Table of Contents

About

The compose file references the image docker.internal:5000/mmonit:4.3.1 that does not exist publicly because the image was built using the provided mmonit 4.3.1 Dockerfile.

Tips

If you are looking to reverse-proxy m/monit, which is more than likely given a docker setup, note that for some reason m/monit forcibly redirects to its configured port when answering requests. By default conf/server.xml contains:

<Connector address="*" port="8080" processors="25" />

such that when m/monit responds, it will add the port to the hostname and accessing the instance that way will not work because the port that m/monit will respond with will be the port local to the docker container port and not even the mapped port.

Graphically, here is a request sent through the stack from a browser:

+----------+      +-------+            +--------+      +---------+
|  browser |      | caddy |            | docker |       | m/monit |
+----+-----+      +---+---+            +----+---+       +----+----+
     |                |                     |                |
     |  mmonit.tld    |                     |                |
     +--------------->|                     |                |
     |                |  mmonit.tld:10000   |                | 
     |                +-------------------->|                |
     |                                      | monit.tld:8080 |
     |                                      +--------------->|
     |                                                       |
     |                     monit.tld:8080                    |
     |<------------------------------------------------------+                 
                                            

the problem is that m/monit does not answer out of the same port but out of the port configured in conf/server.xml and then the response goes directly to the browser without being rewritten by any other components within the stack (docker or caddy).

In order to avoid this mess, configure m/monit via conf/server.xml to just listen and respond on port 443 (assuming you have SSL setup for your reverse proxy):

<Connector address="*" port="8080" processors="25" />

and then just map any port, say, 10000 on the outside of the container to the 443 port when running the container.

Assuming that SSL is setup such that an omission of the port represents the HTTPs port 443, here is the graphical overview of what will take place:

+----------+      +-------+            +--------+       +---------+
|  browser |      | caddy |            | docker |       | m/monit |
+----+-----+      +---+---+            +----+---+       +----+----+
     |                |                     |                |
     |  mmonit.tld    |                     |                |
     +--------------->|                     |                |
     |                |  mmonit.tld:10000   |                | 
     |                +-------------------->|                |
     |                                      |    monit.tld   |
     |                                      +--------------->|
     |                                                       |
     |                     monit.tld                         |
     |<------------------------------------------------------+                 
                                            

By setting the m/monit port to 443 the loop is closed such that the browser receives a response from port 443 albeit without rewriting from the rest of the stack.

Source

version: '3.8'
services:
  mmonit:
    image: docker.internal:5000/mmonit:4.3.1
    ports:
      - 10000:443
    volumes:
      - /mnt/docker/data/mmonit:/data
    deploy:
      labels:
        - shepherd.enable=true
        - shepherd.auth.config=local
      replicas: 1
      placement:
        max_replicas_per_node: 1
      resources:
        limits:
          cpus: "0.50"
          memory: 200M