D
D
Denis2021-02-05 08:40:44
Nginx
Denis, 2021-02-05 08:40:44

Can you help with advice on organizing access to the site using docker swarm and ci / cd?

The questions are:

1. What should be the access scheme to the https site if swarm is used and why?
- one gateway with nginx as reverse_proxy and one or more upstream applications?
- no gateway: nginx and app in singular for each service?
- other
(in my opinion, it all depends on the task, because each approach has advantages / disadvantages. I would like to consult on this matter)

2. how to determine which of the services has been updated automatically (so as not to rebuild the docker image and not rebuild unmodified images)? My current repository in github contains services arranged in folders inside, and containers are collected with each push to master. I do not want to decompose services into separate git branches, because it kills the whole idea of ​​a single repository. I would like to talk to someone with experience in these matters.

Colleagues. I ask you to recommend contacts of people with whom we could talk on the first and second questions.

PS I searched on Google. there is some inconsistency in the articles. well, for example, to organize access via https (so that the sertbot can update certificates), they make a background process with nginx that is rebuilt by a script running in the foreground. after this, there is no particular confidence in the rest of what is written, although it may be true.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
D
Dmitry, 2021-02-05
@q2digger

you need to somehow send traffic to swarm nodes, that is, you must have some kind of load-balancer before it. ok, let's assume you have it.
then everything is quite simple and worked out.
scheme 1. old. we put consul on all nodes, we register all containers in it, we get auto-discovery and automatically updated Nginx configs. this is for an example. the consul is a very funny little animal.
scheme 2. traefic. depending on the labels in containers and services, it will route traffic to services, request certificates, etc. This is such an implementation of ingress for docker.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question