edit-icon download-icon

Custom routing - user guide

Last Updated: Jan 10, 2018

acs/proxy

The custom proxy image is inherited from the image dockercloud/haproxy by using the FROM dockercloud/haproxy method. It dynamically detects the container status, and realizes backend container load balancing proxy and service discovery. The feature is that all configurations of the HAProxy Server Load Balancer softwares are parameterized to facilitate you to customize your configurations as per your needs.

This image mainly applies to the scenarios where the default routing service of Alibaba Cloud Container Service cannot meet your needs, which facilitates you to customize the HAProxy configurations.

The acs/proxy and HAProxy mentioned in this document refer to this image or the software HAProxy in this image.

Working principle of dynamic load balancing proxy and service discovery

  • By using the container environment variables, the image acs/proxy determines the global and default load balancing configurations.

  • The image acs/proxy listens to events in the cluster, such as container status changes, re-obtains the corresponding container information in the cluster after the status change, and determines the latest load balancing configurations.

  • The image acs/proxy reloads the latest load balancing configurations to bring the configurations into effect.

How to determine the backend container of Server Load Balancer

  • The range is determined based on the environment variable ADDITIONAL_SERVICES of acs/proxy.

    • ADDITIONAL_SERVICES: "*" indicates that the range is the whole cluster.
    • ADDITIONAL_SERVICES: "project_name1:service_name1,project_name2:service_name2" indicates that the range is the current application and specified services in the specified application.
    • If ADDITIONAL_SERVICES is null or not set, the range is the containers of the current application.
  • The image determines whether or not to add the container as acs/proxy backend container based on the container label.

    • aliyun.proxy.VIRTUAL_HOST: "www.toolchainx.com" indicates to add the container as backend container and the domain name is www.toolchainx.com.
    • aliyun.proxy.required: "true" indicates to add the container as backend container and use it as the default backend container.

How to bind a Server Load Balancer instance to the frontend

Use a custom load balancing label, such as aliyun.lb.port_80: 'tcp://proxy:80'.

Note: Different services cannot share the same Server Load Balancer. Otherwise, the backend machines of Server Load Balancer will be deleted and the services will become unavailable.

For more information about how to use the custom load balancing label, see lb.

Sample template

  1. lb:
  2. image: registry.aliyuncs.com/acs/proxy:0.5
  3. ports:
  4. - '80:80'
  5. restart: always
  6. labels:
  7. # Addon allows the proxy image to function as a subscription registry center and dynamically load the service route.
  8. aliyun.custom_addon: "proxy"
  9. # A proxy image container is deployed on each virtual machine (VM).
  10. aliyun.global: "true"
  11. # Use a custom load balancing label to bind a Server Load Balancer instance to the frontend.
  12. aliyun.lb.port_80: tcp://proxy_test:80
  13. environment:
  14. # Indicates the range of backend containers that support route loading. "*" indicates the whole cluster. By default, it indicates the services in applications.
  15. ADDITIONAL_SERVICES: "*"
  16. appone:
  17. expose: # For proxied services, use expose or ports to tell proxy containers which port is to be exposed.
  18. - 80/tcp
  19. image: 'nginx:latest'
  20. labels:
  21. # http/https/ws/wss are supported.
  22. # Use your own domain name instead of the test domain name provided by Container Service.
  23. aliyun.proxy.VIRTUAL_HOST: "http://appone.example.com"
  24. restart: always

Configuration instructions

Set the global and default configurations by using the environment variables of the image acs/proxy

Note: To make these configurations take effect, redeploy the HAProxy service. The configurations in this part are the environment variable configurations of the service where the image acs/proxy resides.

Environment variable Default value Description
ADDITIONAL_SERVICES The list of additional services that need to balance the load (for example, prj1:web,prj2:sql).
The service discovery is based on the com.docker.compose.[project|service] container labels.
This environment variable only applies to compose V2. Make sure the container can be resolved and access the network where the dependent services reside.
BALANCE roundrobin The load balancing algorithm to be used.
Possible values: roundrobin, static-rr, source, and leastconn.
For more information, see HAProxy: balance.
CA_CERT_FILE The path of a CA-cert file.
By using this environment variable, you can mount your CA-cert file directly from a data volume instead of passing the CA-cert file contents.
With this environment variable configured, the CA_CERT environment variable is ignored.
Possible value: /cacerts/cert0.pem
CA_CERT The CA-cert for HAProxy to verify the client.
Use the same format as DEFAULT_SSL_CERT.
CERT_FOLDER The certificate path.
By using this environment variable, you can mount your CA-cert file directly from a data volume instead of passing the certificate file contents.
With this environment variable configured, the environment variables DEFAULT_SSL_CERT and SSL_CERT of the dependent services are ignored.
Possible value: /certs/.
DEFAULT_SSL_CERT The default SSL certificate.
The pem file contains the private key and public key (the private key is put before the public key), with \n (two chars) as the line separator. Keep the contents in the same line. See SSL termination.
EXTRA_BIND_SETTINGS Extra settings. Strings that are separated by commas (,) (<port>:<setting>). Each part will be appended to the corresponding port bound node in the configuration file.
To use a comma (,), escape with the \,.
Possible value: 443:accept-proxy, 80:name http.
EXTRA_DEFAULT_SETTINGS Extra settings. Strings that are separated by commas (,). Each part will be appended to the DEFAULT node in the configuration file.
To use a comma (,), escape with the \,.
EXTRAFRONTEND_SETTINGS\<PORT> Extra settings. Strings that are separated by commas (,). Each part will be appended to the frontend node according to the port number specified in the environment variable name.
To use a comma (,), escape with the \,.
Possible value: EXTRA_FRONTEND_SETTINGS_80=balance source, maxconn 2000.
EXTRA_GLOBAL_SETTINGS Extra settings. Strings that are separated by commas (,). Each part will be appended to the GLOBAL node in the configuration file.
To use a comma (,), escape with the \,.
Possible value: tune.ssl.cachesize 20000, tune.ssl.default-dh-param 2048.
EXTRA_ROUTE_SETTINGS The string will be appended to each backend route after the health check is completed. The configurations of dependent services will overwrite these configurations.
Possible value: send-proxy.
EXTRA_SSL_CERTS The name list of extra certificates. Separated by commas (,). For example, CERT1, CERT2, CERT3.
Specify each certificate as an independent environment variable. For example, CERT1="<cert-body1>", CERT2="<cert-body2>", CERT3="<cert-body3>".
HEALTH_CHECK check Sets health check on each route.
Possible value: check inter 2000 rise 2 fall 3.
For more information, see: HAProxy: check.
HTTP_BASIC_AUTH The identify information list for HTTP basic authentication (<user>:<pass>). Separated by commas (,). The identity information applies to all the backend routes.
To use a comma (,), escape with the \,.
Note: In the production environment, do not use this environment variable for authentication.
MAXCONN 4096 Sets the maximum number of concurrent connections for each process.
MODE http The load balancing mode of HAProxy.
Possible values: http, tcp, and health.
MONITOR_PORT The port number where MONTIOR_URI is to be added.
Use together with MONTIOR_URI.
Possible value: 80.
MONITOR_URI The specific URI that needs to be intercepted to retrieve the HAProxy health status.
For more information, see Monitor URI.
Possible value: /ping.
OPTION redispatch The list of HAProxy option entries in the default node. Separated by commas (,).
RSYSLOG_DESTINATION 127.0.0.1 The rsyslog destination address where HAProxy logs will be sent to.
SKIP_FORWARDED_PROTO With this environment variable configured, HAProxy will not add the X-Forwarded-For HTTP request header.
This environment variable can be used when HAProxy is used with another load balancer.
SSL_BIND_CIPHERS Sets the SSL private key suite that will be used by the SSL server.
This environment variable sets the ssl-default-bind-ciphers configurations of HAProxy.
SSL_BIND_OPTIONS no-sslv3 Sets the SSL bind options used by the SSL server.
This environment variable sets the ssl-default-bind-options configurations of HAProxy.
After setting the environment variable to the default value, only the TLSv1.0+ is allowed to be used on the SSL server.
STATS_AUTH stats:stats The username and password required to access the HAProxy stats statistics page.
STATS_PORT 1936 The port exposed by the HAProxy stats statistics page.
With this port opened, the stats statistics page can be accessed by using http://<host-ip>:<STATS_PORT>/.
TIMEOUT connect 5000, client 50000, server 50000 The list of HAProxy timeout entries in the default node. Separated by commas (,).

Configure the backend service by using the corresponding service image labels

Configure the backend service by writing labels to the backend service image. These configurations are written in the template section of the proxied service.

These configurations can overwrite the HAProxy settings. The HAProxy settings only apply to the dependent services. If a service running in Alibaba Cloud Container Service is redeployed, joins or leaves HAProxy service, HAProxy service will be automatically updated to apply the changes.

Label Description
aliyun.proxy.APPSESSION Session persistence option.
Possible value: JSESSIONID len 52 timeout 3h.
For more information, see HAProxy: appsession.
aliyun.proxy.BALANCE The load balancing algorithm to be used.
Possible values: roundrobin, static-rr, source, and leastconn.
For more information, see HAProxy: balance.
aliyun.proxy.COOKIE Session persistence option.
Possible value: SRV insert indirect nocache.
For more information, see HAProxy: cookie.
aliyun.proxy.DEFAULT_SSL_CERT Similar to SSL_CERT, but this variable stores the pem file to /certs/cert0.pem as the default SSL certificate.
If multiple DEFAULT_SSL_CERT are configured in dependent services or HAProxy, undefined behavior will be caused.
aliyun.proxy.EXCLUDE_PORTS The port numbers that are separated by commas (,). For example, 3306, 3307.
By default, HAProxy adds all the ports exposed by the application services to the backend routes.
You can specify the port that you do not want to be routed, such as the database port.
aliyun.proxy.EXTRA_ROUTE_SETTINGS The string will be appended to each backend route after the health check is completed.
Possible value: send-proxy.
aliyun.proxy.EXTRA_SETTINGS Extra settings. Strings that are separated by commas (,). Each part will be appended to the related backend node or listening session in the configuration file.
To use a comma (,), escape with the \,.
Possible value: balance source.
aliyun.proxy.FORCE_SSL With this environment variable configured and the SSL termination enabled, HAProxy will redirect the HTTP request to HTTPS request.
aliyun.proxy.GZIP_COMPRESSION_TYPE Enables gzip compression.
The value of this environment variable is a list of MIME types that will be compressed.
Possible value: text/html text/plain text/css.
aliyun.proxy.HEALTH_CHECK Sets health check on each backend route.
Possible value: check inter 2000 rise 2 fall 3.
For more information, see HAProxy: check.
aliyun.proxy.HSTS_MAX_AGE Enables HSTS.
The value of this environment variable is an integer, representing the validity period of HSTS in seconds.
Possible value: 31536000.
aliyun.proxy.HTTP_CHECK Enables HTTP to check the health status of the server.
Possible value: OPTIONS * HTTP/1.1\r\nHost:\ www.
For more information, see HAProxy: httpchk.
aliyun.proxy.OPTION The list of HAProxy option entries. Separated by commas (,).
The option configured here will be added to the related backend node or listening node, and overwrite the OPTION settings in the HAProxy container.
aliyun.proxy.SSL_CERT The SSL certificate.
The pem file contains the private key and public key (the private key is put before the public key), with \n (two chars) as the line separator.
aliyun.proxy.TCP_PORTS The ports separated by commas (,). For example, 9000, 9001, 2222/ssl.
The ports listed in TCP_PORTS will be load balanced in TCP mode.
Port ending with /ssl indicates that port needs SSL termination.
aliyun.proxy.VIRTUAL_HOST_WEIGHT The weight of a virtual host, which is used together with aliyun.proxy.VIRTUAL_HOST.
The value of this environment variable is an integer. The default value is 0.
The configurations affect the order of ACL rules of the virtual hosts. The higher the virtual host weight, the higher the ACL rule priority, which means the larger the value is, the earlier to be routed.
aliyun.proxy.VIRTUAL_HOST Specifies virtual host and virtual path.
Format: [scheme://]domain[:port][/path], ....
Wildcard * can be used in domain and path parts.

For more information, see HAProxy configuration guide.

Virtual host and virtual path

You can specify the virtual host and virtual path in the environment variable VIRTUAL_HOST at the same time. The value of VIRTUAL_HOST is composed of URLs which are separated by commas (,). The format is: [scheme://]domain[:port][/path].

Item Default value Description
scheme http Possible values: http, https, and wss.
domain The virtual host.
* can be used as the wildcard.
port 80/433 The port number of the virtual host.
When scheme is set as https or wss, the default port is 443.
/path The virtual path, which starts with /.
* can be used as the wildcard.

Matching examples

Virtual host Match Not match
http://domain.com domain.com www.domain.com
domain.com domain.com www.domain.com
domain.com:90 domain.com:90 domain.com
https://domain.com https://domain.com domain.com
https://domain.com:444 https://domain.com:444 https://domain.com
\*.domain.com www.domain.com domain.com
\*domain.com www.domain.com, domain.com, anotherdomain.com www.abc.com
www.e\*e.com www.domain.com, www.exxe.com www.axxa.com
www.domain.\* www.domain.com, www.domain.org domain.com
\* any website with HTTP
https://\* any website with HTTPS
\*/path domain.com/path, domain.org/path?u=user domain.com/path/
\*/path/ domain.com/path/, domain.org/path/?u=user domain.com/path, domain.com/path/abc
\*/path/\* domain.com/path/, domain.org/path/abc domain.com/abc/path/
\*/\*/path/\* domain.com/path/, domain.org/abc/path/, domain.net/abc/path/123 domain.com/path
\*/\*.js domain.com/abc.js, domain.org/path/abc.js domain.com/abc.css
\*/\*.do/ domain.com/abc.do/, domain.org/path/abc.do/ domain.com/abc.do
\*/path/\*.php domain.com/path/abc.php domain/abc.php, domain.com/root/abc.php
\*.domain.com/\*.jpg www.domain.com/abc.jpg, abc.domain.com/123.jpg domain.com/abc.jpg
\*/path, \*/path/ domain.com/path, domain.org/path/
domain.com:90, https://domain.com domain.com:90, https://domain.com

Note:

  • The order of the ACL rules generated based on VIRTUAL_HOST is random. In HAProxy, when an ACL rule with a narrow scope (for example, web.domain.com) is put after an ACL rule with a wide scope (for example, *.domain.com), the ACL rule with a narrow scope will never be reached. Therefore, if the virtual hosts you set have overlapping scopes, use VIRTUAL_HOST_WEIGHT to manually set the order of ACL rules, namely, giving a higher weight to the virtual host with a narrow scope than that with a wide scope.
  • All the services with the same VIRTUAL_HOST environment variable configurations will be considered as and merged into one single service, which is applicable to some testing scenarios.

SSL termination

acs/proxy supports the SSL termination of certificates. Set SSL_CERT and VIRTUAL_HOST for each application that needs to use SSL termination. Then, HAProxy reads the certificates in the dependent environment and enables the SSL termination.

Note: When the environment variable value contains an equal sign (=), which is common in SSL_CERT, Docker will skip that environment variable. Therefore, use multiple SSL termination in Docker 1.7.0 or later versions.

Enable the SSL termination when:

  • At least one SSL certificate is set.
  • VIRTUAL_HOST is not set or is set with https as the scheme.

Set SSL certificate in the following ways:

  • Set DEFAULT_SSL_CERT in acs/proxy.
  • Set aliyun.proxy.SSL_CERT and/or DEFAULT_SSL_CERT in the application services that depend on acs/proxy.

The difference between aliyun.proxy.SSL_CERT and DEFAULT_SSL_CERT is that the multiple certificates specified by SSL_CERT are stored as cert1.pem, cert2.pem, ..., while the certificate specified by DEFAULT_SSL_CERT is always stored as cert0.pem. In this case, HAProxy will use cert0.pem as the default certificate when SNI match is not set. However, when multiple DEFAULT_SSL_CERTIFICATE are provided, only one of the certificates can be stored as cert0.pem, and the others are discarded.

PEM file

The certificate specified by acs/proxy or the dependent application services is a pem file, which contains the private key and public key (the private key must be put before the public key and other licenses). You can run the following script to generate a self-signed certificate.

  1. openssl req -x509 -newkey rsa:2048 -keyout key.pem -out ca.pem -days 1080 -nodes -subj '/CN=*/O=My Company Name LTD./C=US'
  2. cp key.pem cert.pem
  3. cat ca.pem >> cert.pem

After obtaining the pem file, you can run the following command to convert the file to one line of contents.

  1. awk 1 ORS='\\n' cert.pem

Copy the converted contents and set the contents as the value of aliyun.proxy.SSL_CERT or DEFAULT_SSL_CERT.

Affinity and session persistence

Set the affinity and session persistence in the following ways:

  • Set aliyun.proxy.BALANCE=source in your application service. With the source load balancing method configured, HAProxy will hash the client IP address and make sure that the same IP always connects to the same backend service container.
  • Set aliyun.proxy.APPSESSION=<value>. Use application session to determine which service container a client will connect to. Possible value of <value> is JSESSIONID len 52 timeout 3h.
  • Set aliyun.proxy.COOKIE=<value>. Use the application cookie to determine which backend service container a client will connect to. Possible value of <value> is SRV insert indirect nocache.

For more information, see HAProxy: appsession and HAProxy: cookie.

TCP load balancing

By default, acs/proxy runs in http mode. To run the dependent services in tcp mode, specify the environment variable TCP_PORTS. The variable value is the port numbers, which are separated by commas (,). For example, 9000, 9001.

For example, if you run the following command:

  1. docker --name app-1 --expose 9000 --expose 9001 -e TCP_PORTS="9000, 9001" your_app
  2. docker --name app-2 --expose 9000 --expose 9001 -e TCP_PORTS="9000, 9001" your_app
  3. docker run --link app-1:app-1 --link app-2:app-2 -p 9000:9000, 9001:9001 acs/proxy

Then, HAProxy balances the load for app-1 and app-2 on ports 9000 and 9001 respectively.

Besides, if your exposed ports are more than the ports configured in TCP_PORTS, the rest of the ports will be load balanced in the http mode.

For example, if you run the following command:

  1. docker --name app-1 --expose 80 --expose 22 -e TCP_PORTS=22 your_app
  2. docker --name app-2 --expose 80 --expose 22 -e TCP_PORTS=22 your_app
  3. docker run --link app-1:app-2 --link app-2:app-2 -p 80:80 -p 22:22 acs/proxy

Then, HAProxy balances the load in http mode on port 80 and balances the load in tcp mode on port 22.

In this way, you can balance the load in the tcp mode and http mode at the same time.

If you set ports that end with /ssl (for example, 2222/ssl) in TCP_PORTS, HAProxy will set SSL termination on port 2222.

Note:

  • You can set VIRTUAL_HOST and TCP_PORTS at the same time to provide more control for the http mode.
  • The load balancing on tcp port applies to all the services. Therefore, if you depend on two or more services using the same TCP_PORTS configurations, acs/proxy considers these services as the same service.

WebSocket support

You can enable the WebSocket support in the following ways:

  • You can use the virtual host to specify the use of ws or wss protocol because WebSocket is started by using HTTP. For example, -e VIRTUAL_HOST="ws://ws.domain.com, wss://wss.domain.com".
  • You can try to use the TCP load balancing in the preceding section of this document because WebSocket itself is a TCP connection.

Scenarios

Note: The image acs/proxy in the following examples is abbreviated from registry.aliyuncs.com/acs/proxy:0.5. Make the corresponding replacements as necessary.

My webapp container exposes port 8080 (or any other port), and I want the acs/proxy to listen to port 80

Use the following command:

  1. docker run -d --expose 80 --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -p 80:80 acs/proxy

My webapp container exposes port 80 and database ports 8083/8086, and I want the acs/proxy to listen to port 80 without adding my database ports to acs/proxy

  1. docker run -d -e EXCLUDE_PORTS=8803,8806 --expose 80 --expose 8083 --expose 8086 --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -p 80:80 acs/proxy

My container exposes port 8080 (or any other port), and I want acs/proxy to listen to port 8080

Use the following command:

  1. docker run -d --expose 8080 --name webapp your_app
  2. docker run -d --link webapp:webapp -p 8080:80 acs/proxy

I want acs/proxy to process SSL connections and forward my normal HTTP requests to port 8080 (or any other port)

Use the following command:

  1. docker run -d -e SSL_CERT="YOUR_CERT_TEXT" --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -p 443:443 -p 80:80 acs/proxy

or

  1. docker run -d --link webapp:webapp -p 443:443 -p 80:80 -e DEFAULT_SSL_CERT="YOUR_CERT_TEXT" acs/proxy

The certificate in YOUR_CERT_TEXT contains the private key and public key (the private key is put before the public key), with \n as the line separator. Assume that your certificate is stored in ~/cert.pem, you can run the following command:

  1. docker run -d --link webapp:webapp -p 443:443 -p 80:80 -e DEFAULT_SSL_CERT="$(awk 1 ORS='\\n' ~/cert.pem)" acs/proxy

I want acs/proxy to terminate SSL connections and redirect HTTP requests to HTTPS requests

Use the following command:

  1. docker run -d -e FORCE_SSL=yes -e SSL_CERT="YOUR_CERT_TEXT" --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -p 443:443 acs/proxy

I want to load my SSL certificates from data volumes instead of passing certificate contents by using environment variables

You can use the environment variable CERT_FOLDER to specify which folder the certificates are mounted in the container. Use the following command:

  1. docker run -d --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -e CERT_FOLDER="/certs/" -v $(pwd)/cert1.pem:/certs/cert1.pem -p 443:443 acs/proxy

I want to configure virtual host routing by using domain names

You can configure the virtual host by using acs/proxy to read the environment variable (VIRTUAL_HOST) of the dependent containers.

Example:

  1. docker run -d -e VIRTUAL_HOST="www.webapp1.com, www.webapp1.org" --name webapp1 dockercloud/hello-world
  2. docker run -d -e VIRTUAL_HOST=www.webapp2.com --name webapp2 your/webapp2
  3. docker run -d --link webapp1:webapp1 --link webapp2:webapp2 -p 80:80 acs/proxy

In the preceding example, when you access http://www.webapp1.com or http://www.webapp1.org, the service running on container webapp1 is displayed, and http://www.webapp2.com connects to the container webapp2.

If you use the following command:

  1. docker run -d -e VIRTUAL_HOST=www.webapp1.com --name webapp1 dockercloud/hello-world
  2. docker run -d -e VIRTUAL_HOST=www.webapp2.com --name webapp2-1 dockercloud/hello-world
  3. docker run -d -e VIRTUAL_HOST=www.webapp2.com --name webapp2-2 dockercloud/hello-world
  4. docker run -d --link webapp1:webapp1 --link webapp2-1:webapp2-1 --link webapp2-2:webapp2-2 -p 80:80 acs/proxy

When you access http://www.webapp1.com, the service running on container webapp1 is displayed, and http://www.webapp2.com connects to containers webapp2-1 and webapp2-2 based on the round-robin scheduling (or any other algorithm specified by BALANCE).

I want all my *.node.io domain names to point to my service

  1. docker run -d -e VIRTUAL_HOST="*.node.io" --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -p 80:80 acs/proxy

I want web.domain.com to connect to a service and *.domain.com to connect to another service

  1. docker run -d -e VIRTUAL_HOST="web.domain.com" -e VIRTUAL_HOST_WEIGHT=1 --name webapp dockercloud/hello-world
  2. docker run -d -e VIRTUAL_HOST="*.domain.com" -e VIRTUAL_HOST_WEIGHT=0 --name app dockercloud/hello-world
  3. docker run -d --link webapp:webapp --link app:app -p 80:80 acs/proxy

I want all the requests to path /path to point to my service

  1. docker run -d -e VIRTUAL_HOST="*/path, */path/*" --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -p 80:80 acs/proxy

I want all the static HTML requests to point to my service

  1. docker run -d -e VIRTUAL_HOST="*/*.htm, */*.html" --name webapp dockercloud/hello-world
  2. docker run -d --link webapp:webapp -p 80:80 acs/proxy

I want to check stats of HAProxy

  1. docker run -d --link webapp:webapp -e STATS_AUTH="auth:auth" -e STATS_PORT=1936 -p 80:80 -p 1936:1936 acs/proxy

I want to send my logs to papertrailapp

Replace <subdomain> and <port> with values matching your papertrailapp account.

  1. docker run -d --name web1 dockercloud/hello-world
  2. docker run -d --name web2 dockercloud/hello-world
  3. docker run -it --env RSYSLOG_DESTINATION='<subdomain>.papertrailapp.com:<port>' -p 80:80 --link web1:web1 --link web2:web2 acs/proxy

Topology using virtual hosts

Alibaba Cloud Container Service proxy topology is as follows:

  1. |---- container_a1
  2. |----- service_a ----- |---- container_a2
  3. | (virtual host a) |---- container_a3
  4. internet --- SLB -- acs/proxy ----- |
  5. | |---- container_b1
  6. |----- service_b ----- |---- container_b2
  7. (virtual host b) |---- container_b3

Manually reload HAProxy

In most cases, acs/proxy is automatically configured when the dependent services change. However, you can also manually reload the acs/proxy in the following method:

docker exec <acs/proxy_container_id> /reload.sh

Thank you! We've received your feedback.