Reverse Proxy for Docker Swarm with Dynamic Ports

Question

I have the following set up:

• Docker swarm with 1 master and 2 workers.
• Portainer service that manages the swarm.
• A web app that is using nginx that runs on the master machine.

I want to use nginx to reverse proxy the rest of the swarm services for ssl termination.

I have success when using the reverse proxy on the portainer and webapp homepage ports.

However my user can launch a 'session' which will be running on a random port within a (large) range and will be accessible from port x on the master node.

When I use a location statement on one of these ports, lets say we do something like the following in the nginx config (in the correct place in the config), it does not work:

location /x {
    proxy_pass http://127.0.0.1:x;
    proxy_redirect off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Why is this the case?

Answer 1

I think there's a better way to solve this. Use Traefik reverse proxy (or similar) as a Swarm service and use service labels to define which ports should be routed to specific services. That way the specific list of container ports you need to publish will dynamically be routed to it via traefik. Traefik can speak to the Docker/Swarm API and will update its proxy rules based on what's happening in Swarm in real time. See my example and video at https://github.com/BretFisher/dogvscat