Trying to use docker to setup a bunch of apps behind a proxy using the nginx maps option for ease of configuration with a large number of backend applications.
The trouble I'm running into is the container won't resolve the addresses that I've given it with links.
I've tried using dnsmasq but that was troublesome, and didn't give me a working resolution.
Any suggestions?
nginx.conf:
events {
worker_connections 1024;
}
http {
map $hostname $destination {
hostnames;
default host1:81;
host1.test.local host1:81;
host2.test.local host2:82;
host3.test.local host3:83;
}
server {
location / {
proxy_pass http://$destination/;
}
}
}
docker-compose.yml:
webproxy:
build: nginx:latest
ports:
- "80:80"
volumes:
- nginx.conf:/etc/nginx/nginx.conf
links:
- "host1:host1"
- "host2:host2"
- "host3:host3"
host1:
image: nginx:latest
ports:
- "81:80"
volumes:
- host1/index.html:/usr/share/nginx/html/index.html
host2:
image: nginx:latest
ports:
- "82:80"
volumes:
- host2/index.html:/usr/share/nginx/html/index.html
host3:
image: nginx:latest
ports:
- "83:80"
volumes:
- host3/index.html:/usr/share/nginx/html/index.html
Error I constantly get:
webproxy_1 | 2015/07/14 16:44:11 [error] 5#0: *1 no resolver defined to resolve host1, client: 10.0.2.2, server: , request: "GET / HTTP/1.1", host: "host2.test.local:8281"
webproxy_1 | 10.0.2.2 - - [14/Jul/2015:16:44:11 +0000] "GET / HTTP/1.1" 502 181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0"
Related
I am following rewrite-target guide from https://kubernetes.github.io/ingress-nginx/examples/rewrite/.
But it doesn't work as I expected
Here is my ingress.
kind: Ingress
metadata:
name: ingress-resource
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
spec:
rules:
- host: "test.gamedrive.cc"
http:
paths:
- path: /player-gateway(/|$)(.*)
pathType: Prefix
backend:
service:
name: player-gateway
port:
number: 80
If make a request to /player-gateway/health/startup
it should rewritten to /health/startup.
But rewritten data from Nginx is data: "/" and got 404 error code. Here is the log from Nginx
2021/11/07 06:58:03 [notice] 312#312: 26100
"(?i)/player-gateway(/|$)(.)" matches
"/player-gateway/health/startup", client: 113.53.150.16, server:
test.gamedrive.cc, request: "GET /player-gateway/health/startup
HTTP/1.1", host: "test.gamedrive.cc" 2021/11/07 06:58:03 [notice]
312#312: *26100 rewritten data: "/", args: "", client: 113.53.150.16,
server: test.gamedrive.cc, request: "GET
/player-gateway/health/startup HTTP/1.1", host: "test.gamedrive.cc"
113.53.150.16 - - [07/Nov/2021:06:58:03 +0000] "GET /player-gateway/health/startup HTTP/1.1" 404 139 "-"
"PostmanRuntime/7.28.4" 258 0.001 [default-player-gateway-80] []
10.244.0.109:80 139 0.000 404 e834c8338f2938ffc84db4e7e4053706
I try to debug by changed nginx.ingress.kubernetes.io/rewrite-target: /$2 to nginx.ingress.kubernetes.io/rewrite-target: /health/startup.
and the response code is 200 as expected
2021/11/07 07:04:32 [notice] 452#452: 29805
"(?i)/player-gateway(/|$)(.)" matches
"/player-gateway/health/startup", client: 113.53.150.16, server:
test.gamedrive.cc, request: "GET /player-gateway/health/startup
HTTP/1.1", host: "test.gamedrive.cc" 2021/11/07 07:04:32 [notice]
452#452: *29805 rewritten data: "/health/startup", args: "", client:
113.53.150.16, server: test.gamedrive.cc, request: "GET /player-gateway/health/startup HTTP/1.1", host: "test.gamedrive.cc"
113.53.150.16 - - [07/Nov/2021:07:04:32 +0000] "GET /player-gateway/health/startup HTTP/1.1" 200 2 "-"
"PostmanRuntime/7.28.4" 258 0.002 [default-player-gateway-80] []
10.244.0.109:80 2 0.000 200 66967d6ab87d542f3269860107a4b7c4
Seem like /$2 or (/|$)(.*) is not working.
Please help me solve this problem.
Thanks.
I am getting 302 ERR_TOO_MANY_REDIRECTS when requesting che-dashboard on the generated URL by the helm.
I have installed Eclipse che using the following link:
https://www.eclipse.org/che/docs/che-7/installation-guide/installing-che-on-google-cloud-platform/
This installs multiple services like che-dashboard, keycloak, plugin-registry, etc.
Out of these only che dashboard is returning 302 ERR_TOO_MANY_REDIRECTS, rest of the URLs are working fine.
che-dashboard service is returning 200 Ok but ingress-nginx-controller is returning 302 redirect. PFB the logs and yaml files.
che-dashboard service logs:
2021-06-21 15:06:05.531 IST10.112.3.1 - - [21/Jun/2021:09:36:05 +0000] "GET /dashboard/ HTTP/1.1" 200 696
Info
2021-06-21 15:06:08.233 IST10.112.3.1 - - [21/Jun/2021:09:36:08 +0000] "GET /dashboard/ HTTP/1.1" 200 696
Info
2021-06-21 15:06:15.532 IST10.112.3.1 - - [21/Jun/2021:09:36:15 +0000] "GET /dashboard/ HTTP/1.1" 200 696
Info
2021-06-21 15:06:18.233 IST10.112.3.1 - - [21/Jun/2021:09:36:18 +0000] "GET /dashboard/ HTTP/1.1" 200 696
Info
2021-06-21 15:06:25.531 IST10.112.3.1 - - [21/Jun/2021:09:36:25 +0000] "GET /dashboard/ HTTP/1.1" 200 696
Info
2021-06-21 15:06:28.233 IST10.112.3.1 - - [21/Jun/2021:09:36:28 +0000] "GET /dashboard/ HTTP/1.1" 200 696
che-dashboard YAML:
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: che
meta.helm.sh/release-namespace: eclipse-che
creationTimestamp: "2021-06-07T17:57:40Z"
labels:
app: che
app.kubernetes.io/managed-by: Helm
component: che-dashboard
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:labels:
.: {}
f:app: {}
f:app.kubernetes.io/managed-by: {}
f:component: {}
f:spec:
f:ports:
.: {}
k:{"port":8080,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector:
.: {}
f:app: {}
f:component: {}
f:sessionAffinity: {}
f:type: {}
manager: Go-http-client
operation: Update
time: "2021-06-07T17:57:40Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:ports:
k:{"port":443,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
manager: GoogleCloudConsole
operation: Update
time: "2021-06-13T04:44:42Z"
name: che-dashboard
namespace: eclipse-che
resourceVersion: "6305578"
selfLink: /api/v1/namespaces/eclipse-che/services/che-dashboard
uid: cf8c6e75-1153-43db-b7f2-678f6bb927b9
spec:
clusterIP: 10.115.242.109
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app: che
component: che-dashboard
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
ingress-nginx-controller logs:
2021-06-21 13:47:18.499 IST171.61.57.210 - - [21/Jun/2021:08:17:18 +0000] "GET /dashboard/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" 22 0.001 [eclipse-che-che-host-8080] [] 10.112.4.3:8080 0 0.001 302 e9ffe655a67304f9a34ad623f1b2cfb1
Info
2021-06-21 13:47:18.707 IST171.61.57.210 - - [21/Jun/2021:08:17:18 +0000] "GET /dashboard/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" 22 0.001 [eclipse-che-che-host-8080] [] 10.112.4.3:8080 0 0.001 302 db12deeebd652964501ed94de4f8804b
Info
2021-06-21 13:47:18.911 IST171.61.57.210 - - [21/Jun/2021:08:17:18 +0000] "GET /dashboard/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36" 22 0.001 [eclipse-che-che-host-8080] [] 10.112.4.3:8080 0 0.000 302 af3de97363a4912f8e1f24f0bbd51913
ingress-nginx-controller YAML
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"ingress-nginx","app.kubernetes.io/version":"0.41.0","helm.sh/chart":"ingress-nginx-3.8.0"},"name":"ingress-nginx-controller","namespace":"ingress-nginx"},"spec":{"externalTrafficPolicy":"Local","ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":"http"},{"name":"https","port":443,"protocol":"TCP","targetPort":"https"}],"selector":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx"},"type":"LoadBalancer"}}
creationTimestamp: "2021-06-02T08:12:38Z"
finalizers:
- service.kubernetes.io/load-balancer-cleanup
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/version: 0.41.0
helm.sh/chart: ingress-nginx-3.8.0
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/instance: {}
f:app.kubernetes.io/managed-by: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/version: {}
f:helm.sh/chart: {}
f:spec:
f:externalTrafficPolicy: {}
f:ports:
.: {}
k:{"port":80,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
k:{"port":443,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/instance: {}
f:app.kubernetes.io/name: {}
f:sessionAffinity: {}
f:type: {}
manager: kubectl-client-side-apply
operation: Update
time: "2021-06-02T08:12:38Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.: {}
v:"service.kubernetes.io/load-balancer-cleanup": {}
f:status:
f:loadBalancer:
f:ingress: {}
manager: kube-controller-manager
operation: Update
time: "2021-06-02T08:13:27Z"
name: ingress-nginx-controller
namespace: ingress-nginx
resourceVersion: "3164"
selfLink: /api/v1/namespaces/ingress-nginx/services/ingress-nginx-controller
uid: 17eb1fd5-fbbc-40aa-a0c9-d1020f21e635
spec:
clusterIP: 10.115.245.45
externalTrafficPolicy: Local
healthCheckNodePort: 31646
ports:
- name: http
nodePort: 30508
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 31341
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 34.76.122.126
I can provide more details if needed. Thanks in advance
it seems to be issue which is already fixed in the latest version https://github.com/eclipse/che/issues/19914
The fix is fixing Ingress path from /dashboard/* to /dashboard/. See https://github.com/eclipse-che/che-server/pull/20
I'm not sure about ingress controller you need, the above is for nginx, you may need to configure your value if you have a different ingress controller.
Let us know if it does not work for you.
I have Nginx Ingress service running on 30001
Kubernetes version 1.18.6
Cluster configured with VmWare workstation
I have deployed wordpress and I have a ingress for wordpress
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-wordpress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /wordpress(/|$)(.*)
backend:
serviceName: wordpress
servicePort: 80
This is my wordpress deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
name: wordpress
spec:
template:
# Pod definition
metadata:
name: wordpress
labels:
name: wordpress
spec:
containers:
- name: wordpress
image: wordpress
volumeMounts:
- mountPath: /var/www/html
name: wordpress-persistent-storage
env:
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
- name: WORDPRESS_DB_HOST
value: "wordpress-mysql"
- name: WORDPRESS_DB_USER
value: "root"
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wordpress-persistent-storage
replicas: 2
selector:
matchLabels:
name: wordpress
This is my nginx ingress controller
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
spec:
replicas: 1
selector:
matchLabels:
name: nginx-ingress
template:
metadata:
labels:
name: nginx-ingress
spec:
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.31.1
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
my worker IPs are 192.168.111.136,192.168.111.137
when I load http://worker-ip:30001/wordress
I am getting redirected for http://worker-ip:30001/wp-admin/install.php
which is the correct url of course.
But my browser shows 404 Not Found
This is my logs for --> kubectl logs nginx-ingress-controller-776d4c78f9-fkrgx -f
I1014 16:34:37.481750 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ingress-wordpress", UID:"6051b54a-c359-469b-a34e-8ba1b0202ebd", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"171471", FieldPath:""}): type: 'Normal' reason: 'DELETE' Ingress default/ingress-wordpress
I1014 16:34:37.535710 6 controller.go:155] Backend successfully reloaded.
I1014 16:34:40.458184 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ingress-wordpress", UID:"0c6d67d5-a118-4391-b3ca-c8179fd12a44", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"171482", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress default/ingress-wordpress
I1014 16:34:40.815250 6 controller.go:139] Configuration changes detected, backend reload required.
I1014 16:34:40.865628 6 controller.go:155] Backend successfully reloaded.
10.32.0.1 - - [14/Oct/2020:16:34:52 +0000] "GET /wordpress HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 458 0.012 [default-wordpress-80] [] 10.32.0.4:80 0 0.012 302 3fa7b1be573bb3db1e573953d7c29aba
I1014 16:35:05.344074 6 status.go:275] updating Ingress default/ingress-wordpress status from [] to [{192.168.111.136 }]
I1014 16:35:05.349635 6 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ingress-wordpress", UID:"0c6d67d5-a118-4391-b3ca-c8179fd12a44", APIVersion:"networking.k8s.io/v1beta1", ResourceVersion:"171546", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/ingress-wordpress
10.44.0.0 - - [14/Oct/2020:16:44:14 +0000] "GET /wordpress HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 439 0.009 [default-wordpress-80] [] 10.32.0.4:80 0 0.012 302 54c29a839541ce6e724ce004a0890942
10.32.0.1 - - [14/Oct/2020:16:45:35 +0000] "GET /wordpress HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 458 0.012 [default-wordpress-80] [] 10.32.0.4:80 0 0.012 302 83335c2e98f6784efd051d81b84ad2ef
10.32.0.1 - - [14/Oct/2020:16:45:37 +0000] "GET /wordpress/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 440 0.021 [default-wordpress-80] [] 10.44.0.3:80 0 0.020 302 db916b199d7f08379ac79122415855b7
How to correct this ?
Your application is redirecting you to /wp-admin/. This path does not match any Ingress rules, so it returns 404.
You need to add a wp-admin HTTP path rule as well, so the request will be properly proxy-forwarded to the WordPress container.
I have had success in both instantiating a traefik container, as well as 4 other nginx containers to serve applications that route my subdomains to each individual service. The routing works, and I am using [acme] for certificate generation, but everytime i try to go to any of my subdomains chrome still gives me an error saying "this connection isn't trusted", and then I have to hit advanced and proceed. The individual applications load fine, but there's something wrong with the certificates.
I have tried clearing the acme.json file to no avail. I had also played around with enabling onDemand in the traefick.toml but that didn't work either.
Please help?
traefik.toml
# defaultEntryPoints must be at the top
# because it should not be in any table below
defaultEntryPoints = ["http", "https"]
# Entrypoints, http and https
[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
# https is the default
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable ACME (Let's Encrypt): automatic SSL
[acme]
email = "chris#myubercode.com"
storage = "./acme.json"
entryPoint = "https"
OnHostRule = true
acmeLogging = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[acme.httpChallenge]
entryPoint = "http"
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
[[acme.domains]]
main = "cswilson.site"
sans = ["profile.cswilson.site", "ecommerce.cswilson.site", "fitness.cswilson.site", "biosite.cswilson.site"]
traefikLogsFile = "/tmp/traefik.log"
logLevel = "DEBUG"
[accessLog]
filePath = "/tmp/access.log"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "cswilson.site"
watch = true
exposedbydefault = false
docker-compose.yml (for the traefik container):
version: '3'
services:
traefik:
image: traefik
command: --docker
ports:
- "80:80"
- "443:443"
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
networks:
- default
And here is the docker-compose.yml for the 4 different application containers:
version: '3'
services:
profile:
build: .
image: nginx
labels:
- "traefik.enabled=true"
- "traefik.backend=profile"
- "traefik.frontend.rule=Host:profile.cswilson.site"
- "traefik.frontend.entryPoinst=http,https"
restart: always
networks:
- "traefik_default"
fitness:
build: .
image: nginx
labels:
- "traefik.enabled=true"
- "traefik.backend=fitness"
- "traefik.frontend.rule=Host:fitness.cswilson.site"
- "traefik.frontend.entryPoinst=http,https"
restart: always
networks:
- "traefik_default"
ecommerce:
build: .
image: nginx
labels:
- "traefik.enabled=true"
- "traefik.backend=ecommerce"
- "traefik.frontend.rule=Host:ecommerce.cswilson.site"
- "traefik.port=80"
restart: always
networks:
- "traefik_default"
biosite:
build: .
image: nginx
labels:
- "traefik.enabled=true"
- "traefik.backend=ecommerce"
- "traefik.frontend.rule=Host:biosite.cswilson.site"
- "traefik.port=80"
restart: always
networks:
- "traefik_default"
networks:
traefik_default:
external:
name: traefik_default
I am new to docker and just found traefik this morning, and I don't really know if I need some sort of a real certificate to put into
[[entryPoints.http.tls.certificates]]
Any help is greatly appreciated, thank you
I am playing around with Docker and stuff, using this docker-compose.yml:
version: '3.4'
services:
frontend:
image: apmimg:latest
networks:
- core-infra
ports:
- 8080:80
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
backend:
image: productsapi:latest
volumes:
- myvol:/opt/myvol
networks:
- core-infra
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
networks:
core-infra:
driver: overlay
volumes:
myvol:
driver: local
And when I ssh into frontend and ping backend "ping mysite_backend" it does work.
But when I try to make a HTTP request from my Node.js code:
private _productUrl = "http://mysite_backend/api/products";
getProducts(): Observable<IProduct[]>
{
let url = this._productUrl;
return this._http.get<IProduct[]>(url)
.do(data => console.log('All: ' + JSON.stringify(data)))
.catch(this.handleError);
}
I get a "Failed to load resource: net::ERR_NAME_NOT_RESOLVED", even in the same host.
Any ideas on what's wrong?