1

I am trying to expose eventstore docker container, to the internet, using reverse proxy. I'm docker-flow proxy and DFPLE for https for letsencrypt. All of this runs in docker swarm mode (new swarm).

I would like to have eventstore to be accessible via https://example.com/eventstore.

Here is my stack file:

version: "3.6"

services:

  eventstore:
    image: eventstore/eventstore:release-4.1.1-hotfix1
    deploy:
    environment: 
      - EVENTSTORE_RUN_PROJECTIONS=All
      - EVENTSTORE_START_STANDARD_PROJECTIONS=True
    networks:
      - proxy
    labels:
      - com.df.httpsOnly=true
      - com.df.notify=true
      - com.df.serviceDomain=example.com
      - com.df.servicePath=/eventstore
      - com.df.reqPathSearchReplace=/eventstore,/
      - com.df.port=2113
      - comd.df.srcPort=443

For completeness, here is the proxy stack:

version: "3.6"

services:

  proxy:
    image: dockerflow/docker-flow-proxy:18.08.18-81-linux-amd64
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    environment:
      - LISTENER_ADDRESS=swarm-listener
      - MODE=swarm
      - SERVICE_NAME=proxy_proxy
    deploy:
      replicas: 2

  swarm-listener:
    image: dockerflow/docker-flow-swarm-listener:18.08.01-31-linux-amd64
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DF_NOTIFY_CREATE_SERVICE_URL=http://proxy-le:8080/v1/docker-flow-proxy-letsencrypt/reconfigure
      - DF_NOTIFY_REMOVE_SERVICE_URL=http://proxy:8080/v1/docker-flow-proxy/remove
    deploy:
      placement:
        constraints: [node.role == manager]

  proxy-le:
    image: drozzy/docker-flow-proxy-letsencrypt:0.8
    networks:
      - proxy
    environment:
      - DF_PROXY_SERVICE_NAME=proxy_proxy
    volumes:
      # link docker socket to activate secrets support.
      - /var/run/docker.sock:/var/run/docker.sock
      # create a dedicated volume for letsencrypt folder.
      # MANDATORY to keep persistent certificates on DFPLE.
      # Without this volume, certificates will be regenerated every time DFPLE is recreated.
      # OPTIONALY you will be able to link this volume to another service that also needs certificates (gitlab/gitlab-ce for example)
      - le-certs:/etc/letsencrypt
    deploy:
      replicas: 1
      labels:
        - com.df.notify=true
        - com.df.distribute=true
        - com.df.servicePath=/.well-known/acme-challenge
        - com.df.port=8080

networks:
  proxy:
    external: true

volumes:
  le-certs:
mat-mcloughlin
  • 6,492
  • 12
  • 45
  • 62
Andriy Drozdyuk
  • 58,435
  • 50
  • 171
  • 272
  • I tried and the only way I managed to get something working is by using different internal and external ports. I spent allot of time trying to set it up, then eventually we decided to move away from docker so now its just on a VM and we can access the default ports (with IP filtering policies applied for security) – Piotr Kula Sep 05 '18 at 14:47

0 Answers0