This repo is an example of using Docker Swarm with Traefik reverse proxy and automated deployment to DigitalOcean
- Infrastructure:
- Docker compose for local development
- Docker Swarm with Secrets as production development
- Traefik reverse proxy with Let's Encrypt certificates and HTTPS in production
- Github Actions testing and deployment worflows
- DigitalOcean nodes creation and manual deployment scripts
- Services
Requires Docker
- Clone the repo
git clone https://github.com/thinktwice13/swarm-traefik-digitalocean.git
- Install dependencies:
cd api && npm i && cd ../web && npm i
- Run with docker compose from project root
docker-compose up
- Open the app on
localhost
. Api available onlocalhost/api
; - Run api and webclient tests from
/
apiand
/websubdirectories with
npm run test`. Will run Jest in --watch mode;
Requires:
-
Create the droplets maually or edit
do-config.sh
and rundo-bootstrap.sh
script (Droplets will be created in theDefault
DigitalOcean project in DO console); -
Get manager droplet public IP in DO console or with:
doctl compute droplet ls
-
SSH into each droplet and adjust ports used by Docker:
ssh root@$DROPLET_PUBLIC_IP # Docker now uses an additional port, 2377, for managing the Swarm. The port should be blocked from public access and only accessed by trusted users and nodes. We recommend using VPNs or private networks to secure access ufw allow 2376/tcp ufw allow 2377/tcp ufw allow 7946/tcp ufw allow 7946/udp ufw allow 4789/udp # sudo ufw allow 22/tcp # Rate limiting by default on port 22 ufw reload
-
Enable Docker on startup:
sudo systemctl enable docker.service sudo systemctl enable containerd.service
You can do this section by sshing into the droplet or creating a new Docker Context on your machine.
- Initilize Docker Swarm
docker swarm init --advertise-addr $MANAGER_DROPLET_PRIVATE_IP
- Create the overlay network
docker network create -d overlay web-public
- If more than one node created, join the worker nodes to the manager
TODO
Docker CLI looks for DOCKER_HOST
variable. If not set, it uses unix:///var/run/docker.sock
. For remote host set and unset DOCKER_HOST
or use Docker Context
- Setup Swarm Secrets (Only
pg_password
andcookie_secret
used in this example stack); - For deployment, use
docker stack deploy $APP_NAME -c docker-compose.yaml
or usedo-deploy.sh
script; - For single service updates, use `docker service update --force $SERVICE_NAME (or $SERVICE_ID)
-
Set Github Secrets
# Docker credentials to push updated images DOCKER_USERNAME DOCKER_PASSWORD # DigitalOcean manager droplet user and host (public ip or domain) for ssh DO_HOST DO_USER (root) # SSH private key used for the ssh connection DO_SSH_PRIVATE
If you get Permission denied (publickey) error while trying to ssh into a node:
- Check the ssh key used to create the nodes. To use custom ssh key name on ssh root@$NODE_IP:
ssh -i $PATH_TO_KEY=~/.ssh/<KEY_NAME>
- Or try this solution from DigitalOcean.com