3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-25 09:33:25 +00:00

Put all containers in their own isolated Docker network (matrix)

Moving away from using the default bridge network to using our own.
This isolates our services from other Docker containers running
on the default network on the same host.

The benefits are that:

- isolation is a little better - we no longer share a default
bridge network with any other containers that might be running on the host

- there are no longer hard dependencies - we do service discovery
by DNS name, and not via explicit `--link` usage during container start,
so containers can start out of order and fail without bringing down others
with them
(`matrix-nginx-proxy` can continue running, even if one of the other services dies)

In the future, when other services get introduced,
the increased resilience and simplicity will help as well.
This commit is contained in:
Slavi Pantaleev
2018-08-08 08:23:36 +03:00
parent b88fe971d6
commit 3fd6fd647f
10 changed files with 42 additions and 18 deletions

View File

@@ -2,11 +2,9 @@
Description=Matrix nginx proxy server
After=docker.service
Requires=docker.service
Requires=matrix-synapse.service
After=matrix-synapse.service
Wants=matrix-synapse.service
{% if matrix_riot_web_enabled %}
Requires=matrix-riot-web.service
After=matrix-riot-web.service
Wants=matrix-riot-web.service
{% endif %}
[Service]
@@ -14,12 +12,9 @@ Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy
ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy
ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
--network {{ matrix_docker_network }} \
-p 80:80 \
-p 443:443 \
--link matrix-synapse:synapse \
{% if matrix_riot_web_enabled %}
--link matrix-riot-web:riot \
{% endif %}
-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
-v {{ matrix_ssl_certs_path }}:{{ matrix_ssl_certs_path }}:ro \
{{ docker_nginx_image }}

View File

@@ -11,6 +11,7 @@ ExecStartPre=-/usr/bin/mkdir {{ matrix_postgres_data_path }}
ExecStartPre=-/usr/bin/chown {{ matrix_user_uid }}:{{ matrix_user_gid }} {{ matrix_postgres_data_path }}
ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--network {{ matrix_docker_network }} \
--env-file={{ matrix_environment_variables_data_path }}/env-postgres-server-docker \
-v {{ matrix_postgres_data_path }}:/var/lib/postgresql/data \
-v /etc/passwd:/etc/passwd:ro \

View File

@@ -11,6 +11,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-v {{ matrix_nginx_riot_web_data_path }}/config.json:/riot-web/webapp/config.json:ro \
-v {{ matrix_nginx_riot_web_data_path }}/riot.im.conf:/data/riot.im.conf:ro \
--network {{ matrix_docker_network }} \
{% if not matrix_nginx_proxy_enabled %}
-p 127.0.0.1:8765:8765 \
{% endif %}

View File

@@ -23,9 +23,7 @@ ExecStartPre=-/usr/bin/docker rm matrix-synapse
ExecStartPre=/bin/sleep 5
{% endif %}
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
{% if not matrix_postgres_use_external %}
--link matrix-postgres:{{ matrix_postgres_connection_hostname }} \
{% endif %}
--network {{ matrix_docker_network }} \
-p 8448:8448 \
{% if not matrix_nginx_proxy_enabled %}
-p 127.0.0.1:8008:8008 \