问题
I have the feeling that I am overlooking something obvious as my solutions/ideas so far seem too cumbersome. I have searched intensively for a good solution, but so far without success - probably because I do not know what to look for.
Question: How do you interact with the graphical interfaces of web servers running in different containers (within the same Docker Network) on a remote server, given URL redirections between these containers?
Initial situation: I have two containers (a Flask web application and a Tomcat server with OpenAM running on it) running on my docker host (Azure-VM).
- On the VM I can output the content of both containers via the ports that I have opened.
- Using ssh port forwarding I can interact with the graphical components of both containers on my local machine.
- Both containers were created with the same docker-compose and can be accessed via their domain name without additional network settings.
So far I have configured OpenAM on my local machine using ssh port forwarding.
Problem: The Flask web app references OpenAM by its domain name defined in docker-compose and vice versa. I forward to my local machine the port of the Flask container. The Flask application is running and I can interact with it in my browser. The system fails as soon as I am redirected from Flask to OpenAM on my local machine because the reference to the OpenAM container used by Flask is specific to the Docker network. Also, the port of the OpenAM Container is different. In other words, the routing between the two networks is nonexistent.
Solutions Ideas:
- Execute the requests on the VM using command-line tools.
- Use a container with a headless browser that automatically executes the requests.
- Use Network Setting 'Host' and execute the headless browser on the VM instead.
- Route all requests through a single container (similar to a VPN) and use ssh port forwarding.
Simplified docker-compose:
version: "3.4"
services:
openam:
image: openidentityplatform/openam
ports:
- 5001:8080
command: /usr/local/tomcat/bin/catalina.sh run
flask:
build: ./SimpleHTTPServer
ports:
- 5002:8000
command: python -m http.server 8000
回答1:
Route all requests through a single container
- This is the correct approach.
See API gateway pattern
回答2:
The best solution that I could find so far. It does not serve for production. However, for prototyping or if simply trying to emulate a server structure by using containers it is an easy setup.
General Idea: Deploy a third VNC container running a Webbrowser and forward the port of this third container to your local machine. As the third container is part of the docker network it can naturally resolve the internal domain names and the VNC installation on your local machine enables you to interact with the GUIs.
Approach
- Add the VNC to the docker-compose of the original question.
- Enable X11 forwarding on the server and client-side.
- Forward the port of the VNC container using ssh.
- Install VNC on the client, start a new session, and enter the predefined password.
- Try it out.
Step by Step
- Add the VNC container (inspired by creack's post on stackoverflow) to the docker-compose file from the original question:
version: "3.4"
services:
openam:
image: openidentityplatform/openam
ports:
- 5001:8080
command: /usr/local/tomcat/bin/catalina.sh run
flask:
build: ./SimpleHTTPServer
ports:
- 5002:8000
command: python -m http.server 8000
firefoxVnc:
container_name: firefoxVnc
image: creack/firefox-vnc
ports:
- 5900:5900
environment:
- HOME=/
command: x11vnc -forever -usepw -create
- Run the docker-compose:
docker-compose up
- Enable X11 forwarding on the server and client-side.
- On client side
$ vim ~/.ssh/config
and add the following lines:
Host *
ForwardAgent yes
ForwardX11 yes
- On server-side run
$ vim /etc/ssh/sshd_config
and edit the following lines:
X11Forwarding yes
X11DisplayOffset 10
- Forward the port of the VNC container using ssh
ssh -v -X -L 5900:localhost:5900 gw.example.com
- Make sure to include the -X flag for X11. The -v flag is just for debugging.
- Install VNC on the client, start a new session and enter the predefined password.
- Install VNC viewer on your local machine
- Open the installed viewer and start a new session using the forwarded address localhost:59000
- When prompted type in the password
1234
which was set in the original Dockerfile of the VNC dicker image (see creack's post linked above).
- You can now either go to
openam:8080/openam/
orapache:80
within the browser of the VNClocalhost:5900
session.
回答3:
An even better solution that is clean, straightforward, and also works perfectly when running parts of the application on different virtual machines.
Setup and Use an SSH SOCKS Tunnel
For Google Chrome and macOS:
- Set your network settings to host within the Dockerfile or docker-compose.
- Start an SSH tunnel:
$ ssh -N -D 9090 [USER]@[SERVER_IP]
- Add the SwitchyOmega proxy addon to your Chrome browser.
- Configure SwitchyOmega by going to
New Profile > Proxy Profile
, clickingcreate
, entering the same server IP as for the ssh command and the port9090
. - Open a new terminal tap and run:
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
--user-data-dir="$HOME/proxy-profile" \
--proxy-server="socks5://localhost:9090"
- A new Crome session will open up in which you can simply browse your docker applications.
Reference | When running Linux or Windows | Using Firefox (no addon needed)
The guide How to Set up SSH SOCKS Tunnel for Private Browsing explains how to set up an SSH SOCKS Tunnel running Mac, Windows, or Linux and using Google Chrome or Firefox. I simply referenced the setup for macOS and Crome in case the link should die.
来源:https://stackoverflow.com/questions/65220126/considering-url-redirections-how-to-use-guis-of-web-applications-running-in-dif