I got strange situation with Nginx in the Docker.
I have 3 containers that run as a services in the Docker swarm.
Docker version is: 17.03.1-ce, build c6d412e.
Docker command to run swarm is: docker deploy -c docker-compose.yml synergy
Docker compose file is here: https://raw.githubusercontent.com/sodrian/synergy/master/docker-compose.yml
The strange thing is as follows:
If I use 80 port nginx server directives similar to this ones, everything is ok:
server {
listen 80;
server_name SOME_NAME.com;
location / {
uwsgi_pass synergy_uwsgi:8001;
include uwsgi_params;
}
}
If 443 directives are used I keep getting the error:
server {
listen 443 ssl;
server_name SOME_NAME.com;
ssl_certificate SOME_PATH;
ssl_certificate_key SOME_OTHER_PATH;
location / {
uwsgi_pass synergy_uwsgi:8001;
include uwsgi_params;
}
}
The Nginx error: host not found in upstream "synergy_uwsgi"
I had to write the script
https://raw.githubusercontent.com/sodrian/synergy/master/deploy/nginx/synergy_uwsgi_resolve.sh
and change CMD on nginx container to:
CMD sh /etc/nginx/synergy_uwsgi_resolve.sh && nginx -g "daemon off;"
to make it run.
So the question is: why can nslookup resolve synergy_uwsgi host, but nginx can't?
Related
I'm using 'Oracle Cloud'.
I created a VM(Computer instance) on Oracle Cloud with CentOS 8. And I installed NginX, and it works well when I test it with 'http://mydeal.servername.com'.
To make NginX service with HTTPS, I also installed certbot(Let's Encrypt) and created certificate, using the following command.
sudo certbot --standalone -d mydeal.servername.com certonly
Result files were like below.
Cert : /etc/letsencrypt/live/mydeal.servername.com/fullchain.pem;
Key : /etc/letsencrypt/live/mydeal.servername.com/privkey.pem;
I added http and https to firewall service list like below.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
And I created test index.html like below.
sudo -i
mkdir /var/www
mkdir /var/www/mydeal
echo "MyDeal at Oracle Cloud" > /var/www/mydeal/index.html
And I created https settings, including http redirection, in /etc/nginx/conf.d/my.conf file.
server {
listen 80;
server_name my.servername.com;
location / {
root /var/www/mydeal;
index index.html;
try_files $uri /index.html;
}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydeal.servername.com;
ssl_certificate /etc/letsencrypt/live/mydeal.servername.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydeal.servername.com/privkey.pem;
location / {
root /var/www/mydeal;
index index.html;
try_files $uri /index.html;
}
}
Finally, when I start nginx server with the following command, it works well.
sudo -i
sudo nginx
But, when I start nginx server with the following command, it gives error "500 Internal Server Error" on the browser screen.
sudo systemctl enable nginx
sudo systemctl start nginx
I can not find any differences b/w 2 start procedures.
How I can debug this problem?
My aqueduct server is working on ubuntu 18.04 (http://127.0.0.1:8888). I install nginx from nginx.org. Currently I don't use any block for my aqueduct on nginx. I modified default config such as I add my domain name into it. And separately both my aqueduct server and nginx server is working.
My problem is that how to configure my nginx so I can use reverse proxy option so I don't connect to my aqueduct server directly. Any help please?
PS. I use fake domain and ip to show my config settings.
my nginx config is:
# Default server configuration
# My domain (mobile.niyazitoros.com) ip: 5.5.5.5 // TEST IP
# ------ http://mobile.niyazitoros.com and http://5.5.5.5 is working.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mobile.niyazitoros.com;
# root /var/www/example.com;
# index index.html;
location / {
# My aqueduct server works on 127.0.0.1:8888
proxy_pass http://127.0.0.1:8888/;
}
}
Ok. I found it. to I use default.conf in sites-available and sites-enabled. this was wrong place to modify default.conf. Correct path is modify default.conf in conf.d dir.
1) install nginx
2) run:
nginx -v
(nginx version: nginx/1.15.5)
3) sudo nano /etc/nginx/conf.d/default.conf
server {
listen 80;
listen [::]:80;
error_log /var/log/nginx/your_domain_name.error.log debug;
rewrite_log on;
server_name your_domain_name;
location / {
proxy_pass http://127.0.0.1:8888/;
}
}
4) sudo systemctl reload nginx
5) sudo systemctl restart nginx
6) sudo nginx -t
7) curl http://your_domain_name/
My Nginx is not in docker image. My app is in docker image. They both live on the same server.
I don't want Nginx in a docker image, since it looks awful complex for me to configure. But my app is running in a docker container.
How to configure Nginx to use the docker image which my app is running in?
Here is my Nginx config file:
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.nicolasxu.space nicolasxu.space;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /root/.ssh/nicolasxu.space.cert;
ssl_certificate_key /root/nicolasxu.space.key;
[....]
}
To easily setup nginx (in docker host) as a reverse proxy in front of a dockerized webapp you could just --publish the port of your webapp and route the trafic to this port:
Run your docker container with --publish argument to bind host port with container's webapp port, for instance with a jenkins container I would do:
docker run --publish 127.0.0.1:8080:8080 --name jenkins jenkins
This binds port 8080 of the container to port 80 on localhost's 127.0.0.1 of the host machine (this avoids port 8080 to be opened to anyone if you don't use any firewall). The Docker User Guide explains in detail how to manipulate ports in Docker.
Forward all incoming trafic as a reverse proxy to the local container your port (8080 in my example)
server {
...
listen 443 ssl;
server_name www.nicolasxu.space nicolasxu.space;
...
ssl_certificate ...
location / {
# forward all the trafic to docker container's published port
proxy_pass http://localhost:8080;
}
}
Setting SSL on nginx and routing the trafic as HTTP to dockerized webapp is a good practice and will work like a charm.
Edit
For maximum performances, you can also use :
docker run --network=host ...
When using --network=host, docker will instruct the container to use the hosts networking stack. You won't have to --publish ports on host as it is the same network stack, and web application will be available on it's native port.
I am working with docker containers with reverse proxy for jenkins container and got into this issue.
My nginx custom config is as follow:
upstream jenkins {
server 172.17.0.2:8080;
}
server {
listen 80;
server_name jenkins;
location /jenkins {
proxy_pass http://172.17.0.2:8080;
}
Also, /etc/nginx/nginx.conf doesn't have any default root directory but still when I tried to access http://localhost/jenkins, it is giving me 404 with Problem accessing /jenkins. Reason:Not Found
I checked nginx error logs and it has "/etc/nginx/html/index.html" is not found
Though I have not set any /etc/nginx/html/ config, why it is giving me 404 error?
Can someone clarify my doubt?
ScreenShot
Something like this seems more approriate for the nginx part. If you declare an upstream, use it :
upstream jenkins {
server 172.17.0.2:8080;
}
server {
listen 80;
server_name jenkins;
location /jenkins {
proxy_pass http://jenkins;
}
}
For the docker part, I recommand using port mapping if you can. Because IP of docker containers change, you will have to edit you config file each time you recreate the jenkins container. With something like docker container run -d -p 127.0.0.1:8080:8080 my-jenkins-container-image you can modify your nginx config to something like :
upstream jenkins {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name jenkins;
location /jenkins {
proxy_pass http://jenkins;
}
}
On mywebsite.com, I have running docker container with wordpress.
I started it as
docker run -p 8000:80 --name docker-wordpress-nginx -d
and
docker ps
shows
0.0.0.0:8000->80/tcp
and on my host I have nginx running with
server {
listen 80;
...
server_name mywebsite.com www.mywebsite.com;
...
location / {
proxy_pass http://localhost:8000/;
proxy_set_header Host $host;
}
when i go here
mywebsite.com
It brings wordpress index page of my site, but address in browser is now
mywebsite.com:8000
instead of
mywebsite.com
which I expected.
Everything looks as i wanted except that I always get that port number in address
http://mywebsite.com:8000/2015/08/01/hello-world/
Instead, I wanted
http://mywebsite.com/2015/08/01/hello-world/
i mean, in general, instead of
http://mywebsite.com:8000/some_blog/
i want
http://mywebsite.com/some_blog/
Any ideas?