Hey folks,
having some trouble getting this scenario to work:
I'm running a traefik as reverse proxy in a docker swarm cluster.
Additionally there is a hproxy pair with an virtual service IP, that forwards all traffic on Layer 4 (tcp).
So the SSL termination is done via traefik.
traefik uses a valid wildcard cert like *.sub1.mydomain.com
Im also using an DNS fallback entry for the subdomain that points to the haproxy service IP.
Now I need to run the same stack again on a different location. Unfortunately the migration phase to this new location takes longer than planned and I tried to migrate single services.
Is there a way to filter the requests and forward it to the new location?
The first request for the complete domain will either land on site a or site b. Then all other following request will be forwarding to the same target, like there is some caching happening.
Can you explain again what is going where? Your old site has 1x sub-domain, 1x IP, 2x haproxy, 1x Traefik in Docker Swarm.
Same for new site? Different domain, IP, Swarm?
How do you access new Swarm? H
ow do you see it’s keeping the same target? Are you sure it’s not the browser with request and second request to icon, so next request is on first target again?
Now I tried to find any way to forward the request based on http/https queries. So I could migrate my docker services individually.
I hope this was a bit more detailed, but let me answer to your questions:
Both sites running their own docker swarm cluster. traefik runs as a single instance as docker service in each cluster.
There is an active/passive haproxy cluster with keepalived and a bound service IP per site.
New swarm should be accessed through the old site until the migration phase is done. The I would change the DNS Wildcard entry to point at the haproxy service IP on the new site.
Sorry I don't get it. Do you mean I should remove the http entrypoint in this tcp route+ service configuration to ensure and test if the filtering/forwarding works?
Update:
Forwarding seems to work if I use curl because there is no open session left after the request:
If I try the same in any browser session, first query wins and will decide on which site the request will be forwarded. This includes all other services defined in traefik:
Chrome session:
First query to: whoami-site1.***
Second request to: whoami-site2.***
Another browser or chrome private tab shows the opposite result: