I’m trying the wordpress example from your website and I am having firewall issues. It’s not reading the port mapping properly. In my docker-compose.yml I have:
@kiboro What version of Rancher are you on? I can’t reproduce the problem on latest Rancher 0.32 and rancher-compose 0.2.5. Here is my compose file:
wordpresslb:
image: nginx
ports:
- "8090:80"
and here is the rule created on the backend:
-A CATTLE_PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp --dport 8090 -j DNAT --to-destination 10.42.205.0:80
If you are on the latest Rancher/rancher-compose, and still see the issue, could you share your entire docker-compose file? Omitting the sensitive info of course
No problem about the compose file as it’s only the test one from your website. I added a port map for wordpress itself and that works correctly. It appears to only be the load balancer where it ignores the internal port. It always maps whatever the external port is to that same port internally. Is it the load balancer image that’s at fault? I’m really new at Docker.
Since we control the balancer it always listens internally on the same ports that it exposes to the host. The 2nd number is used as the default mapping of what port to send traffic to the targets on when it came in on that port. So "8090:80/tcp" on a load balancer means:
Listen on port 8090 on the host
Send traffic coming in on 8090 to the linked containers on port 80 (unless there are further advanced routing options)
mywordpress is listening on 80, so this should work. (The "8888:80/tcp" in its definition is not needed, unless you want to be able to hit it directly without going through the balancer).
Use TCP balancing, not HTTP. You probably want just “8090:80”, as-is you will not get the X-Forwarded-For header or know the request’s original IP.
Ah, that makes it all clear. Maybe you should add a note to the website about how that works since it’s sort-of misusing the port definition syntax. All seems to be working fine now thanks.