference between Vagrant and Docker in layman’s terms (as much of the differences are in the details), there are some simple things to note. For example, Docker is generally faster to start up, and less resource intensive (as it shares some of the host’s kernel).

It does have to run on a Linux machine, but there are tools offered by Docker to easily set it up on Windows or Mac (using a base virtual machine to supply the linux kernel).

Setup

Docker containers can be assigned to various virtual networks, can expose ports, can run off specific images, and can share folders/files between the host and the guest. My current system is as follows: • Custom network (called “webnet”) • One Docker container running HAProxy, and exposing port 80. Also includes a static IP on webnet. • Multiple docker containers running the nickistre/ubuntu-lamp image, and sharing a host folder with the guest at /var/www/html (default Apache folder). Each has a static IP on the webnet network, but doesn’t expose any ports (as communication is funneled through HAProxy).

I have set up dnsmasq with a catch-all DNS entry for all subdomains of home.lan. These get forwarded to the local machine at port 80 (which is, in turn, passed to the docker HAProxy machine). HAProxy is then used to check which subdomain it is, and (if configured) points it to the correct docker container’s static IP.

To illustrate (pelican is a static site generator): pelican.home.lan points to 192.168.1.16 (local machine) via dnsmasq. Once the request arrives, HAProxy checks the configuration file, and then passes the request through to 172.18.0.4:80 (the docker instance running my pelican site). If HAProxy doesn’t have an entry for the domain, it just ends at 172.18.0.2 (the HAProxy machine).

What first?

First, you’ll need to create the network you want to use.

docker network create –subnet=172.18.0.0/16 webnet

This creates a new network called webnet, with a possible IP range of 172.18.0.0 to 172.168.255.254. I won’t go into the specifics of the format used here. If you want to use a different IP range, just adjust the 172.18 part - it’s unlikely you’ll ever need more than 65534 possible addresses for Docker containers. I chose 172.18 because the default docker IP range (which is dynamically allocated in the default network) is 172.17. That way, I should be able to always tell that the IP corresponds to docker. Do not choose the same IP range as your actual local network (typically 192.168).

The reason why we need the custom network, is simply because the default networks from docker don’t allow assigning static IPs.

How do I go about creating my machines?

The standard docker command will pretty much always be the same.

docker run -d -v {SHARE} –net webnet –ip 172.18.0.X –name {NAME} {IMAGE}

What it does: • ‘docker run’ fires up a container. • -d detaches the created container (otherwise all output from the container is automatically printed to the terminal, and closing the terminal will close the docker instance). • -v {SHARE} - specifies the shared folder, in the format /local/path:/remote/path. For example: -v /home/lswest/web/pelican:/var/www/html • –net webnet - configures which network the container should use. • –ip 172.18.0.X - this is the static IP I’m assigning. I like to keep them in a basic order, in order to make adding HAProxy entries easier. If you chose a different IP range in the step above, adjust accordingly. • –name {name} - this is the name the docker instance will be known as. For example –name pelican. This can be used in the docker start/stop/restart/rm commands, and appears in the listing of docker ps. • {IMAGE} - this is the image to use for the base of the container. I like the nickistre/ubuntu-lamp image, which contains Ubuntu 14.04 and LAMP. There are other images (such as ArchLinux), but since my Digital Ocean servers typically run on Ubuntu, I stuck as close as possible to the real-world environment. The HAProxy image I use is HAProxy:1.5 (official HAProxy image, version 1.5).

In the case of the HAProxy image (which should be created first), the command will look like this:

docker run -d -v ~/docker-config/haproxy/haproxy:/usr/local/etc/haproxy/haproxy.cfg:ro –net webnet –ip 172.18.0.2 -p 80:80 –name proxy haproxy:1.5

Main differences: • -p 80:80 - exposes the guest port 80 to the host port 80 (so visiting 172.18.0.2 in a web browser should spit out the typical 503 error from HAProxy). • -v - in the command above, I just like the actual HAProxy.cfg file into the location for the config for HAProxy. NOTE: editing this file with some text editors (such as vim) will result in HAProxy not accepting the changes. This is due to the inode changing. To fix, just restart the machine with ‘docker restart proxy’. Nano appears to avoid this problem.

Autostarting

If you want the docker containers to always run (after crashing, reboots, or restarts), you can add –restart=always to the run command. This must be done when creating the container - so if you’ve already created one, you’ll need to stop it, remove it (rm), and then recreate it.

Does this work for only port 80?

The settings for the HAProxy container should never need to change (during docker run). However, if you want to point a domain to, for example, a NodeJS application running on 8000, just adjust the IP in the HAProxy configuration (see below). For example, 172.18.0.6:8000.

HAProxy Config

I’ve saved an example of my configuration here: http://pastebin.com/1M5DMkF3

Basically, adding new containers is as simple as copying the acl line (#33), the use_backend line (#36), and the backend block (#39-43). Be sure to keep increasing the index numbers (host_test1 would become host_test2, etc.). And give each backend a unique name (and adjust the IP!).

How do I make a wildcard dnsmasq entry?

You can add a single line to your dnsmasq.conf file (typically found at /etc/dnsmasq.conf). It looks like this:

address=/home.lan/192.168.1.16

Replace the IP with your own, and the home.lan portion with the domain you’d like (minus any subdomains - so instead of www.google.com, it would be google.com). Note, also, that using a real domain here isn’t a good idea, as any requests will be directed to your local machine. So if using google, you’ll never reach the Google homepage again. Hence why I use home.lan.

I hope this article was helpful to anyone wondering about Docker, who has been looking for a better way to host local projects while in development. If you have any questions, or want to share a docker trick of your own, feel free to email me at lswest34+fcm@gmail.com.