I have application with a couple of running on docker containers (nginx, db, php, ..) connected together with docker-compose. Now i want to use jenkins to build this app on production. Im am not sure how to connect jenkins container with nginx and limit it only to localhost.
nginx.conf
upstream jenkins {
server jenkins:8080;
}
sites-enabled/default.conf
server {
listen 80;
server_name jenkins.example.com;
location / {
proxy_pass http://jenkins;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
jenkins Dockerfile
FROM jenkins
ENV JENKINS_OPTS --httpListenAddress=172.17.0.1
docker-compose.yml
jenkins:
ports:
- "8080:8080"
nginx:
links:
- jenkins
ports:
- "80:80"
...
I get 502 error. When i change --httpListenAddress to 0.0.0.0 it works but then is not limited only to localhost. 172.17.0.1 is the docker gateway.
Remove the ports entry from jenkins. The ports entry is only needed to expose the port of the docker container to the localhost.
To expose the port to another docker container, linking them is sufficient. In your nginx links: you have already mentioned jenkins. Hence you don't need to have the ports entry in your jenkins.
...
jenkins:
...
nginx:
links:
- jenkins
ports:
- "80:80"
...
Try use it
jenkins:
ports:
- "127.0.0.1:8080:8080"
nginx:
links:
- jenkins
ports:
- "80:80"
Related
Trying to dockerise all of my WordPress instances as I now have multiple sites on the same server, and want transfers to go smoothly etc!
I'm running a WordPress and MariaDB instance in Docker on an Ubuntu Server VM inside VirtualBox on a Windows 10 machine. Then installed on the bare Ubuntu Server VM (not a Docker container), is an instance of Nginx. I want my Nginx instance to forward requests from "https://test.domain.com/", to http://127.0.0.1:8181/ (the Wordpress Docker instance).
I can access the install page for the Wordpress instance via 192.168.0.30:8181, so the webserver is running, however test.domain.com gives a 502 error. I'm thinking I need to trust the proxy from within Wordpress? Unsure of how to do that though.
No online article seems to be able to help 😔
Thanks in advance!
docker-compose.yml:
services:
wordpress:
image: wordpress
links:
- mariadb:mysql
environment:
- WORDPRESS_DB_PASSWORD=REDACTED
- WORDPRESS_DB_USER=REDACTED
ports:
- "192.168.0.30:8181:80"
volumes:
- ./html:/var/www/html
mariadb:
image: mariadb
environment:
- MYSQL_ROOT_PASSWORD=REDACTED
- MYSQL_DATABASE=wordpress
volumes:
- ./database:/var/lib/mysql
Nginx Config:
server {
listen 8080;
server_name test.REDACTED.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name test.REDACTED.com;
location / {
proxy_pass http://127.0.0.1:8181;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
# SSL parameters
ssl_certificate /etc/ssl/www.REDACTED.com.crt;
ssl_certificate_key /etc/ssl/www.REDACTED.com.key;
# log files
access_log /var/log/nginx/test.REDACTED.com.access.log;
error_log /var/log/nginx/test.REDACTED.com.error.log;
}
I am trying to run a service called Grafana behind Nginx webserver,where both services are being run in a docker-compose file.
docker-compose.yml:
version: '3.1'
services:
nginx:
image: nginx
ports: ['443:443',"80:80"]
restart: always
volumes:
- ./etc/nginx.conf:/etc/nginx/nginx.conf:ro
- /home/ec2-user/certs:/etc/ssl
grafana:
image: grafana/grafana
restart: always
ports: ["3000:3000"]
nginx.conf:
events {
worker_connections 1024;
}
http {
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
server {
listen 443 ssl;
server_tokens off;
location /grafana/ {
rewrite /grafana/(.*) /$1 break;
proxy_pass http://127.0.0.1:3000/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_bind $server_addr;
}
}
}
The grafana service is running on port 3000.
My goal is to access this nginx server from outside, (lets assume its public ip address is: 1.1.1.1) on the address https://1.1.1.1/grafana. With the current configuration i get 502 Bad Gateway and the error on nginx side:
(111: Connection refused) while connecting to upstream, client: <<my-public-ip-here>>,
Your containers are running on two separate IP addresses in the docker network, usually 172.17.. by default.
By using a proxy pass like this in the nginx container:
proxy_pass http://127.0.0.1:3000/
You are essentially telling it to look for a process on port 3000 local to itself, because of the 127.0.0.1 right?
You need to point it in the direction of the Grafana container, try doing:
docker inspect <grafana ID> | grep IPAddress
Then set the proxy pass to that IP:
proxy_pass http://172.0.0.?:3000/
I've solved the same issue using something like #james suggested:
docker inspect <your inaccessible container is> | grep Gateway
Then use this IP address:
proxy_pass http://172.xx.0.1:3000/
I'm trying to setup Nexus 3 behind Nginx reverse proxy. Nexus and Nginx are in docker containers launched with docker-compose on a Centos 7.3 host. All docker images are the latest available.
Nexus listen on default port 8081 into its container. This port is exposed as 18081 on the docker host. Nexus is configured to be in /nexus web context.
Nginx listen on port 80 into its container which is also exposed on the docker host.
I just want to access the Nexus Repository Manager in a local Firefox with the address "localhost/nexus"
Here is the configuration:
docker-compose.yml:
version: '2'
networks:
picnetwork:
driver: bridge
services:
nginx:
image: nginx:latest
restart: always
hostname: nginx
ports:
- "80:80"
networks:
- picnetwork
volumes:
- /opt/cip/nginx:/etc/nginx/conf.d
depends_on:
- nexus
nexus:
image: sonatype/nexus3:latest
restart: always
hostname: nexus
ports:
- "18081:8081"
networks:
- picnetwork
volumes:
- /opt/cip/nexus:/nexus-data
environment:
- NEXUS_CONTEXT=nexus
Nginx default.conf (/opt/cip/nginx/default.conf in docker host which is /etc/nginx/conf.d/default.conf in Nginx container) :
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
tcp_nodelay on;
server {
listen 80;
server_name localhost;
client_max_body_size 1G;
location /nexus {
proxy_pass http://nexus:8081/nexus/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
The strange thing is that when web context is / (location /, proxy_pass without /nexux, NEXUS_CONTEXT=) it works fine, when the web context is /nexus (as configuration shown here) POST requests return "400 HTTP methop POST is not supported by this URL". But if I use "localhost:18081/nexus" in the second case it works fine.
Is that a Nexus bug, a Nginx bug, or am I missing something ?
I setup docker project using Flask, gunicorn, NGINX and Docker, which works fine if I didn't add SERVER_NAME in Flask's setting.py.
The current config is :
gunicorn
gunicorn -b 0.0.0.0:5000
docker-compose.yml
services:
application:
#restart: always
build: .
expose:
- "5000"
ports:
- "5000:5000"
volumes:
- .:/code
links:
- db
nginx:
restart: always
build: ./nginx
links:
- application
expose:
- 8080
ports:
- "8880:8080"
NGINX .conf
server {
listen 8080;
server_name application;
charset utf-8;
location / {
proxy_pass http://application:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Then I set the SERVER_NAME in Flask's setting.py
SERVER_NAME = '0.0.0.0:5000'
When I enter url 0.0.0.0:8880 to my browser, I get response 404 from nginx. What should be properly SERVER_NAME in Flask's setting.py ?
Thanks in advance.
Finally find the solution,
I have to specific port for proxy_set_header
proxy_set_header Host $host:5000;
It doesn't make sense to set an IP for SERVER_NAME. SERVER_NAME will redirect the requests to that hostname, and is useful for setting subdomains and also supporting URL generation with an application context (for instance lets say you have a background thread which needs to generate URLs but has no request context).
SERVER_NAME should match your domain where the application is deployed.
I have been following a tutorial on how to make a load balanced application using docker-compose and nginx. However, my load balancer/coordinator doesn't work - what I am trying to do is have nginx accept requests and split them between three workers, and I want nginx and the three workers to be running in separate docker containers, but I get the following error. My compilerwebservice_worker does work correctly, and I can see all three in docker ps, and I can ping them with wget on the localhost post they are listening to.
The error message
$ docker-compose up
Starting compilerwebservice_worker1_1
Starting compilerwebservice_worker3_1
Starting compilerwebservice_worker2_1
Starting compilerwebservice_nginx_1
Attaching to compilerwebservice_worker1_1, compilerwebservice_worker3_1, compilerwebservice_worker2_1, compilerwebservice_nginx_1
nginx_1 | 2016/09/06 07:17:47 [emerg] 1#1: host not found in upstream "compiler-web-service" in /etc/nginx/nginx.conf:14
nginx_1 | nginx: [emerg] host not found in upstream "compiler-web-service" in /etc/nginx/nginx.conf:14
compilerwebservice_nginx_1 exited with code 1
NGINX Config
http {
upstream compiler {
least_conn;
server worker1:4567;
server worker2:4567;
server worker3:4567;
}
server {
listen 4567;
location / {
proxy_pass http://compiler;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
My Docker-compose file
nginx:
build: ./src/main/nginx
links:
- worker2:worker2
- worker3:worker3
- worker1:worker1
ports:
- "4567:4567"
worker1:
build: .
ports:
- "4567"
worker2:
build: .
ports:
- "4567"
worker3:
build: .
ports:
- "4567"
NGINX Docker file
# Set nginx base image
FROM nginx
# Copy custom configuration file from the current directory
COPY nginx.conf /etc/nginx/nginx.conf
In the below demo there are 2 express app running with port 1111 and 2222 in localhost, on calling http://localhost:8080 it should automatically choose any one of the port 1111 or 2222. here nginx uses round robin
index.js file
const express = require('express');
const app = express();
const appId = process.env.APPID;
const PORTNUMBER = appId;
app.get('/', (req, res) => {
res.send({
message: `Welcome to ${appId} home page running on port ${appId}`
});
});
app.listen(PORTNUMBER, () => {
console.log(`APP STARTED ON PORT ${appId} for APP id ${appId}`);
})
express app docker file
FROM node:12.13.0-alpine
WORKDIR /EXPRESSAPP
COPY ./API/package.json /EXPRESSAPP
RUN npm install
COPY ./API/. /EXPRESSAPP
CMD ["npm", "start"]
nginx file
http {
upstream backend {
server 127.0.0.1:1111;
server 127.0.0.1:2222;
}
server {
listen 8080 default_server;
listen [::]:8080 default_server;
# listen [::]:8080 default_server ipv6only=on;
server_name localhost;
proxy_read_timeout 5m;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass http://backend;
}
}
}
nginx dockercompose file
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf
docker-compose.yml file
version: '3'
services:
myapp1:
restart: always
container_name: myapp1
build: ./APICONTAINER
environment:
- APPID=1111
ports:
- "1111:1111"
network_mode: host
myapp2:
restart: always
container_name: myapp2
build: ./APICONTAINER
environment:
- APPID=2222
ports:
- "2222:2222"
network_mode: host
myproxy:
container_name: myproxy
build: ./NGINXCONTAINER
ports:
- "127.0.0.1:8080:8080"
depends_on:
- myapp1
- myapp2
network_mode: host
to spin up the containers use the below command
sudo docker-compose down && sudo docker-compose up --build --force-recreate
go to below link to see the round robin nginx load balancer
http://localhost:8080
reference github link to get the full code
I needed to rebuild with docker-compose build between configuration changes. As I changed the name of the app, the error message indicated a server, whose name was the original one that I selected instead of the one I kept changing.