Running Sitecore in Docker Containers within an Enterprise Environment — VPN Follow Up

Photo by Dan Nelson on Unsplash

As per my previous blog post, my laptop also comes with Global Protect by Palo Alto Networks as the company’s chosen VPN solution. VPN adds another layer of challenge when working with Docker containers, especially on a slightly complicated setup like Sitecore, where a network is required for all the containers to communicate with each other.

Disclaimer

VPN is always challenging, and there is no one single solution to fix the issue I experience when running Sitecore in Docker containers in a laptop. Each and every single VPN setup is unique. The following solution is what has worked for me.

Networking in Docker Compose

By default, Docker Compose sets up a single network for the application. Each container for a service joins the default network and is both reachable by other containers within the network, and also discoverable by using the hostname identical to the container service name.

Networking in Compose

It looks for IP address range in the host machines that are not in conflict, and automatically sets itself up. The main issue when using a VPN, is that a lot of VPN clients just reroutes all the traffic through the VPN tunnel.

One possible way, and seems like a fantastic working solution, is to manually define the network and its address range within docker-compose . Unfortunately, this can be a painful process, where static IP addresses, along with potential extensive networking properties, may be required for each service. This is hardly portable, and does not allow for scaling easily (e.g. sometimes I run 2 instances of Content Delivery for testing purposes to ensure no sticky sessions are required), as network properties need to be hard coded.

Another approach, is to reconfigure the routing options with VPN. This seems to be a painful process, and a dedicated Networking / Security / VPN guru is needed from the organisation, who is willing to work with this tricky setup.

Docker Engine: Windows vs Linux

There is also a lot of differences between Docker Daemon configuration support for Windows and Linux. The networking feature set on Windows containers, is nowhere near as feature rich compare to Linux.

This is the reason why a lot of Stackoverflow answers tend to have examples for Linux containers only.

Lucky Workaround — For Me At Least

I have managed to find a workaround, that works nicely for my setup.

1. Disconnect VPN
2. docker-compose up -d
3. Reconnect VPN

That is right, it is as simple as that for me.

I hope you are as lucky as me, and that this workaround works for you.