Are you trying to connect to a TLS-enabled daemon without TLS?" ext=lb

[asmi85]

Hello, I am trying to use interlock with nginx as backend. I am following this
https://github.com/ehazlett/interlock/tree/master/docs/examples/nginx-swarm link to set it up but keep on getting "Are you trying to connect to a TLS-enabled daemon without TLS?" ext=lb" errors when i start interlock service. Any ideas ?

the whole errors are

test_interlock.1.9qhdo9wc8q01@moby | time="2017-08-07T10:41:19Z" level=info msg="interlock 1.4.2 (f6ccc1f)"
test_interlock.1.9qhdo9wc8q01@moby | time="2017-08-07T10:41:19Z" level=info msg="interlock node: container id=61b5864e3be1ae27eee2fce46293fe1b97cac163c62c325679806955d6052446" ext=lb
test_interlock.1.9qhdo9wc8q01@moby | time="2017-08-07T10:41:19Z" level=info msg="using event stream"
test_interlock.1.9qhdo9wc8q01@moby | time="2017-08-07T10:41:19Z" level=error msg="event stream fail; attempting to reconnect"
test_interlock.1.9qhdo9wc8q01@moby | time="2017-08-07T10:41:19Z" level=info msg="waiting for event stream to become ready"
test_interlock.1.9qhdo9wc8q01@moby | time="2017-08-07T10:41:21Z" level=error msg="Get http://192.168.65.2:2377/v1.26/containers/json?filters=%7B%22label%22%3A%7B%22interlock.hostname%22%3Atrue%7D%2C%22status%22%3A%7B%22running%22%3Atrue%7D%7D&limit=0: malformed HTTP response "\x15\x03\x01\x00\x02\x02".
test_interlock.1.9qhdo9wc8q01@moby | * Are you trying to connect to a TLS-enabled daemon without TLS?" ext=lb

[asmi85]

Also my config.toml looks like

ListenAddr = ":8080"
DockerURL = "tcp://192.168.65.2:2377"

[[Extensions]]
Name = "nginx"
ConfigPath = "/etc/nginx/nginx.conf"
PidPath = "/var/run/nginx.pid"
MaxConn = 1024
Port = 80
NginxPlusEnabled = false

[jdelamar]

Hello. That is because you have configured interlock to listen on the docker swarm port (2377), where the workers and masters are talking to one another.

AFAIK, this isn't supported. You will need to either use the local docker socket or change your docker config to expose a TCP port (typically, 2376 for SSL). You will also need TLS certificates (look up the docker docs on how to generate and configure those. Alternatively, you could, for debugging, changing docker config to expose a non SSL port, typically port 2375. I would advise to never do that on any servers that are remotely close to live networks, as this is insecure beyond reasons.

Here is my configuration for using local sockets:

        INTERLOCK_CONFIG: |
            ListenAddr = ":8080"
            DockerURL = "unix:///var/run/docker.sock"
            DockerURL = "tcp://<listenAddress>:2376"
            #TLSCACert = "/etc/docker/ssl/docker-ca.pem"
            #TLSCert = "/etc/docker/ssl/docker-cert.pem"
            #TLSKey = "/etc/docker/ssl/docker-key.pem"
            [[Extensions]]
            Name = "nginx"
            ConfigPath = "/etc/nginx/nginx.conf"
            PidPath = "/var/run/nginx.pid"
            TemplatePath = ""
            MaxConn = 1024
            Port = 80
    volumes:
        - /etc/docker:/etc/docker:ro
        - /var/run/docker.sock:/var/run/docker.sock

If, like me, you were attempting to bind to port 2377 to be notified when any services on the swarm are started so that your global NGINX is notified, this is not the way it will work. There are a feature request currently in the works to enable this, but there are currently no ways of handling docker swarm (> 1.13) with stacks and services using interlock.

(Someone feel free to correct me).

Polling services is tracked by: #224

[asmi85]

Thanks @jdelamar . i configured docker daemon to run at 2375.

Now i have interlock .yml as

version: "3"

services:

  interlock:
    image: ehazlett/interlock:1.4.2
    command: run -c /etc/interlock/config.toml 
    ports:
      - 8080
    volumes:
      - ./config.toml:/etc/interlock/config.toml
      - nginx:/etc/nginx
volumes:
  nginx:
    external: true

nginx.yml as

version: "3"

services:

  nginx:
    image: nginx:latest
    entrypoint: nginx
    command: -g "daemon off;" -c /etc/nginx/nginx.conf
    ports:
      - 80:80
    labels:
      - "interlock.ext.name=nginx"
    volumes:
      - nginx:/etc/nginx
volumes:
  nginx:
    external: true

and app service

version: "3"

services:
  app:
    image: ehazlett/docker-demo:latest
    hostname: test.local
    ports:
        - 8080
    labels:
        - "interlock.hostname=test"
        - "interlock.domain=local"

I was expecting after i run app service to docker swarm cluster, a nginx config will be created/reload. I dont see that.

On the interlock service logs i see

interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:04:37Z" level=error msg="error: id=d1054f1d05ae37754bedd78ed50d6463be639f9c53a06655290d1c7bd2099b4b err=Error: No such container: d1054f1d05ae37754bedd78ed50d6463be639f9c53a06655290d1c7bd2099b4b" ext=lb 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:04:39Z" level=error msg="unable to find ip or exposed port: {HostIP: HostPort:0}" ext=nginx 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:04:39Z" level=error msg="unable to find ip or exposed port: {HostIP: HostPort:0}" ext=nginx 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:04:40Z" level=info msg="reload duration: 1005.30ms" ext=lb 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:10:53Z" level=error msg="unable to find ip or exposed port: {HostIP: HostPort:0}" ext=nginx 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:10:53Z" level=error msg="unable to find ip or exposed port: {HostIP: HostPort:0}" ext=nginx 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:10:54Z" level=info msg="reload duration: 1005.19ms" ext=lb 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:10:57Z" level=error msg="unable to find ip or exposed port: {HostIP: HostPort:0}" ext=nginx 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:10:57Z" level=error msg="unable to find ip or exposed port: {HostIP: HostPort:0}" ext=nginx 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:10:58Z" level=info msg="reload duration: 1005.30ms" ext=lb 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:11:17Z" level=error msg="error: id=ea5c706afdee6e787a743abac362e547185970cca92cf9331d99983d16d23c57 err=Error: No such container: ea5c706afdee6e787a743abac362e547185970cca92cf9331d99983d16d23c57" ext=lb 
interlock_interlock.1.h8ppx8cz22qn@ip-10-23-84-135    | time="2017-08-07T17:11:19Z" level=error msg="error: id=ea5c706afdee6e787a743abac362e547185970cca92cf9331d99983d16d23c57 err=Error: No such container: ea5c706afdee6e787a743abac362e547185970cca92cf9331d99983d16d23c57" ext=lb 

[jdelamar]

Yeah. I played a bit with the "new" docker swarm and interlock. Got all these issues in pretty much that order :). I know have a working setup, but I tried so many things I am confusing the fixes.

So, in my case, I ended up deploying in one docker-compose.yml file. This is not strictly required, but it makes the handling easier to, well, handle.

Here is my sample docker-compose.yml file:

version: "3"
services:
  interlock:
    image: ehazlett/interlock:1.4.1
    command: -D run  -c /etc/interlock/config.toml
    tty: true
    ports:
        - 8080
    environment:
        INTERLOCK_CONFIG: |
            ListenAddr = ":8080"
            DockerURL = "unix:///var/run/docker.sock"
            [[Extensions]]
            Name = "nginx"
            ConfigPath = "/etc/nginx/nginx.conf"
            PidPath = "/var/run/nginx.pid"
            TemplatePath = ""
            MaxConn = 1024
            Port = 80
    volumes:
        - /etc/docker:/etc/docker:ro
        - /var/run/docker.sock:/var/run/docker.sock
    deploy:
        mode: global
  
  nginx:
    image: nginx:latest
    entrypoint: nginx
    command: -g "daemon off;" -c /etc/nginx/nginx.conf
    ports:
        - 80:80
    labels:
        - "interlock.ext.name=nginx"
    deploy:
      placement:
        constraints:
          - node.role == manager
  
  bobservice:
    image: bob/service:latest
    hostname: bobservice
    ports:
      - 3000:3000
    deploy:
      placement:
        constraints:
          - node.role == manager
    labels:
        - "interlock.hostname=bobservice"
        - "interlock.domain=bobservice.com"
        - "interlock.port=3000"
        - "interlock.network=bobstack_default"

A few things to note:

• If you use more than one node in your docker swarm (say, master and workers), you need to make all the service you want to be discovered on the same host as nginx and interlock. Currently, interlock won't find services deployed in another docker daemon. I tricked it above using a deployment constraint, and it works because I have only one master. But you could use node label as well.
• I had to specify which overlay network to act on. I think this is actually your "Port 0" issue above. I create a stack name "bobstack" when I deploy this service. This in-turns creates an overlay network named "bobstack_default" (you can see it using docker network ls). I needed to tell interlock on which network my services where publishing the ports. For every services, I add interlock.network=<network_name>
• That got me passed the "port 0" issue. Finally, if not using a standard HTTP port (80,443), you need to tell interlock which port to use for the nginx upstream proxy_pass. Use interlock.port=3000 in my example

Then I played with proxy_redirect and stuff, but you don't need it for the demo your are attempting to run. I am assuming that the fix to support docker services will alleviate this setup a bit (it could get all this data from the docker stack + docker services API), but for now, that has been working well for me.

Hope that helps.