Hello,
I am trying to make working two collabora load balancing on a stack with docker and traefik.
I could have two containers collabora running but not with the consistent hashing, so in Nextcloud users can sometimes open a file not on the same container.
I am not sure if the two containers must have different host name ? or different entries ?
For now, with the same Hostname and similar entires, they works, but how add a rule to keep consistent hashing ?
My containers are on the same service name-env_code@docker http for traefik with load balancing on URL http://172.18.0.18:9980 and http://172.18.0.17:9980.
Someone can help me to identify how resolve this ? Perhaps I am completely on a wrong way to do it…
Here is my docker-compose.yml
version: '2.4'
services:
nextcloud:
image: path/nc_full:25.0.4-apache
# container_name: nextcloud
# cpu_count: 10
# mem_limit: 10g
# mem_reservation: 2g
# links:
# - pgsql:pgsql
restart: always
volumes:
- ${VOLUMES_PATH}/${NAME_SERVICE}-${NAME_ENV}_html:/var/www/html
- ${VOLUMES_PATH}/${NAME_SERVICE}-${NAME_ENV}_data:/var/www/data
depends_on:
- redis
- pgsql
labels:
- traefik.enable=true
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.entrypoints=https
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.rule=Host(`${NEXTCLOUD_DOMAIN}`)
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.tls.certresolver=letsencrypt
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.tls=true
- traefik.docker.network=proxy
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.middlewares=${NAME_SERVICE}-${NAME_ENV}_redir,${NAME_SERVICE}-${NAME_ENV}_ssl
- traefik.http.services.${NAME_SERVICE}-${NAME_ENV}.loadbalancer.server.port=80
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_redir.redirectregex.permanent=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_redir.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_redir.redirectregex.replacement=https://$$1/remote.php/dav/
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.customFrameOptionsValue=SAMEORIGIN
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.framedeny=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.contentTypeNosniff=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.forceSTSHeader=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.stsPreload=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.stsSeconds=315360000
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.stsIncludeSubdomains=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.sslProxyHeaders.X-Forwarded-Proto=https
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.sslredirect=true
environment:
- REDIS_HOST=redis
- REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD}
- TRUSTED_PROXIES=${TRUSTED_PROXIES}
- OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL}
- OVERWRITECLIURL=${OVERWRITECLIURL}
networks:
- proxy
- db
redis:
image: redis:latest
restart: always
command: >
--requirepass ${REDIS_HOST_PASSWORD}
networks:
- db
pgsql:
image: postgres:14
restart: always
# container_name: db
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- ${VOLUMES_PATH}/${NAME_SERVICE}-${NAME_ENV}_pg_data:/var/lib/postgresql/data
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.${NAME_SERVICE}-${NAME_ENV}_pg.tls=true"
- "traefik.tcp.routers.${NAME_SERVICE}-${NAME_ENV}_pg.rule=HostSNI(`pgsql.localhost`)"
- "traefik.tcp.routers.${NAME_SERVICE}-${NAME_ENV}_pg.service=${NAME_SERVICE}-${NAME_ENV}_pg"
- "traefik.tcp.services.${NAME_SERVICE}-${NAME_ENV}_pg.loadbalancer.server.port=5432"
networks:
- db
security_opt:
- no-new-privileges:true
collabora:
image: edit/code:v20230213
networks:
- proxy
cap_add:
- MKNOD
ports:
- "9993:9980"
cpu_count: 1
cpus: 0.500
mem_limit: 2.2g
mem_reservation: 2g
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- aliasgroup1=https://${NEXTCLOUD_DOMAIN}:443
- server_name=https://${COLLABORA_SERVER_NAME}
- username=${COLLABORA_USERNAME}
- password=${COLLABORA_PASSWORD}
- WOPIsrc=https://${NEXTCLOUD_DOMAIN}
- "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- LC_CTYPE=en_US.UTF-8
restart: unless-stopped
command: bash start-collabora-online.sh
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
# Redirection http -> https
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.rule=Host(`${COLLABORA_DOMAIN}`)"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.entrypoints=http"
- "traefik.http.services.${NAME_SERVICE}-${NAME_ENV}_code.loadbalancer.server.port=9980"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.middlewares=${NAME_SERVICE}-${NAME_ENV}_code-https-redirect,${NAME_SERVICE}-${NAME_ENV}_code-header"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsSeconds=15552000"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsPreload=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.referrerPolicy=same-origin"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
# configuration https avec le backend
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.rule=Host(`${COLLABORA_DOMAIN}`)"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.entrypoints=https"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls=true"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls.certresolver=letsencrypt"
collabora-replica:
image: edit/code:v20230213
networks:
- proxy
cap_add:
- MKNOD
ports:
- "9994:9980"
cpu_count: 1
cpus: 0.500
mem_limit: 2.2g
mem_reservation: 2g
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- aliasgroup1=https://${NEXTCLOUD_DOMAIN}:443
- server_name=https://${COLLABORA_SERVER_NAME}
- username=${COLLABORA_USERNAME}
- password=${COLLABORA_PASSWORD}
- WOPIsrc=https://${NEXTCLOUD_DOMAIN}
- "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- LC_CTYPE=en_US.UTF-8
restart: unless-stopped
command: bash start-collabora-online.sh
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
# Redirection http -> https
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.rule=Host(`${COLLABORA_DOMAIN}`)"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.entrypoints=http"
- "traefik.http.services.${NAME_SERVICE}-${NAME_ENV}_code.loadbalancer.server.port=9980"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.middlewares=${NAME_SERVICE}-${NAME_ENV}_code-https-redirect,${NAME_SERVICE}-${NAME_ENV}_code-header"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsSeconds=15552000"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsPreload=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.referrerPolicy=same-origin"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
# configuration https avec le backend
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.rule=Host(`${COLLABORA_DOMAIN}`)"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.entrypoints=https"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls=true"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls.certresolver=letsencrypt"
dbmanager:
image: adminer
restart: always
# container_name: someonemanager
volumes:
- ${VOLUMES_PATH}/${NAME_SERVICE}-${NAME_ENV}_adminer_data:/usr/local/etc/php/conf.d/uploads.ini
environment:
ADMINER_DESIGN: "user"
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_dbm.entrypoints=https"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_dbm.rule=Host(`${ADMINER_DOMAIN}`)"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_dbm.tls=true"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_dbm.tls.certresolver=letsencrypt"
networks:
- proxy
- db
security_opt:
- no-new-privileges:true
networks:
db:
proxy:
external:
name: proxy