docker-compose links tag not supported

Product support balenaEngine
1

I’ve setup a VPN client connection inside a multi-container app that is working well. The idea is to have other containers use the vpn containers connection to the VPN.

The containers that I want to have access to my VPN are able to access services/devices on the VPN just fine. The issue is making one of my services webpages available to access from the VPN.

An example docker-compose file:

version: '2'
volumes:
  ovpn-data:
services:
  vpn:
    image: dperson/openvpn-client
    cap_add:
      - net_admin
    tmpfs:
      - /run
      - /tmp
    security_opt:
      - label=disable
    devices:
      - "/dev/net:/dev/net"
    volumes:
        - 'ovpn-data:/vpn'
    restart: unless-stopped
  frontend:
    image: docker_hub_user/container_name
    depends_on:
        - vpn
    network_mode: "service:vpn"
    restart: unless-stopped
  proxy:
    image: dperson/nginx
    depends_on:
      - frontend
    links:
      - vpn:frontend
    ports:
      - "80:80"
      - "443:443"
    tmpfs:
      - /run
      - /tmp
      - /var/cache/nginx
    restart: unless-stopped
    command: -w "http://frontend:8888;/vpn"

In this example, the frontend container is a web server. This config gives me an error when trying to start the container proxyhost not found in upstream "frontend" in /etc/nginx/conf.d/default.conf:51

Balena does not support that links tag specified in the proxy container. That makes sense, as it is deprecated even within docker-compose – my question is what is an acceptable alternative approach that is supported by balena?

I can verify that this proxy configuration works if frontend is not using network: service:vpn - so the error is a function of connecting frontend to vpn and so it’s apparently not available on the default network being created within the container stack?

Any advice or suggestions?

2

Hi

If you see our docs, we only support bridge, host or none for the network_mode field in the docker compose file
See - https://www.balena.io/docs/reference/supervisor/docker-compose/

4

Ok, @anujdeshpande.

For reference network_mode: "service:[service]" works as intended for passing traffic through another container like a VPN as I am doing above. That part is working. I’m just not able to get the proxy where it can “see” the services that are running so it can direct traffic properly.

5

Hi there, this looks like the network_mode: service:vpn is affecting the stack somehow when, at least according to our docs, it should be ignored as it’s not supported. I’ll contact the balena engine maintainer to see what he’s got to say about it. Meanwhile, can you share the output of the following commands run on your host:

  • balena network list
  • balena network inspect <relevant_network>

That could help shed some light into what is going on.

8

Here you go:

root@16324b5:~# balena network list
NETWORK ID          NAME                DRIVER              SCOPE
f8720304cb41        1635574_default     bridge              local
4f46c5553116        bridge              bridge              local
04b3342d8f69        host                host                local
0bcbb06f74c0        none                null                local
92817dfac536        supervisor0         bridge              local
root@16324b5:~# balena network inspect f8
[
    {
        "Name": "1635574_default",
        "Id": "f8720304cb415deb11b6e1e329cca3f778cfa2ebfe9e039ef85c23357fcca0bf",
        "Created": "2020-04-14T21:38:21.209232075Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.12.0/24"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "0048781ef8753ae68f90f8d1c00d84e6db199e4862879233b48b45fae790066a": {
                "Name": "adminer_2160773_1339138",
                "EndpointID": "9eefef207a8655f34aa4e20a841a4a367430077116caa337f66e997b7d93ccc6",
                "MacAddress": "02:42:c0:a8:0c:06",
                "IPv4Address": "192.168.12.6/24",
                "IPv6Address": ""
            },
            "041da35fd2da5f25bcdd07b8bb61bc1b8aaa160314ad5976847172dd6e3758b8": {
                "Name": "vpn_2160769_1339138",
                "EndpointID": "a88ff5f68a03f6d8d7f24852e8c30fe163fb3a6729d0491292883ff0438e3bde",
                "MacAddress": "02:42:c0:a8:0c:02",
                "IPv4Address": "192.168.12.2/24",
                "IPv6Address": ""
            },
            "393cc2a65a7241280ede785725eedb9e5223d11f8a400801adb1d0e28bf345fd": {
                "Name": "frontend_2160770_1339138",
                "EndpointID": "01d9d6e25331235129d594857f421a62daaad4d756f95be08594c390e6cd97fb",
                "MacAddress": "02:42:c0:a8:0c:05",
                "IPv4Address": "192.168.12.5/24",
                "IPv6Address": ""
            },
            "6551a73bfb0e9467b315c8c8b39529b0600542be848e818af7d60f506222f804": {
                "Name": "proxy_2160775_1339138",
                "EndpointID": "8cef87ada3823c31a2365d697dd8d27d5a37e4eed39739ab27fafd6f201d7882",
                "MacAddress": "02:42:c0:a8:0c:07",
                "IPv4Address": "192.168.12.7/24",
                "IPv6Address": ""
            },
            "6ea35c766bfa1a1e4d104e7f4bf93ec8f0e48b985c202916d5f6c35d09216702": {
                "Name": "emulator_2160771_1339138",
                "EndpointID": "13fc5faaa691eedd2bade38a08cf4997ee5b717162e9922e5c92f202722d9235",
                "MacAddress": "02:42:c0:a8:0c:04",
                "IPv4Address": "192.168.12.4/24",
                "IPv6Address": ""
            },
            "6f87fee2655b86acf7694b67c53e93dd16fe87bbd9e2b5349ba947ca823522a2": {
                "Name": "db_2160772_1339138",
                "EndpointID": "16a1e14766211353a8d219b3a4dea73c276ad6c2aa7f3799e302977621bd04c7",
                "MacAddress": "02:42:c0:a8:0c:03",
                "IPv4Address": "192.168.12.3/24",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "io.balena.supervised": "true"
        }
    }
]
root@16324b5:~#
15

Hi there,
unfortunately, as you can see from the link, the links property is not supported by the supervisor.
Can I ask you what are you trying to achieve with the use of this field ?