4cat
4cat copied to clipboard
digitalmethodsinitiative
Added an example yaml to make it work with docker swarm and reverse proxy traefik with ssl
Yaml for a docker swarm simple deployment, It is still can be corrected and added a few things, but I am sending the pull request for evaluation.
I haven't used traefik previously, but it looks interesting. I'll try to run a test of this and get a feel for it.
Was there any reason to separate the configs between the front and backends beyond exposing the API port? You should be able to set PUBLIC_API_PORT=127.0.0.1:4444 and that port will only be exposed to the Docker network. docker/docker_setup.py actually changes api_host to 4cat_backend automatically.
We've simplified config.ini from the original setup so there may be no issue at all with them being separate, but I want to think about it a bit. If I recall correctly, it was so that docker_setup.py could run in the backend and update config.ini values that are also read by the frontend, but we've pushed virtually any setting we could to the database in recent updates. I'm not super sure how docker_setup.py will work with this since the database connection is hard-coded to match the docker-compose.yml. Though it only should modify that on the first run so if you modify it afterwards it ought to not change it again.
I am not sure how the config.ini is working and affecting backend and frontend. However I could only make it work separating the configs. I think the problematic setting is api_host.
In my setup the backend container has it hardcoded to 0.0.0.0, as I understand the backend uses this setting to expose the port. But the frontend has it hardcoded to 4cat_backend to search for the backend in the network.
As I understand if I put api_host = 127.0.0.1 in both containers, the backend should only be accesible from its own container and not from other containers, as 127.0.0.1 != 0.0.0.0 and the frontend would search for the backend either inside the frontend container (127.0.0.1, the docker frontend container) or the docker host ( maybe interpreting 127.0.0.1 as the docker host) , but not the backend container. So If I use the same setting, the frontend cannot reach the backend. Correct me if I am wrong.
Traefik has been for me super stable, and an easy way to connect the docker containers to the outside world. Very good piece of sotware. It should work even work in a simple docker compose setup, and gives ssl termination to 4cat.
I can say however that on a simple docker compose setup it works just like that. Maybe because there is an open port in the docker host, the 4444 port. I don't want to open this port to the public. I think it should not be open, and also I have some other machines in the cluster, so for me is a security setting. But I tried in my laptop with just compose and it worked, however in swarm I could not make it work without separating the config files.
I have changed the .yml file of the docker swarm file to address https://github.com/digitalmethodsinitiative/4cat/issues/279. However the issue of the separated config remains, let me see how I can address it. Also let me see if I have a chance of create a version of the docker compose with a database.
In the last commit I have removed the need of 2 separate config files and its corresponding volumes. Now there is just 1 config file.
Hello @hydrosIII, sorry for not getting back to you sooner. We've decided to not maintain this setup, but will direct anyone interested to your fork. Unfortunately, we are not able to test it and do not want to be in the position of having to troubleshoot any issues that may arise from using it.
Best,
Dale