[Nix-dev] Nixops containers networking
Dario Bertini
berdario at gmail.com
Sun Jul 3 19:44:57 CEST 2016
Hi,
I'm trying to expose an http service running inside a container,
provisioned with nixops
Here there's the network configuration:
https://gist.github.com/berdario/c6fedeefb87fc08cd93abf3ce4dedc03
(If it seems complex: I adapted from my actual config, in which I have
2 services, and thus over there the blue_config has 2 values and makes
more sense)
I found a few problems:
I cannot use the declarative configuration specified here:
https://nixos.org/nixos/manual/index.html#sec-declarative-containers
Since that way I wouldn't be able to independently deploy/upgrade the
containers.
Even if I also create another `containers` config in the host logical
configuration, I doubt it would work since nixops will create
containers with arbitrary names (like `foo`, `foo-1`) instead of the
names that I supplied (`foo_blue`, `foo_green`)... moreover, when
trying this on one deployment `foo-1` will match `foo_green`, while on
another deployment it will match `foo_blue`
If I was able to specify my own configuration, I could simply use an
hand-picked ip address for forwarding.
The second problem, is that the host won't have any lines inside its
/etc/hosts pointing to the containers
To work around this, I decided to use `deployment.encryptedLinksTo`
(it seems a bit overkill, since it being a local connection I could do
just fine with an unencrypted one), but then...
The third problem, is that I cannot use the hostname inside
`forwardTo`, since that will be passed directly to iptables, which
will fail with `iptables v1.6.0: Bad IP address "foo_blue"`
Is there an easier way to expose a service inside a container to the
outside world? Any suggestions?
Thank you
More information about the nix-dev
mailing list