Expose App via Nginx Only

[HarryMuscle]

I'm trying to configure a custom docker app to be exposed via Nginx only. I've read that in order for the Kubernetes DNS to resolve the addresses of Docker app pods you need to expose a port, even if it's a dummy port that nothing listens to. So I've done that on the docker app. Then in the Nginx configuration I use the domain name that points to the Kubernetes service in front of the docker app pod. However, that results in a 502 Bad Gateway error. As far as I can tell it's because the Kubernetes service doesn't forward the port I'm trying to connect with to the Docker app pod. If I configure Nginx to use the IP address of the actual Docker app pod (and not the Kubernetes service) everything works as expected. Unfortunately the pod IPs change and they don't have a static DNS entry associated with them unless you assign them a static hostname which apparently isn't possible in TrueNAS Scale. So how does one do what I'm trying to do? Expose an app via Nginx without exposing a working port that would allow someone to bypass Nginx.

Thanks,
Harry

 

[sretalla]

Have a look here... https://www.truenas.com/community/threads/proper-power-supply-sizing-guidance.38811/

you're probably OK, but do the research.

 

[HarryMuscle]

Have a look here... https://www.truenas.com/community/threads/proper-power-supply-sizing-guidance.38811/

you're probably OK, but do the research.

I'm guessing that was a link to the wrong thread ;)

Thanks,
Harry

 

[sretalla]

You're right... not sure how I did that... that thread got its answers anyway, so all good...

I guess I can answer you since I'm here again...

You're probably best to look at TrueCharts (truecharts.org) under the Manual and Quick Start Guides.

You can use Traefik as an ingress controller (instead of your nginX reverse Proxy) and it's all pretty simple if you follow the guides.

You can even expose apps that aren't inside the TrueCharts host by using an "External-Service" TrueCharts "fake app" to point Traefik at it.

Traefik is able to use kubernetes ingress to its intended purpose and doesn't require publishing ports outside the pod to make services available.

 

[HarryMuscle]

You're right... not sure how I did that... that thread got its answers anyway, so all good...

I guess I can answer you since I'm here again...

You're probably best to look at TrueCharts (truecharts.org) under the Manual and Quick Start Guides.

You can use Traefik as an ingress controller (instead of your nginX reverse Proxy) and it's all pretty simple if you follow the guides.

You can even expose apps that aren't inside the TrueCharts host by using an "External-Service" TrueCharts "fake app" to point Traefik at it.

Traefik is able to use kubernetes ingress to its intended purpose and doesn't require publishing ports outside the pod to make services available.

I was under the impression that Traefik gets all of its configuration from how Kubernetes is setup. Meaning, how would Traefik know about the port I want to proxy if I'm trying to avoid telling Kubernetes about it to avoid exposing it to the outside world directly? Or is there a way to manually tell Traefik to proxy an additional port from a certain pod?

Thanks,
Harry

 

[sretalla]

Meaning, how would Traefik know about the port I want to proxy if I'm trying to avoid telling Kubernetes about it to avoid exposing it to the outside world directly? Or is there a way to manually tell Traefik to proxy an additional port from a certain pod?

There's a really long version of the explanation that involves me explaining kubernetes and container networking to you, but the short version is that it's smart enough to work it all out and do it properly as long as you tell it what you want exposed (which you do in the TrueCharts app config).

 

[HarryMuscle]

There's a really long version of the explanation that involves me explaining kubernetes and container networking to you, but the short version is that it's smart enough to work it all out and do it properly as long as you tell it what you want exposed (which you do in the TrueCharts app config).

Unfortunately I'm dealing with regular Docker images started with the Run Docker Image button, not TrueCharts apps.

Thanks,
Harry