1.5 KiB
title |
---|
Docker Networking |
!!! warning
Our understanding of Docker networking is probably wrong. We're working on it.
Traefik networking
When a new Co-op Cloud instance is made, we make a "global" overlay network which traefik sits on. This is the network that other apps use to speak to traefik and get traffic routed to them. Not every service in every app is also included in this network and hence not internet-facing.
App networking
One service in an app, typically the one called app
, sits on the "global" traefik network. This container is the one that should be publicy reachable on the internet. The other services in the app such as the database and caches should be not be publicly reachable or visible to other apps on the same instance.
To deal with this, we make an additional "internal" network for each app which is namespaced to that app. So, if you deploy a Wordpress instance called my_wordpress_blog
then there will be a network called my_wordpress_blog_internal
created. This allows all the services in an app to speak to each other but not be reachable on the public internet.
Avoiding namespace conflicts
When referencing an app
service in a config file, you should prefix with the STACK_NAME
to avoid namespace conflicts (because all these containers sit on the traefik overlay network). You might want to do something like this {{ env "STACK_NAME" }}_app
(using Golang templating).