Docker run ratel/dgraph behind a reverse proxy (apache mod_proxy)

Users
,
9

Hi

I have this working now - I suspect it was purely the whitelisting of the HOST_IP_ADDR for the alpha service that was the issue - I was assuming that would be localhost but it seems the oproxy reports the actual HOST IP address as the requesting IP - makes sense really!

For anyone else who may want to run dgraph behind an apache2 mod_proxy here is what worked for me on Ubuntu server 18.04.

.env file in my docker-compose project directory

HOST_IP_ADDRESS=123.123.123.123

docker-compose.yml in my docker-compose project directory

version: "3.5"
services:

  zero:
    image: dgraph/dgraph:latest
    container_name: awt-dgraph-pub-zero
    volumes:
      - ./data:/dgraph
    expose:
      - "5080"
      - "6080"
    networks:
      - dgraph-pub-network
      - apache-network # not exposed but could be as was alpha
    restart: on-failure
    command: dgraph zero --my=zero:5080 --enable_sentry=false

  alpha:
    image: dgraph/dgraph:latest
    container_name: awt-dgraph-pub-alpha
    volumes:
      - ./data:/dgraph
    expose:
      - "8080"
      - "9080"
    networks:
      - dgraph-pub-network
      - apache-network
    restart: on-failure
    command: dgraph alpha --whitelist ${HOST_IP_ADDRESS} --my=alpha:7080 --lru_mb=2048 --zero=zero:5080 --enable_sentry=false

  ratel:
    image: dgraph/dgraph:latest
    container_name: awt-dgraph-pub-ratel
    expose:
      - "8000"
    networks:
      - dgraph-pub-network
      - apache-network
    command: dgraph-ratel

networks:
  dgraph-pub-network:
    name: dgraph-pub-network
  apache-network:
    external: true

dgraph-proxies.conf in sites-enabled directory of native apache2 installation (no dockerized)

<IfModule mod_ssl.c>

  <VirtualHost *:443>
    ServerAdmin             info@xyz.com
    ServerName              dgraph.xyz.com

    SSLEngine on
    SSLCertificateFile      /etc/ssl/cert.pem
    SSLCertificateKeyFile   /etc/ssl/privkey.pem
    SSLCertificateChainFile /etc/ssl/chain.pem

    ProxyRequests           Off
    ProxyPreserveHost       On
    AllowEncodedSlashes     NoDecode
    ProxyPass               / http://ratel:8000/ nocanon
    ProxyPassReverse        / http://ratel:8000/

    LogLevel                notice
    ErrorLog                ${APACHE_LOG_DIR}/proxies-xyz.com-error.log
    CustomLog               ${APACHE_LOG_DIR}/proxies-xyz.com-access.log combined
  </VirtualHost>

  <VirtualHost *:443>
    ServerAdmin             info@xyz.com
    ServerName              dgraph-alpha.xyz.com

    SSLEngine on
    SSLCertificateFile      /etc/ssl/cert.pem
    SSLCertificateKeyFile   /etc/ssl/privkey.pem
    SSLCertificateChainFile /etc/ssl/chain.pem

    ProxyRequests           Off
    ProxyPreserveHost       On
    AllowEncodedSlashes     NoDecode
    ProxyPass               / http://alpha:8080/ nocanon
    ProxyPassReverse        / http://alpha:8080/

    LogLevel                notice
    ErrorLog                ${APACHE_LOG_DIR}/proxies-xyz.com-error.log
    CustomLog               ${APACHE_LOG_DIR}/proxies-xyz.com-access.log combined
  </VirtualHost>

</IfModule>

Please note that this is just for our evaluation phase - ordinarily we would be access the dgraph services within our virtual network from server side API’s.

Thanks for the help!

3 Likes