Skip to content

Add Compose CLI ECS documentation for redirecting 443 HTTPS traffic to any container port #14739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add Compose CLI ECS documentation for redirecting 443 HTTPS traffic to any container port #14739

wants to merge 1 commit into from

Conversation

joshuakcockrell
Copy link
Contributor

@joshuakcockrell joshuakcockrell commented May 12, 2022
edited
Loading

What does this extra example show? How to forward HTTPS 443 traffic to a container's port 8080.

At first glance, this may look like a redundant documentation entry. After all, we just showed SSL termination right above this example. We're cluttering the docs! Let me directly address this:

  • This literally took me 3 straight days to figure out how to do. I arrived at a custom 120 line CloudFormation yaml file before I realized I could do it this way.
  • There is not a single mention of the x-aws-protocol flag on this entire documentation page. This adds a very helpful use case.
  • The jump to overriding a network load balancer and learning the x-aws-protocol flag, plus learning the correct x-aws-cloudformation overlay, plus understanding the difference between all the load balancer sub objects (TargetGroup, Listener, LoadBalancer) and knowing which fields to override is non-trivial.
  • Many web frameworks actively discourage running your server on port 80. It requires root user (sudo) permissions to bind to port 80. You could even argue the port 80 example above this one is encouraging bad practices (see this Digital Ocean explanation https://www.digitalocean.com/community/tutorials/how-to-use-pm2-to-setup-a-node-js-production-environment-on-an-ubuntu-vps#give-safe-user-permission-to-use-port-80 ) Users, like me, who understand this and aren't looking to forward to port 80, have no other choice but doing a 3 day deep dive into the abyss of custom CloudFormation overlays.

Further examples that this is non-trivial:

I think forwarding HTTPS traffic to a non-privileged container 443:8080 is a VERY common use case, and well worth the extra example here in the docs.

Proposed changes

Accept this example into the documentation.

Related issues (optional)

docker-archive/compose-cli#693
docker-archive/compose-cli#1472

@joshuakcockrell
Add documentation for redirecting 443 SSL traffic to any container port
c692ed5 
What does this extra example show? How to forward HTTPS 443 traffic to a container's port 8080.

At first glance, this may look like a redundant documentation entry. After all, we just showed SSL termination right above this example. We're cluttering the docs! Let me directly address this:

- This literally took me 3 straight days to figure out how to do. I arrived at a custom 120 line CloudFormation yaml file before I realized I could do it this way.
- There is not a single mention of the `x-aws-protocol` flag on this entire page. This adds a very helpful use case.
- The jump to overriding a network load balancer and learning the `x-aws-protocol` flag, plus learning the correct `x-aws-cloudformation` overlay, plus understanding the difference between all the load balancer sub objects (TargetGroup, Listener, LoadBalancer) and knowing which fields to override is non-trivial. 
- Many web frameworks actively discourage running your server on port 80. It requires root user (sudo) permissions to bind to port 80. You could even argue the port 80 example above this one is encouraging bad practices (see this Digital Ocean explanation https://www.digitalocean.com/community/tutorials/how-to-use-pm2-to-setup-a-node-js-production-environment-on-an-ubuntu-vps#give-safe-user-permission-to-use-port-80 )


I think forwarding HTTPS traffic to a non-privileged container `443:8080` is a VERY common use case, and well worth the extra example here in the docs.
@netlify
Copy link

netlify bot commented May 12, 2022

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit c692ed5
🔍 Latest deploy log https://app.netlify.com/sites/docsdocker/deploys/627d920f772cea00081c92a9
😎 Deploy Preview https://deploy-preview-14739--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@joshuakcockrell joshuakcockrell changed the title Add documentation for redirecting 443 SSL traffic to any container port Add Compose CLI ECS documentation for redirecting 443 HTTPS traffic to any container port May 12, 2022
@thaJeztah thaJeztah requested a review from ndeloof May 12, 2022 23:26
@joshuakcockrell
Copy link
Contributor Author

@ndeloof Do you have any feedback on this PR or things making you hesitant to merge it in?

@joshuakcockrell
Copy link
Contributor Author

Anyone able to provide feedback on this PR?

@henry-hc
Copy link

This is amazingly helpful, and I hope it gets merged in soon.

Quick note, for me I had to change the MyServiceTCP9999Listener to MyService9999Listener for some reason, to avoid getting an Every Resources object must contain a Type member error. Not sure when that gets triggered as my example was almost identical to the example in your PR.

@samskiter
Copy link

This definitely could be explained better and in more detail

@docker-robott
Copy link
Collaborator

Thanks for the pull request. We'd like to make our product docs better, but haven’t been able to review all the suggestions.
As our docs have also diverged, we do not have the bandwidth to review and rebase old pull requests.

If the updates are still relevant, review our contribution guidelines and rebase your pull request against the latest version of the docs, then mark it as fresh with a /remove-lifecycle stale comment.
If not, this pull request will be closed in 30 days. This helps our maintainers focus on the active pull requests.

Prevent pull requests from auto-closing with a /lifecycle frozen comment.

/lifecycle stale

@joshuakcockrell
Copy link
Contributor Author

@thaJeztah Do you have someone else you could assign this PR to? It's now been sitting for 1 year without anyone looking at it. I'm happy to rebase and reopen as the example is incredibly helpful and we're currently using it in production, but I'm just not sure what another year of it sitting would accomplish.

@joshuakcockrell joshuakcockrell mentioned this pull request Apr 25, 2023
Closed
@joshuakcockrell
Copy link
Contributor Author

I finally had some time and rebased and recreated this pull request here: #17178

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ndeloof ndeloof Awaiting requested review from ndeloof

Assignees
No one assigned
Labels
lifecycle/stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@joshuakcockrell @henry-hc @samskiter @docker-robott @craig-osterhout