Menu
I am run a docker windows container on windows 10 anniversary edition and am looking to setup IIS as a reverse proxy to the container. Per https://blogs.technet.microsoft.com/virtualization/2016/05/25/windows-nat-winnat-capabilities-and-limitations/ it seems to suggest that it is an impossibility as it is impossible to reference the internal NAT range using local host. Which leaves a dynamically assigned IP address which can only be discover by running a docker inspect command after running the image. I am hoping there is a more efficient way that I am overlooking.
352
Configure the Docker client docker/config. json in the home directory of the user that starts containers. Add JSON similar to the following example. Substitute the type of proxy with httpsProxy or ftpProxy if necessary, and substitute the address and port of the proxy server.
In order to get the reverse proxy to actually work, we need to reload the nginx service inside the container. From the host, run docker exec <container-name> nginx -t . This will run a syntax checker against your configuration files. This should output that the syntax is ok.
We also used a fixed ip address on our containers but we used another container with nginx to do the reverse proxy. The idea is that on our Container Host (Windows Server 2016) we only install Docker and nothing else. All configuration is done in the containers. This way we can easily migrate to another host.
This is the Dockerfile for the nginx proxy
FROM microsoft/windowsservercore
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
ARG NgInxVersion="1.13.5"
ENV NgInxZipUrl="http://nginx.org/download/nginx-${NgInxVersion}.zip"
RUN Invoke-WebRequest -Uri $env:NgInxZipUrl -UseBasicParsing -Outfile c:\\nginx.zip
RUN Expand-Archive -Path c:\\nginx.zip -DestinationPath c:\\nginx
WORKDIR "c:\\nginx\\nginx-${NgInxVersion}"
COPY ./nginx.conf conf\\nginx.conf
ENTRYPOINT powershell .\\nginx.exe
Notice that the nginx.conf is copied to the nginx configuration folder. It contains the reverse proxy settings. Extract from http node for one of our sites:
server {
listen 80;
server_name somesite.mydomain.com;
location / {
proxy_pass http://172.22.108.6/;
}
}
The nginx container should be run with -p 80:80
When we add new containers we run a powershell script that updates the nginx.conf and reloads nginx. (this will be rare)
Example:
80 is exposed to nginx container, request goes there172.22.108.6
172.22.108.6
176
We solved this problem by assigning an IP address on the default subnet to each Windows container and exporting port 80 out of the container. This gave us a stable address to put into an ARR Reverse proxy rule. For example the following creates a container at the address 172.20.118.129 and then verifies the container is running at the requested address.
PS C:\WINDOWS\system32> docker run -d --name myservice --ip=172.20.118.129 microsoft/iis:nanoserver
7d20d8a131805727868ddf85f7c1f455fa2489bb2607b250e694a9e530a61302
PS C:\WINDOWS\system32> docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" myservice
172.20.118.129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With