如何在负载均衡器后面配置Docker容器？

Question

My IT infrastructure department has provided me with the following setup: A netscaler load balancer (lb) in front of 3 virtual machines (vm01, vm02, vm03). Each virtual machine was setup with IIS.

I have installed Docker Engine on all three virtual machines and have replicated the same 3 containers (appcontainer1, appcontainer2, appcontainer3) on all 3 virtual machines. Each container contains a .NET Core Web API application (api1, api2, api3).

Each container is configured to expose its port 80 for access to the api and is mapped to a port on the virtual machine where it is running. In other words appcontainer1 is run with docker run -p 8091:80 . , appcontainer2 is run with docker run -p 8092:80 . , and appcontainer3 is run with docker run -p 8093:80 . .

The problem I am running into is how do I call my web applications from a client machine. For example, if I wanted to directly call ap1 on vm01 , I would call vm01.domain.com:8091 , but how do I make a call to lb.domain.com:8091 and have it resolve correctly on one of the virtual machines?

A crudely put together paint drawing of the situation:

• Do I configure the netscaler load balancer to be a reverse proxy and forward the port along to the virtual machines?
• Do I configure a separate DNS entry per application (ap1.domain.com, ap2.domain.com, api3.domain.com) and configure IIS (or nginx or Apache) on each virtual machine to resolve to the appropriate port?
• Is there a way to configure Docker to do this?
• Am I doing it all wrong and over thinking the whole thing?
• Should I be using some sort of container orchestration instead?
• Is there a sensible way to do this without bothering the infrastructure team to reconfigure everything?

Answer 1

You need to setup each IIS on each VM as a reverse proxy with ARR (Application request routing) module. There are a few tricks that you will use that MAY arise (Hello Microsoft) during this process. I cannot say anything on the load balancer though. Still, it shouldn't be hard to configure it to evenly distribute the load on the machines. All you need is to tell LB to direct any call to lb.domain.com:XXXX to one of the VMs in a round robin manner. You -probably- can do it to vary the port too, which allows you to have your traffic distributed amongst 3VMs x3containers = 9 containers.

However, it is recommended not to expose Kestrel server on the net. Instead, put it behind IIS or whatever. And to configure IIS to act as a reverse proxy, you can either build 3 sites and bind them to the corresponding ports with minimal configuration, or use a single site that uses IIS and resolve the incoming request using rewrite rules. To be honest IIS is a pain to use with docker.

BUT what I actually recommend is to use swarm if your OS supports it and expose a single port per VM. These are one of:

• WS2019,
• WS2016 1709 update or later (These have no GUI)
• Windows 10 1709 update.

The swarm is still problematic in Windows :/ Also it has very frustrating seemingly random errors involving "localhost:PORT" and stuff. For instance, I cannot access my containers on my server (WS2016, pre-1709) using localhost:PORT combination. Same goes for my development machine (Win10 latest) which has just recently become an issue. It was fine before "something" happened and it stopped working.

If you are flexible about which proxy to use, I recommend taking a look at nginx, Kubernetes and if you are on the experimental side traefik, that allows you to get away without using a container orchestration tool (ie swarm)