Skip to content

Command Center on Docker#

It will always do better and be more secure to develop and test with a more production like environment, without most of the shortcomings any other setup will give. Docker and Docker Networks can mimic a closed environment that can equal a production environment, and also provides tools like Advanced image analysis - by Docker Scout.

Volumes & Network#

For a full configuration combined with IIS (Reverse-proxy and Benefitmanager) behind Traefik. Have a look at Tasper/benefits/container-base/README

To enable communication between Docker containers and the Host possible, we use the hostname host.docker.internal from inside the docker containers. But this is also possible from the Host, for this we have to tik a checkbox in the configuration of DockerDesktop.
host.docker.internal - checked

Shared Network#

We need to create a shared proxy network to communicate with the other containers that we connect to this network. Open a terminal or command prompt and run the command: docker network create proxy - this will create a bridged network to connect our containers, and make them resolve by name within docker.

In the docker-compose.yml this network is defined as external 

networks:
  proxy:
    external: true

Certificate Volume#

docker volume create traefikme-certs this will create a volume we can use to share TLS certificates between our containers.

The external volume is defined in the volumes section of the docker-compose.yml

volumes:
  certs:
    external: true
    name: traefikme-certs

Environment Variables#

It is possible to use environment variables in the application, this helps when running docker containers and using docker compose. To use these variables in the compose-files, we add them to the services as a file reference. 

services:
  my-app:
    env_file:
      - .env-my-app

these .env files are ignored by git to prevent accidentally oversharing. A template for these files can be included as .env.template, .env-my-app.template for reference.
To use the a template simply copy and edit the content in the without the extension .template.

docker compose will by default always use .env as default for all environment variables

Traefik (me)#

When running the application in docker, with docker compose, we use Traefik and the domain *.traefik.me this will always resolve to 127.0.0.1 (localhost).
Failed to resolve, in some cases this may run in to a DNS provider issue, where the DNS will not resolve. To get around this issue, we can use a custom DNS in Chrome, Edge, etc..

Basics on DNS resolution flow. 

sequenceDiagram
  participant H as Host
  participant D as DER
  participant F as Firewall
  participant R as Resolver
  participant RH as Remote host
  H->>R: DNS Query (*.traefik.me)
  R->>D: DNS Answer (127.0.0.1)
  D->>F: Open FW
  D->>H: DNS Answer (127.0.0.1)
  H-->>RH: Traffic
  RH-->>H: Traffic
  D->>F: (TTL Expired) Close FW
In case of traefik.me the Host and Remote Host are the same, they are both 127.0.0.1

Now for always testing and using valid TLS connections we can't use regular localhost and ports, because this will require invalid Self-signed certificates. Self-signed certificates when combined with self-signed Root (and Intermediate) Certificates that are stored in the Trusted certificate store, do provide a layman's alternative. Read more about traefik.me.

Using goldenspiral.nl#

There is currently a zip-file docker-acme-volume.zip that you can find in Teams - "Team Benefits Development (internal)" select files and "General / CommandCenter"