Docker is a great tool for developing micro services that may be composed together in order to form a larger application. However, Docker containers run in a network apart from the host machine. That makes it sometimes cumbersome and complicated to use common host names within the Docker network and the host network. In this article we’ll show a simple knack that may be applied in order to use identical host names in both networks.
Imagine a situation where two servers run in a shared Docker network as described by the following code snippet from a
... networks: network-web: services: web-server: image: nginx:stable-alpine container_name: web-server networks: - network-web ports: - "8080:8080" ... keycloak-server: image: quay.io/keycloak/keycloak:15.0.2 container_name: keycloak-server networks: - network-web ports: - "8081:8080" ...
The web server uses KeyCloak as an IDP, i.e. for authentication. Typically you will let your browser point to “http://localhost:8080/” during development to test your application. But how do you redirect to the KeyCloak server for login? Internally the web server can “talk” to the other server by using the given container name. But the browser cannot use to that host name, because it is only valid within the Docker network.
A common solution is to use a reverse proxy that will redirect all requests. But that may cause configuration problems, e.g. when KeyCloak has to be configured for valid redirects URIs after successful login.
Create entrIES in /etc/hosts
In the first step of our solution we create an additional entry in the
/etc/hosts file (
%windir%\system32\drivers\etc in Windows). You will need administrative rights to do that.
# KeyCloak IDP and application server 127.0.0.1 idp.auth.com www.myapplication.com
This will create an alias of the host machine, i.e. using the command
will be resolved to the loopback device of your computer. In order to avoid confusion you should not use existing domains for this purpose or take special care.
Add extra hosts in docker compose file
Second, create some additional line in the
... networks: network-web: services: web-server: image: nginx:stable-alpine container_name: web-server networks: - network-web ports: - "8080:8080" extra_hosts: - "idp.auth.com:host-gateway" - "www.myapplication.com:host-gateway" ... keycloak-server: image: quay.io/keycloak/keycloak:15.0.2 container_name: keycloak-server networks: - network-web ports: - "8081:8080" extra_hosts: - "idp.auth.com:host-gateway" - "www.myapplication.com:host-gateway"
This will add
http://www.myapplication.com as a host names to the Docker network, where the magic variable
host-gateway resolves to the docker host.
In effect, in both networks the name
idp.auth.com can now be resolved and point to the same instance. Thus in our example application the web server may uniformly use the URI
http://idp.auth.com:8081/auth in order to address the KeyCloak server and both the Docker container and the browser will be able to resolve the name. Accordingly, KeyCloak can be configured to use
http://www.myapplication.com:8081 as a valid URI for redirection.
You must log in to post a comment.