I have encountered a very peculiar problem with the latest docker nginx image. It looks like something is commenting out my ssl options, when I mount a file in a container. I tried renaming the file and also mounting in via nginx.conf or sites-enabled, but it only led to it being commented out again. The only logs, that I could gather from these problems is this shell script execution. Could someone point me in the right direction on how I can troubleshoot this further?
nginx | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
My nginx configuration file:
:
Docker-compose nginx block:
version: '3'
services:
nginx:
image: nginx:latest
container_name: nginx
hostname: ghost-nginx
ports:
# - 80:80
- 443:443
volumes:
# - ./nginx/ssl/yourhost.xyz.key:/etc/nginx/yourhost.xyz.key:ro
# - ./nginx/ssl/yourhost.xyz.crt:/etc/nginx/yourhost.xyz.crt:ro
- /usr/ghost/conf/ghost.conf:/etc/nginx/conf.d/ghost.conf
# - /usr/ghost/conf/ghost1.conf:/etc/nginx/conf.d/default1.conf
- /etc/letsencrypt/live/Mydomain/fullchain.pem:/etc/letsencrypt/live/tildawn.nts.am/fullchain.pem
- /etc/letsencrypt/live/Mydomain/privkey.pem:/etc/letsencrypt/live/tildawn.nts.am/privkey.pem
# - /usr/proxy_zt/zt.conf:/etc/nginx/site-enabled/zt.conf
- /etc/letsencrypt/options-ssl-nginx.conf:/etc/letsencrypt/options-ssl-nginx.conf
- /etc/letsencrypt/ssl-dhparams.pem:/etc/letsencrypt/ssl-dhparams.pem
# - ./etc/nginx/conf.d/ghost.conf:/usr/ghost/conf/ghost.conf
#links:
# - ghost
networks:
my_prod_net:
restart: always
How I tried to solve the issue.
I tried changing the file name and moved it to sites-enabled, conf.d and nginx. Unfortunately, it didn't help to solve the issue.
I also tried rebuilding the image and changing the file inside the container. That worked, but all progress was lost after a restart.
Related
I'm trying to run nginx as a container in docker using docker-compose but unfortunately, I'm not able to run it properly.
Here is my docker-compose.yml:
version: '3'
services:
webserver:
container_name: webserver
hostname: webserver
image: nginx
ports:
- 80:80
- 443:443
volumes:
- ./nginx:/etc/nginx
and here is the error:
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/01/18 19:04:26 [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
I've used both relative and absolute paths in volumes but none of them worked. If I have the directory available on the host, it won't work. If I don't have the directory in the host, when I run docker-compose up, it will create an empty directory for nginx in the host but it will be left empty.
Any ideas what's wrong with my setup?
Thank you.
No don't try to modify all the confs manually in the containers itself.
Nginx have /etc/nginx/conf.d for that so mount your customs confs inside.
Example:
You current directory shouldl look like this:
.
├── conf
│ └── custom.conf
├── docker-compose.yml
└── html
└── index.html
docker-compose.yml
services:
nginx:
image: nginx:latest
ports:
- 80:80
volumes:
- ./conf:/etc/nginx/conf.d # custom conf goes here
- ./html:/tmp # custom html goes here
I just put the html inside "/tmp" for showing you that my custom config works ..
./conf/custom.conf
server {
listen 80;
location / {
root /tmp/;
index index.html index.htm;
}
}
./html/index.html
<h1>nginx custom conf</h1>
Then
$ docker-compose up -d
Creating network "nginx_default" with the default driver
Creating nginx_nginx_1 ... done
$ curl localhost
<h1>nginx custom conf</h1>
When trying to run my nginx docker-compose image with sudo docker-compose up I get the following error:
production_nginx | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
production_nginx | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
production_nginx | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
production_nginx | 10-listen-on-ipv6-by-default.sh: /etc/nginx/conf.d/default.conf is not a file or does not exist, exiting
production_nginx | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
production_nginx | /docker-entrypoint.sh: Configuration complete; ready for start up
production_nginx | nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
production_nginx | 2020/07/04 22:04:37 [emerg] 1#1: open() "/var/log/nginx/error.log" failed (13: Permission denied)
My docker compose file looks like this:
version: "3.7"
services:
nginx:
image: nginx:latest
container_name: production_nginx
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/
- /opt/nginx_cache/:/opt/nginx_cache/
- /var/home/core/config/nginx/dhparam.pem:/etc/nginx/dhparam.pem
- /var/home/core/config/nginx/conf.d/:/etc/nginx/conf.d/
- /var/home/core/config/files/:/var/home/core/config/files/
- /var/home/core/config/nginx/nginx.conf:/etc/nginx/nginx.conf
- /var/log/nginx/:/var/log/nginx/
networks:
- proxynet
- abnet
- dsnet
The permission of the folder /var/log/nginx looks like this: drwxr-xr-x. 2 root root 41 Jul 4 22:04 nginx
I have sandboxed the file like this: sudo chcon -Rt svirt_sandbox_file_t /var/log/nginx.
Its probably SELinux blocking the access, but do not suggest to disable it as I intend to run with it turned on!
Add :Z to all your volumes mounts: - /etc/letsencrypt/:/etc/letsencrypt/:Z and it should work (what is 'z' flag in docker container's volumes-from option?).
I'm trying to follow this guide to setting up a reverse proxy for a docker container (serving a static file), using another container with an instance of nginx as a reverse proxy.
I expect to see my page served on /, but I am blocked in the build with the error message:
container_nginx_1 | 2020/05/10 16:54:12 [emerg] 1#1: host not found in upstream "container1:8001" in /etc/nginx/conf.d/sites-enabled/virtual.conf:2
container_nginx_1 | nginx: [emerg] host not found in upstream "container1:8001" in /etc/nginx/conf.d/sites-enabled/virtual.conf:2
nginx_docker_test_container_nginx_1 exited with code 1
I have tried many variations on the following virtual.conf file, and this is the current, based on the example given and various other pages:
upstream cont {
server container1:8001;
}
server {
listen 80;
location / {
proxy_pass http://cont/;
}
}
If you are willing to look at a 3rd party site, I've made a minimal repo here, otherwise the most relevant files are below.
My docker-compose file looks like this:
version: '3'
services:
container1:
hostname: container1
restart: always
image: danjellz/http-server
ports:
- "8001:8001"
volumes:
- ./proj1:/public
command: "http-server . -p 8001"
depends_on:
- container_nginx
networks:
- app-network
container_nginx:
build:
context: .
dockerfile: docker/Dockerfile_nginx
ports:
- 8080:8080
networks:
- app-network
networks:
app-network:
driver: bridge
and the Dockerfile
# docker/Dockerfile_nginx
FROM nginx:latest
# add nginx config files to sites-available & sites-enabled
RUN mkdir /etc/nginx/conf.d/sites-available
RUN mkdir /etc/nginx/conf.d/sites-enabled
ADD projnginx/conf.d/sites-available/virtual.conf /etc/nginx/conf.d/sites-available/virtual.conf
RUN cp /etc/nginx/conf.d/sites-available/virtual.conf /etc/nginx/conf.d/sites-enabled/virtual.conf
# Replace the standard nginx conf
RUN sed -i 's|include /etc/nginx/conf.d/\*.conf;|include /etc/nginx/conf.d/sites-enabled/*.conf;|' /etc/nginx/nginx.conf
WORKDIR /
I'm running this using docker-compose up.
Similar: react - docker host not found in upstream
The problem is if the hostname can not be resolved in upstream blocks, nginx will not start. Here you have defined service container1 to be dependent on container_nginx . But nginx container is never up due to the fact the container1 hostname is not resolved (because container1 is not yet started) Don't you think it should be reverse? Nginx container should be dependent on the app container.
Additionally in your nginx port binding you have mapped 8080:8080 while in nginx conf you have 80 listening.
I have an Nginx container set up which serves assets for a static website. The idea is for the webserver to always stay up, and overwrite the assets whenever they are recompiled. Currently the docker setup looks like this:
docker-compose.yml:
version: '3'
services:
web:
build: ./app
volumes:
- site-assets:/app/dist:ro
nginx:
build: ./nginx
ports:
- 80:80
- 443:443
volumes:
- site-assets:/app:ro
- https-certs:/etc/nginx/certs:ro
depends_on:
- web
volumes:
site-assets:
https-certs:
Web (asset-builder) Dockerfile:
FROM node:latest
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY ./ .
RUN npm run generate
Nginx Dockerfile:
FROM nginx:latest
RUN mkdir /app
COPY nginx.conf /etc/nginx/nginx.conf
The certbot container is managed separately and is not relevant to the problem I'm having, but the Nginx container does need to be able to mount the https-certs volume.
This setup seemed good, until I realized the site-assets volume would not be updated after first creation. The volume would need to be destroyed and re-created on each app deployment for this to work, requiring the Nginx container to be stopped to unmount the volume. So much for that approach.
Is there a way to manage application data in this setup without bringing the Nginx container down? Preferably, I would want to do this declaratively with a docker-compose file, avoid multiple application instances as this doesn't need to scale, and avoid using docker inspect to find the volume on the filesystem and modify it directly.
I hope there is a sane answer to this other than "It's a static site, why aren't you using Netlify or GitHub Pages?" :)
Here is an example that would move your npm run generate from image build time to container run time. It is a minimal example to illustrate how moving the process to the run time makes the volume available to both the running container at startup and future ones at run time.
With the following docker-compose.yml:
version: '3'
services:
web:
image: ubuntu
volumes:
- site-assets:/app/dist
command: bash -c "echo initial > /app/dist/file"
restart: "no"
nginx:
image: ubuntu
volumes:
- site-assets:/app:ro
command: bash -c "while true; do cat /app/file; sleep 5; done"
volumes:
site-assets:
We can launch it with docker-compose up in a terminal. Our nginx server will initially miss the data but the initial web service will launch and generate our asset (with contents initial):
❯ docker-compose up
Creating network "multivol_default" with the default driver
Creating volume "multivol_site-assets" with default driver
Creating multivol_web_1 ... done
Creating multivol_nginx_1 ... done
Attaching to multivol_nginx_1, multivol_web_1
nginx_1 | cat: /app/file: No such file or directory
multivol_web_1 exited with code 0
nginx_1 | initial
nginx_1 | initial
nginx_1 | initial
nginx_1 | initial
In another terminal we can update our asset (your npm run generate command):
❯ docker-compose run web bash -c "echo updated > /app/dist/file"
And now we can see our nginx service serving the updated content:
❯ docker-compose up
Creating network "multivol_default" with the default driver
Creating volume "multivol_site-assets" with default driver
Creating multivol_web_1 ... done
Creating multivol_nginx_1 ... done
Attaching to multivol_nginx_1, multivol_web_1
nginx_1 | cat: /app/file: No such file or directory
multivol_web_1 exited with code 0
nginx_1 | initial
nginx_1 | initial
nginx_1 | initial
nginx_1 | initial
nginx_1 | updated
nginx_1 | updated
nginx_1 | updated
nginx_1 | updated
^CGracefully stopping... (press Ctrl+C again to force)
Stopping multivol_nginx_1 ... done
Hope this was helpful to illustrate a way to take advantage of volume mounting at container run time.
I'm a new user of docker and probably I messed up something easy.
I'm containerizing a CodeIgniter app for what I used phpdocker.io. The generated docker-compose is the one that I'm using.
The plan for this containerization is that when another dev touches the code he has nothing to do more than a simple docker-compose up and get his hands dirty with code. The projects is using some google maps api and it requires us to install SSL on local machines (in this case, the containers).
I'm using nginx-proxy to map a local virtual host to the containers and it works perfectly fine, the problem comes when I'm trying to install the SSL certificates.
Here is my complete docker-compose.yml
version: "3.1"
services:
###nginx-proxy###
nginx-proxy:
image: jwilder/nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ssl-data:/etc/nginx/certs:ro
- ssl-data:/etc/nginx/vhost.d
- ssl-data:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
###letsencrypt###
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
volumes:
- ssl-data:/etc/nginx/certs:rw
- ssl-data:/etc/nginx/vhost.d
- ssl-data:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- nginx-proxy
######mysql######
mysql:
image: mysql:5.7.21
container_name: rocatienda-mysql
working_dir: /application
volumes:
- ./app:/application
- ./mysql_data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=123456
- MYSQL_DATABASE=roca-tienda
- MYSQL_PASSWORD=123456
ports:
- "3306:3306"
depends_on:
- letsencrypt
whoami:
image: jwilder/whoami
environment:
- VIRTUAL_HOST=whoami.local
depends_on:
- letsencrypt
####webserver####
webserver:
image: nginx:alpine
container_name: rocatienda-webserver
working_dir: /application
volumes:
- ./app:/application
- ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
environment:
- VIRTUAL_HOST=rocatienda.local
- LETSENCRYPT_HOST=rocatienda.local
- LETSENCRYPT_EMAIL=some#example.com # this is just for this issue. I have a real email here.
depends_on:
- letsencrypt
#####php-fpm#####
php-fpm:
build: phpdocker/php-fpm
container_name: rocatienda-php-fpm
working_dir: /application
volumes:
- ./app:/application
- ./phpdocker/php-fpm/php-ini-overrides.ini:/etc/php5/fpm/conf.d/99-overrides.ini
depends_on:
- letsencrypt
volumes:
ssl-data:
This is my project folder structure:
/roca
|-- /app
|-- /mysql_data
|-- /phpdocker
| |-- /nginx
| | `-- nginx.conf
| `-- /php-fpm
| |-- Dockerfile
| `-- php-ini-overrides.ini
`-- docker-compose.yml
These are the logs for the docker-letsencrypt-nginx-proxy-companion container:
Generating a 4096 bit RSA private key
...............................................................................................................................................................++
.............................................................................++
writing new private key to '/etc/nginx/certs/default.key.new'
-----
Info: a default key and certificate have been created at /etc/nginx/certs/default.key and /etc/nginx/certs/default.crt.
Info: Creating Diffie-Hellman group in the background.
A pre-generated Diffie-Hellman group will be used for now while the new one
is being created.
Generating DH parameters, 2048 bit long safe prime, generator 2
Reloading nginx proxy (ee253de258e33e38026a4e872a0863faf4b03a27f81e8b312941dc9a905fafd4)...
2018/10/09 18:15:57 Generated '/etc/nginx/conf.d/default.conf' from 6 containers
2018/10/09 18:15:57 [notice] 84#84: signal process started
2018/10/09 18:15:57 Generated '/app/letsencrypt_service_data' from 6 containers
2018/10/09 18:15:57 Running '/app/signal_le_service'
2018/10/09 18:15:57 Watching docker events
2018/10/09 18:15:57 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
/etc/nginx/certs/rocatienda.local /app
Reloading nginx proxy (ee253de258e33e38026a4e872a0863faf4b03a27f81e8b312941dc9a905fafd4)...
2018/10/09 18:15:58 Generated '/etc/nginx/conf.d/default.conf' from 6 containers
Creating/renewal rocatienda.local certificates... (rocatienda.local)
2018-10-09 18:15:58,957:INFO:simp_le:1382: Generating new account key
2018-10-09 18:16:01,125:INFO:simp_le:1407: By using simp_le, you implicitly agree to the CA's terms of service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
ACME server returned an error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Debugging tips: -v improves output verbosity. Help is available under --help.
/app
stat: can't stat '/etc/nginx/certs/accounts/acme-v01.api.letsencrypt.org/directory/default.json': No such file or directory
chown: /etc/nginx/certs/accounts/acme-v01.api.letsencrypt.org/directory/default.json: No such file or directory
stat: can't stat '/etc/nginx/certs/accounts/acme-v01.api.letsencrypt.org/directory': No such file or directory
chown: /etc/nginx/certs/accounts/acme-v01.api.letsencrypt.org/directory: No such file or directory
stat: can't stat '/etc/nginx/certs/accounts/acme-v01.api.letsencrypt.org': No such file or directory
chown: /etc/nginx/certs/accounts/acme-v01.api.letsencrypt.org: No such file or directory
stat: can't stat '/etc/nginx/certs/accounts': No such file or directory
chown: /etc/nginx/certs/accounts: No such file or directory
Sleep for 3600s
This is going to take a long time
Info: Diffie-Hellman group creation complete, reloading nginx.
Reloading nginx proxy (ee253de258e33e38026a4e872a0863faf4b03a27f81e8b312941dc9a905fafd4)...
2018/10/09 18:16:55 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
You can see there is an error at the bottom of the logs. I have some questions:
How can I fix this?
Where did I messed things up?
Is any other better way to accomplish what I want?
Thanks in advance!