http://coldfusion.com logo
#docker
Title
# docker
c

cfsimplicity

02/23/2022, 5:08 PM
Does anyone have experience with Rancher/containerd/nerdctl as a docker alternative? I'm a complete docker noob but had got a little nginx+commandbox/lucee test swarm working nicely via compose on Docker Desktop. Having switched to Rancher Desktop the swarm comes up ok, but nginx can't seem to resolve the commandbox/lucee proxy hostname internally:
failed (111: Connection refused) while resolving, resolver: 127.0.0.11:53
and then
app1 could not be resolved (110: Operation timed out)
I tried changing the resolver in the nginx conf and various other suggestions on SO but to no avail.
s

sknowlton

02/23/2022, 5:15 PM
Not aware of anybody who has tried the alternatives besides k8s. I know with compose and docker stacks you have to make sure all the containers are on the same Docker network - like see if you can log in to the NGINX container and what's visible from there via ping or curl. Haven't ever tried Rancher tho 😞
c

cfsimplicity

02/23/2022, 5:35 PM
Thanks Samuel. The containers are all on the same custom network, and as I say all talk to each other fine on Docker Desktop Hadn't thought of trying curl from inside but that also results in "app1 couldn't be resolved". The /etc/hosts file seems to have an entry
10.4.1.34          app1 app1.docker_internal app1 app1.docker_internal
which has apparently been written by nerdctl and ought to work.
s

sknowlton

02/23/2022, 5:40 PM
I know we specified a
resolver
line in our local nginx config when we run nginx in docker for development
So it would use the Docker DNS resolver
Copy code
server {
    ################### SERVER NAME AND PORT #####################
    server_name <http://inleague.localtest.me|inleague.localtest.me> <http://testinleague.localtest.me|testinleague.localtest.me> *.<http://ngrok.io|ngrok.io>;
	listen  80;
    listen 443 ssl http2;
    index index.cfm index.cfml index.htm index.html;
    resolver 127.0.0.11 valid=30s; # docker DNS daemon
    set $cfml_host inleague-cfml;   # this causes nginx to be OK if the host isn't up
(then the cfml proxy stuff)
c

cfsimplicity

02/23/2022, 5:44 PM
Yes, I've been using the templates in your superb cfswarm tutorial - incredibly helpful. And they work great in Docker. I've tried replacing that resolver with the IP in the container's /etc/resolv.conf but it doesn't make any difference.
s

sknowlton

02/23/2022, 5:49 PM
Next thing I'd check would be if you can even hit the IP of the containers from the NGINX container. If you can, and it's just not resolving the docker dns name, then you know it's something to do with the DNS resolution within Docker
If you can't, it's some other networking issue
c

cfsimplicity

02/23/2022, 5:52 PM
curl with the IP seems to work ok. So it's definitely DNS as you say.
Actually trying it again, curl inside the container does work with the hostname, so resolution from the hosts file is fine and it must be something to do with nginx.
Found out that name resolution inside an nginx
proxy_pass
directive won't use the hosts file for some reason, so you need a resolver which has the record, which in dockerd is always 127.0.0.11, but which isn't available in Rancher/containerd. Found a workaround which is to set up the proxied hostname using an
upstream
definition, which does access the hosts file.