Message Image  

IBM App Connect Professional: Docker containers and network configuration

 View Only
Thu July 09, 2020 09:01 AM

Published on December 13, 2018 / Updated on December 17, 2018

The first article IBM App Connect Professional: Docker introduction explains how to launch IBM App Connect Professional as a Docker container. This article explains about the various available options to configure the network and ports that are used with App Connect Professional.

When App Connect Professional is launched as a container, it uses the following ports internally:

  • Port 8443 to access the Web Management Console
  • Port 9443 to configure a secure connector (for when the container is running in the cloud and needs to connect to endpoints behind a firewall)
  • Any other ports like 80 or 443 or specific ports that you need to expose ReST/SOAP API by developing orchestrations

A Docker container can be configured to use any of the built-in Docker networks like a bridge network, host network, or overlay network. Users can also create custom networks to use with containers. For more details about networking in Docker, refer to the Docker documentation.

  • In a bridge network, the container ports need to be mapped to the host ports. This way you have control to expose which port is used for which specific network interface so that the Web Management Console can be accessed only when in a private network.
  • In a bridge network, multiple App Connect Professional containers can be run on the same network interface of the host machine by using a different host port while mapping.
  • In a host network, the container’s ports will be available directly on the host machine.
  • In a host network, only one Docker container can be run in one network interface.

We will use the following details as an example in all commands while configuring and launching the container:

  • The host machine has 3 network interfaces with IP addresses 9.182.245.37, 10.45.73.120, and 11.120.23.175 (default network interface).
  • The ports that the container is using are 8443 (Web Management Console), 9443 (while using a secure connector), and 443 (a data port for all APIs exposed by developing orchestrations). If a secure connector is not being used, there’s no need to map the secure connector port.

Below are the various options for how we can configure App Connect Professional to restrict and control IP addresses and ports while using as a Docker container.

  • Use a bridge network and expose App Connect Professional ports to all network interfaces
    • When using a bridge network, the ports that are used in the container need to be mapped to the ports on the host machine while launching the Docker container.
    • By default, these mapped ports can be accessed on all the network interfaces available on the host machine.
    • If using the default bridge network, run the following command:
      docker run -dit -p 18443:8443 -p 19443:9443 -p 443:443 DOCKER_IMAGE_ID
    • If using a custom bridge network, run the following command:
      docker network create --driver bridge mycustom-bridge-net
      docker run -dit --network mycustom-bridge-net -p 18443:8443 -p 19443:9443 -p 443:443 DOCKER_IMAGE_ID
    • When the container is launched, you can use any of following URLs to access the container:
      For the Web Management Console: https://9.182.245.37:18443, https://10.45.73.120:18443, or https://11.120.23.175:18443
      For APIs: https://9.182.245.37:443/api1, https://10.45.73.120:443/api1, or https://11.120.23.175:443/api1
      When configuring a secure connector, edit the configuration file to use any of the three IP addresses and a port number of 19443.
  • Use a bridge network and expose App Connect Professional ports to a specific network interface
    • When using a bridge network, the ports that are used in the container need to be mapped to the ports on the host machine while launching the Docker container.
    • Mention the IP address along with the port number so that the container is accessible from only the specified network interface. This way, we can expose the container ports for just one IP address.
    • If using the default bridge network, run the following command:
      docker run -dit -p 10.45.73.120:18443:8443 -p 10.45.73.120:19443:9443 -p 10.45.73.120:443:443 DOCKER_IMAGE_ID
    • If using a custom bridge network, run the following command:
      docker network create --driver bridge mycustom-bridge-net
      docker run -dit --network mycustom-bridge-net -p 10.45.73.120:18443:8443 -p 10.45.73.120:19443:9443 -p 10.45.73.120:443:443 DOCKER_IMAGE_ID
    • When the container is launched, you can use the following URLs to access the container:
      For WMC: https://10.45.73.120:18443
      For APIs: https://10.45.73.120:443/api1
      When configuring a secure connector, edit the configuration file to use 10.45.73.120 as the IP address and a port number of 19443.
  • Use a bridge network and expose a management port (Web Management Console) and data port (APIs) to specific network interfaces
    • When using a bridge network, the ports that are used in the container need to be mapped to the ports on the host machine while launching the Docker container.
    • Mention a specific IP address and port number to use for the Web Management Console and a specific IP address and port number to use for the APIs. This way, we can expose the data IP address to a wider set of people and restrict access to the Web Management Console to a specific internal network interface. In this example, assume that 9.182.245.37 is a private network and 11.120.23.175 is a public network.
    • The IP address that is mapped to a secure connector port must be accessible from the machine on which the secure connector is running. Based on that, we can use a private or a public IP address.
    • If using the default bridge network, run the following command:
      docker run -dit -p 9.182.245.37:18443:8443 -p 11.120.23.175:19443:9443 -p 11.120.23.175:443:443 DOCKER_IMAGE_ID
    • If using a custom bridge network, run the following command:
      docker network create --driver bridge mycustom-bridge-net
      docker run -dit --network mycustom-bridge-net -p 9.182.245.37:18443:8443 -p 11.120.23.175:19443:9443 -p 11.120.23.175:443:443 DOCKER_IMAGE_ID
    • When the container is launched, you can use the following URLs to access the container:
      For the Web Management Console, using only a private network: https://9.182.245.37:18443
      For APIs: https://11.120.23.175:443/api1
      When configuring a secure connector, edit the configuration file to use 11.120.23.175 as the IP address and a port number of 19443.
  • Use a host network and expose App Connect Professional ports to a default network interface
    • When using a host network, the ports that are used in the container are directly accessible from the host machine.
    • By default, the default network interface IP address is used to access the container. In this example, the IP address is 11.120.23.175.
    • The following command launches the container by using a host network:
      docker run -dit --network host DOCKER_IMAGE_ID
    • When the container is launched, you can use the following URLs to access the container:
      For WMC: https://11.120.23.175:8443
      For APIs: https://11.120.23.175:443/api1
      When configuring a secure connector, edit the configuration file to use IP address 11.120.23.175 and a port number of 9443.
  • Use a host network and expose App Connect Professional ports to a specific network interface
    • When using a host network, the ports that are used in the container are directly accessible from the host machine.
    • We pass a specific network interface name as input to the container, and the container uses the IP address of that interface. In this example, the IP address 10.45.73.120 is for the networkInterfaceName that we are using.
    • The following command launches the container by using a host network:
      docker run -dit --network host -e interface1=networkInterfaceName DOCKER_IMAGE_ID
    • When the container is launched, you can use the following URLs to access the container:
      For WMC: https://10.45.73.120:8443
      For APIs: https://10.45.73.120:443/api1
      When configuring a secure connector, edit the configuration file to use the IP address 10.45.73.120 and a port number of 9443.
  • Use a host network and expose App Connect Professional management and data ports to specific network interfaces
    • When using a host network, the ports that are used in the container are directly accessible from the host machine.
    • We pass 2 network interface names as input to the container, and the container uses the IP addresses of these network interfaces. The value that’s passed for interface 1 is for the management IP address, and the value that’s passed for interface 2 is the data IP address. In this example, the IP address 10.45.73.120 is for the networkInterfaceName1, and IP address 9.182.245.37 is for networkInterfaceName2.
    • The following command launches the container by using a host network:
      docker run -dit --network host -e interface1=networkInterfaceName1 -e interface2=networkInterfaceName2 DOCKER_IMAGE_ID
    • When the container is launched, you can use the following URLs to access the container:
      For WMC: https://10.45.73.120:8443
      For APIs: https://9.182.245.37:443/api1
      When configuring a secure connector, edit the configuration file to use the IP address 9.182.245.37 and a port number of 9443.
  • Use an overlay network to run multiple replicas and distribute load
    • For more information, refer to “Scaling an API running in App Connect Professional using Docker swarm service”.

This article is written by testing with App Connect Professional version 7.5.3 latest build and using Docker version 18.09.0.



#AppConnectProfessional(ACP)
#Docker