Im trying to set up NGINX within a Docker container so that it will perform SSL termination for traffic going to another container (tcp443 -> tcp3001).
However Im getting a 502 Bad Gateway from NGINX with the following error in the NGINX logs:
connect() failed (111: Connection refused) while connecting to upstream
Containers
The following containers are running:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3b640f25af44 nginx "nginx -g 'daemon ..." 3 seconds ago Up 2 seconds 80/tcp, 0.0.0.0:443->443/tcp hopeful_swartz f7b13bf2bdcd ghost "docker-entrypoint..." 21 hours ago Up 21 hours 127.0.0.1:3001->2368/tcp zen_carson
Port 3001 Test
I can reach the backend server (container) on port 3001.
root@linode-server:~# curl -IL http://127.0.0.1:3001 HTTP/1.1 302 Found X-Powered-By: Express Location: /private/ Vary: Accept, Accept-Encoding Content-Type: text/plain; charset=utf-8 Content-Length: 31 Date: Sat, 07 Apr 2018 19:25:02 GMT Connection: keep-alive HTTP/1.1 200 OK X-Powered-By: Express Cache-Control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0 Content-Type: text/html; charset=utf-8 Content-Length: 2655 ETag: W/"a5f-wAxdmCnbgI8/PCwspg8GKWyhtRw" Vary: Accept-Encoding Date: Sat, 07 Apr 2018 19:25:02 GMT Connection: keep-alive
NGINX Config
worker_processes 5; events { worker_connections 1024; } http { server { listen 443 ssl; ssl_certificate /etc/nginx/packetflow.crt; ssl_certificate_key /etc/nginx/packetflow.key; location / { proxy_pass http://127.0.0.1:3001; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host linode.packetflow.co.uk; } } }
4 Answers
Answers 1
You have basic issue of reachability. When you have below in your Nginx Config
proxy_pass http://127.0.0.1:3001;
Your are saying that within the same nginx container another service is running at port 3001
. But the service is running in another container.
Next looking at your docker ps
output
f7b13bf2bdcd ghost "docker-entrypoint..." 21 hours ago Up 21 hours 127.0.0.1:3001->2368/tcp zen_carson
The port inside the container is 2368
and not 3001
. Now comes the part of launching the container so you know its address
If you are you launching your docker container through command line then you will launch the container like below
docker run -d --name ghost ghost
Then in your nginx config you will use
proxy_pass http://ghost:2368;
The better way is to actually through docker-compose
. So you will create docker-compose.yml
file
version: 3 services: ghost build: ghost image: ghost web: build: web image: web ports: - 443:443
You should look at below link
Answers 2
If nginx configuration is in docker container , how you are able to proxy to other docker using 127.0.0.1:3001 (which is host machine port). Actually your bind to 127.0.0.1:3001 is to host machine.
Are you trying to curl from host machine and nginx config is in docker.
For a quick fix please use 172.17.0.1:3001 instead of 127.0.0.1:3001 . It will work if you didn't change anything in docker network adapter.
Answers 3
The simplest solution can be to move the nginx to the base machine (install it and run in a daemon). The loadbalancing between images happens on the host and only the application runs in docker.
Other solution can be creating hostname for the node image to reach it from the other images. This way you have to install docker-compose or create a script that runs the docker images with a specific name.
Answers 4
this line proxy_pass http://127.0.0.1:3001
in your NGINX Config is wrong, zen_carson
doesn't works on your Nginx container localhost!they are works on different hosts!
if you want to access to zen_carson
container from hopeful_swartz
, first and simplest way is to use linking between containers, and use link alias instead of localhost IP!
0 comments:
Post a Comment