akka cluster nodes behind NAT (using docker)

StackOverflow https://stackoverflow.com/questions/21242158

  •  30-09-2022
  •  | 
  •  

Pergunta

Is it possible to run akka nodes behind NAT (each node is behind separate nat, public port is DNAT'ed to private)? Currently I'm trying to deploy akka nodes in docker container. Docker is Natting public port to instance private port, problem is that akka node's address is created from akka.remote.netty.tcp.hostname, but in natted environment it differs from public facing hostname. message coming from public interface are rejected cause akka is bound to private ip. Is it possible to change akka nodes address not respecting akka.remote.netty.tcp.hostname, lets say current nodes address is akka.tcp://ClusterSystem@172.16.10.5:2551, where 172.16.10.5 is akka.remote.netty.tcp.hostname, but I want to change it to akka.tcp://ClusterSystem@10.2.0.222:2551, where 10.2.0.222 is public accessible address, but akka still should be listening on 172.16.10.5:2551.

Foi útil?

Solução

Maybe you can instruct Akka or Netty to bind on a specific address and port, but announce itself on a different one. I don't understand Akka or Netty well enough to know if it's possible.

Otherwise, there are three things that you can try:

  • check if they can announce a given IP address (the one of the host), but still bind to 0.0.0.0, and then do "identity port-binding", i.e. docker run -p 1234:1234 … which will expose port 1234 outside the container to port 1234 inside the container (thus mitigating the NAT a little bit);
  • deploy the cluster on a single Docker host, and use internal IP addresses — you won't be able to scale out to multiple machines, but to validate distributed code between deploying it to a larger system, that can help already;
  • use Pipework, which lets you add extra interfaces to containers, and bridge multiple containers (on multiple hosts) together on a single network. Pipework is not officially supported by Docker, but many people found it very useful for similar scenarios.

Outras dicas

Yes, it's possible - you need to configure the bind-host and bind-port for remoting in addition to the usual host and port.

How to configure Akka behind NAT from the Akka docs.

Native support for this is out since Akka 2.4.x; and 2.3.11 for Typesafe subscription customers.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top