I usually do not expand this much on posts around here, but I'm sitting in the airport waiting for a delayed flight, so what the hell...Thanks, your diagram/screenshot actually helped me understand it quite a bit but I do think I need to read more into how Velocity works in order to understand it. My bad if I worded my question poorly, still new to all of this (hence why I put this in Beginners category).
Note: to those that are familiar with docker, you will see that are certain things in this diagram that are "mistakes". I am aware of that. It was just thrown together for illustration purposes and will do that job just fine.
It's not that your question was poorly worded at all. It just gave me the impression that you don't quite understand or know much about how containers/docker works.
in that diagram, anything inside that docker0 box is isolated from outside. What can make things more complicated is that you can have several isolated stacks and network in there too. To the beginner, it can be quite frustrating to troubleshoot things if when you set it up things don't work and you don't know what's going on.
Bellow are some possible scenarios for how things can be setup in Docker (not necessarily yours). Each arrow indicates a possible direct network connection.
Among other things docker behaves like a router. And docker acts as a firewall to containers and stacks running in docker.
Red boxes are stacks. Stacks have their own internal network address space. Stacks also act as firewall to stuff running in them. Red boxes internal address spaces can have the same address ranges or different ones. Even when they overlap, it does not matter because containers inside each red box cannot directly talk to containers outside of the red box, UNLESS you go through the trouble of creating extra networks and setup static routes.
So by default, App 5 cannot talk directly to App 3, though you can certainly make it happen. You probably would not want to do that, you'd have App 5 talk to Proxy 1 and it do the talking to App 3.
Though you can do what the green arrow shows, you would not want to do that. You'd setup proxy/app to go through Proxy 1. But it is fine for the orange arrow. Though you can, you'd avoid App 7 talking to App 6. App 6 is in stack with a proxy, and App 6 is in that stack for a reason, so you'd want to go through the proxy.
The purple arrow is possible with extra manual docker networks and routing. Even containers in each app can talk to each other directly via it's internal network. You could have App 3 talk to App 2 via Proxy 1 or even via App 2's external port. But you should not do that. App 2 and App 3 are in the same network, so App 3 talks directly to App 2's internal port.
Notice how App 3 has not external port. Only App 1 and App 2 can talk to it, nothing else.
Also notice the bottom red box. Proxy 2 and App 5 are in the same stack's internal network. Proxy 2 can talk to App 5's internal port because they are in the same network. But no app outside that stack can connect to App 5, except through Proxy 2. Meanwhile, App 7 can talk directly to App 6, because App 6 has an external port.
Notice that Proxy 1 and Proxy 2 are both on port 80. That cannot be done. Proxy 1 is in the docker network, but so is the bottom's stack, and you cannot have the same port open for 2 different things. Proxy 2's external port is basically the stack's port. Technically you CAN do this, but you'll have to jump through hoops, so you want to avoid it.
But that's a pretty exceptional case and you will probably not encounter that out there.
The following 2 diagrams are possible for your setup. The top one being preferable if velocity can run as a container.
The top one makes it possible for your internal clients to connect directly to one of the mine craft engines if you what you wanted was to test that one container for example. While if you connected to the proxy it would just send you to whichever based on the proxy's rules. But you do NOT need to setup those containers with external ports, and that is usually preferable, to just let the proxy do it's thing.
The bottom one where the proxy is not in docker, you MUST setup each container with an external port.
EDIT: I made a mistake in the bottom diagram and I no longer have the file I used for this screen shot. The velocity box in the bottom diagram should be inside the Pi box, but outside of the docker box.
Now I keep saying proxy, but my guess it that velocity is probably doing load balancing. I do not really know. I did not read about what velocity does. So just really a guess.
Also ports X and Y could be the same port number. It's just a good practice to have ports outside your network firewall to use different ports from what it really is used for. If you open port 80 every hacker out there will try to attack it as if it were a web server. If instead you run that to redirect to some app that does something totally different a web server, theoretically, it just makes it more difficult to be hacked through that port as the hackers would need to try all the common things in that port before having to guess what it could actually be and how to hack it. But internally, if you wish to do so, you can just run velocity in it's default ports. The containers in the stack though will have to have different external ports if you wish to expose those. They can all use the same internal port, but the external ones must be unique withing the stack.
Anyway, if you go to the Velocity support site/forums, they probably have a docker compose file you can use with minor adjustments and get it going rather quickly.
Good luck.
Statistics: Posted by memjr — Fri Aug 23, 2024 4:41 pm