(DÚVIDAS) Docker Swarm e NGINX
Tenho uma aplicação utilizando node pro server, vue pro client, rabbitmq, postgre e nginx.
No momento estou tentando fazer o deploy de tudo isso com Swarm no GCP em uma VM (Compute Engine).
Atualmente só tenho 1 máquina manager e configurada.
No GCP tenho acesso normal a porta 80, então no firewall eu liberei o acesso as portas 15672 (rabbit management) e 3000 (api). Teria alguma maneira "correta" de fazer isso, ou seria só liberar essas portas mesmo?
Também gostaria de saber, o correto é criar um load balancer pra tudo isso (ai aponta o dominio pro ip do loadbalancer)?
Segue o docker-compose.yml pra criar a stack de serviços:
version: "3.8"
services:
postgres:
container_name: postgres
image: postgres:16
restart: always
volumes:
- postgres_volume:/var/lib/postgresql/data
ports:
- 5432:5432
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: default
networks:
- default
rabbitmq:
container_name: rabbitmq
image: rabbitmq:3.13-management
restart: always
ports:
- 5672:5672
- 15672:15672
environment:
RABBITMQ_DEFAULT_USER: guest
RABBITMQ_DEFAULT_PASS: guest
volumes:
- rabbitmq_data:/var/lib/rabbitmq
networks:
- default
backend:
container_name: backend
image: <BACKEND-IMAGE>
restart: always
ports:
- 3000:3000
depends_on:
- postgres
environment:
PORT: 3000
HOST: 0.0.0.0
NODE_ENV: development
APP_KEY: ''
APP_TITLE: 'Teste'
DRIVE_DISK: gcs
SERVER_URL: 'http://<IP-DA-VM>:3000'
CLIENT_URL: 'http://<IP-DA-VM>'
HASH_DRIVER: scrypt
SESSION_DRIVER: cookie
# Database
DB_CONNECTION: pg
PG_HOST: application_postgres
PG_PORT: 5432
PG_USER: postgres
PG_PASSWORD: postgres
PG_DB_NAME: default
# Bucket
GCS_BUCKET: ''
GCS_PROJECT_ID: ''
GCS_KEY: '{}'
#Rabbit
RABBITMQ_HOSTNAME: application_rabbitmq
RABBITMQ_USER: guest
RABBITMQ_PASSWORD: guest
RABBITMQ_PORT: 5672
RABBITMQ_PROTOCOL: amqp://
networks:
- default
frontend:
container_name: frontend
image: <FRONT-IMAGE>
restart: always
environment:
VITE_APP_TITLE: "Teste"
VITE_APP_ENV: production
VITE_API_URL: 'http://<IP-DA-VM>/api'
VITE_SERVER_URL: 'http://<IP-DA-VM>:3000'
VITE_GCS_BUCKET: ''
ports:
- 80:80
depends_on:
- backend
networks:
- default
volumes:
postgres_volume:
rabbitmq_data:
networks:
default:
Configurações do NGINX (como o nome da stack no swarm é application, ele cria os serviços com o prefixo application_, então no proxy_pass passei o nome dos serviços, está correto?):
server {
listen 80;
listen [::]:80;
server_name <DOMINIO/IP-DA-VM>;
root /usr/share/nginx/html;
large_client_header_buffers 4 32k;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
# Location client
location / {
proxy_pass https://application_frontend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
# Location websocket
location /socket.io/ {
proxy_pass https://application_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
# Location backend
location /api/ {
proxy_pass https://application_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
}
Agradeço!