self-hosted icon indicating copy to clipboard operation
self-hosted copied to clipboard

Published 20 hours ago verified publisher icon getsentry

Feature Request: Explicitly define a internal network in docker-compose.

Open laundmo opened this issue 4 years ago • 7 comments

Summary

This is a request to explicitly define docker networks in the docker-compose.

Motivation

For the purposes of adding sentry onpremise to existing networks, some containers might need to be added to a external network. This will prevent that container from accessing the default network created by docker-compose. To prevent this from happening, all containers need to be explicitly added to a network that they share with all other containers they need access to.

This is important for cases where users may want to reverse-proxy sentry themselves, especially using something like traefik.

related to #698

laundmo avatar Dec 11 '20 00:12 laundmo

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Accepted, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

github-actions[bot] avatar Jan 04 '21 21:01 github-actions[bot]

@chadwhitacre the bot seems to think this issue isn't accepted.

laundmo avatar Feb 22 '21 18:02 laundmo

Sorry @laundmo, bot went haywire due to error on my part. 😖 Should be back on track now ...

chadwhitacre avatar Feb 22 '21 20:02 chadwhitacre

I wish local network was defined explicitly and available out of the box. Current quick workaround/hack is adding local network to restart policy block:

x-restart-policy: &restart_policy
  restart: unless-stopped
  networks:
    - local

And defining external and local networks in the end of the file:

...

networks:
  local:
  nginx-proxy:
    external: true

Now for nginx service you can add both network and all the rest services will still communicate over local network:

...
  nginx:
    <<: *restart_policy
...
    networks:
      - nginx-proxy
      - local

darklow avatar May 12 '21 07:05 darklow

@darklow would you be interested in submitting a PR to get this right?

BYK avatar Jun 03 '21 07:06 BYK

i don't believe that "external: true" is the correct solution as it means that the network was created ahead of time outside of compose and if wasn't compose will fail. - https://docs.docker.com/compose/networking/#use-a-pre-existing-network

for a network to be "internal" aka no route outside you can set internal: true

for a network to route outside it should be of type bridge

kibble1 avatar Aug 27 '21 22:08 kibble1

@kibble1 i believe the person is running a single nginx instance for all their compose files, which reverse proxies the traffic through that single external network to which all compose files connect. this is a common setup but ultimately not of any relevance to this issue/feature request

laundmo avatar Aug 27 '21 23:08 laundmo