Considering URL redirections: How to use GUIs of web applications running in different containers within the same docker network on a remote server?

青春壹個敷衍的年華 提交于 2021-02-10 12:44:55

问题


I have the feeling that I am overlooking something obvious as my solutions/ideas so far seem too cumbersome. I have searched intensively for a good solution, but so far without success - probably because I do not know what to look for.

Question: How do you interact with the graphical interfaces of web servers running in different containers (within the same Docker Network) on a remote server, given URL redirections between these containers?

Initial situation: I have two containers (a Flask web application and a Tomcat server with OpenAM running on it) running on my docker host (Azure-VM).

  • On the VM I can output the content of both containers via the ports that I have opened.
  • Using ssh port forwarding I can interact with the graphical components of both containers on my local machine.
  • Both containers were created with the same docker-compose and can be accessed via their domain name without additional network settings.

So far I have configured OpenAM on my local machine using ssh port forwarding.

Problem: The Flask web app references OpenAM by its domain name defined in docker-compose and vice versa. I forward to my local machine the port of the Flask container. The Flask application is running and I can interact with it in my browser. The system fails as soon as I am redirected from Flask to OpenAM on my local machine because the reference to the OpenAM container used by Flask is specific to the Docker network. Also, the port of the OpenAM Container is different. In other words, the routing between the two networks is nonexistent.

Solutions Ideas:

  • Execute the requests on the VM using command-line tools.
  • Use a container with a headless browser that automatically executes the requests.
  • Use Network Setting 'Host' and execute the headless browser on the VM instead.
  • Route all requests through a single container (similar to a VPN) and use ssh port forwarding.

Simplified docker-compose:

version: "3.4"
services:
  openam:
    image: openidentityplatform/openam
    ports:
     - 5001:8080
    command: /usr/local/tomcat/bin/catalina.sh run
  flask:
    build: ./SimpleHTTPServer
    ports:
     - 5002:8000
    command: python -m http.server 8000

回答1:


Route all requests through a single container - This is the correct approach.

See API gateway pattern




回答2:


The best solution that I could find so far. It does not serve for production. However, for prototyping or if simply trying to emulate a server structure by using containers it is an easy setup.

General Idea: Deploy a third VNC container running a Webbrowser and forward the port of this third container to your local machine. As the third container is part of the docker network it can naturally resolve the internal domain names and the VNC installation on your local machine enables you to interact with the GUIs.

Approach

  1. Add the VNC to the docker-compose of the original question.
  2. Enable X11 forwarding on the server and client-side.
  3. Forward the port of the VNC container using ssh.
  4. Install VNC on the client, start a new session, and enter the predefined password.
  5. Try it out.

Step by Step

  1. Add the VNC container (inspired by creack's post on stackoverflow) to the docker-compose file from the original question:
version: "3.4"
services:
  openam:
    image: openidentityplatform/openam
    ports:
     - 5001:8080
    command: /usr/local/tomcat/bin/catalina.sh run
  flask:
    build: ./SimpleHTTPServer
    ports:
     - 5002:8000
    command: python -m http.server 8000
  firefoxVnc:
    container_name: firefoxVnc
    image: creack/firefox-vnc
    ports:
     - 5900:5900
    environment:
     - HOME=/
    command: x11vnc -forever -usepw -create
  • Run the docker-compose: docker-compose up
  1. Enable X11 forwarding on the server and client-side.
  • On client side $ vim ~/.ssh/config and add the following lines:
Host * 
ForwardAgent yes 
ForwardX11 yes
  • On server-side run $ vim /etc/ssh/sshd_config and edit the following lines:
X11Forwarding yes 
X11DisplayOffset 10
  1. Forward the port of the VNC container using ssh
ssh -v -X -L 5900:localhost:5900 gw.example.com
  • Make sure to include the -X flag for X11. The -v flag is just for debugging.
  1. Install VNC on the client, start a new session and enter the predefined password.
  • Install VNC viewer on your local machine
  • Open the installed viewer and start a new session using the forwarded address localhost:59000
  • When prompted type in the password 1234 which was set in the original Dockerfile of the VNC dicker image (see creack's post linked above).
  1. You can now either go to openam:8080/openam/ or apache:80 within the browser of the VNC localhost:5900 session.



回答3:


An even better solution that is clean, straightforward, and also works perfectly when running parts of the application on different virtual machines.

Setup and Use an SSH SOCKS Tunnel

For Google Chrome and macOS:

  • Set your network settings to host within the Dockerfile or docker-compose.
  • Start an SSH tunnel:
$ ssh -N -D 9090 [USER]@[SERVER_IP]
  • Add the SwitchyOmega proxy addon to your Chrome browser.
  • Configure SwitchyOmega by going to New Profile > Proxy Profile, clicking create, entering the same server IP as for the ssh command and the port 9090.
  • Open a new terminal tap and run:
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="socks5://localhost:9090"
  • A new Crome session will open up in which you can simply browse your docker applications.

Reference | When running Linux or Windows | Using Firefox (no addon needed)

The guide How to Set up SSH SOCKS Tunnel for Private Browsing explains how to set up an SSH SOCKS Tunnel running Mac, Windows, or Linux and using Google Chrome or Firefox. I simply referenced the setup for macOS and Crome in case the link should die.



来源:https://stackoverflow.com/questions/65220126/considering-url-redirections-how-to-use-guis-of-web-applications-running-in-dif

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!