We have an angular_app that upon running docker-compose up is accessible from
under localhost.
Now, we have another dockerized Nginx app that reverses proxies several apps. /app_A /app_B /agular_app. Now A and B work already but the angular_app gives 502.
A snippet from Nginx
location / {
proxy_pass http://agular_app:5001;
}
A snippet from the docker file
agular_app:
image: docker_repo/agular_app:latest
ports:
- 5001:80
The angular_app is accessible from localhost:5001
but not accessible from localhost (gives 502)
I have tried the following things:
Yes, changing 5001:5001, the dame 502
Different Nginx config such as adding proxy_set_header etc
Tried not using redirects over proxy_pass
For me... The missing puzzle piece is... Why reverse proxy does not work. Again, the dockerized angular image running manually (not containerized) on Nginx works fine.
Here is the docker file for angular_app
# Stage 1
FROM node:12-alpine3.12 as build-step
RUN mkdir -p /app
WORKDIR /app
COPY package.json /app
RUN npm install
COPY . /app
RUN npm run build --prod
# Stage 2
FROM nginx:1.14.2-alpine
COPY --from=build-step /app/frontend/dist /usr/share/nginx/html
COPY ./nginx_docker.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
Error from Nginx log upon calling localhost:
gateway | 2021/05/27 06:52:07 [error] 28#28: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://172.18.0.2:5
001/", host: "localhost"
gateway | 2021/05/27 06:52:07 [error] 28#28: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://172.18.0.2:5
001/502.html", host: "localhost"
gateway | 172.18.0.1 - - [27/May/2021:06:52:07 +0000] "GET / HTTP/1.1" 502 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" "-"
gateway | 2021/05/27 06:52:07 [error] 28#28: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: "http://1
72.18.0.2:5001/favicon.ico", host: "localhost", referrer: "http://localhost/"
gateway | 2021/05/27 06:52:07 [error] 28#28: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: "http://1
72.18.0.2:5001/502.html", host: "localhost", referrer: "http://localhost/"
Related
I've been trying to teach myself Nginx. Naturally I figured I should use docker. I'm trying to do this with docker for windows. Would eventually move to Linux server. I feel like I'm so close, but I'm stuck on this last issue.
reverseproxy_1 | 2021/07/14 22:37:31 [error] 31#31: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "http://172.18.0.2:5000/favicon.ico", host: "localhost:4000", referrer: "http://localhost:4000/"
Anyone have any suggestions? I'm new to this, so it's probably something stupid. I've gone through several tutorials and I really feel like this should work.
version: '3.7'
services:
web:
image: 'anatomy-lab2'
container_name: 'AnatomyLabWeb'
ports:
- "5000:80"
restart: always
reverseproxy:
image: nginx:alpine
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
ports:
- '4000:4000'
depends_on:
- web
restart: always
user nginx;
events {
worker_connections 1000;
}
http {
upstream web-api {
server web:5000;
}
server {
listen 4000;
location / {
proxy_pass http://web-api;
}
}
}
λ docker-compose up
Starting AnatomyLabWeb ... done
Starting anatomy-lab_reverseproxy_1 ... done
Attaching to AnatomyLabWeb, anatomy-lab_reverseproxy_1
reverseproxy_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
reverseproxy_1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
reverseproxy_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
reverseproxy_1 | 10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled
reverseproxy_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
reverseproxy_1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
reverseproxy_1 | /docker-entrypoint.sh: Configuration complete; ready for start up
AnatomyLabWeb | [04:56:26 WRN] Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed
.
AnatomyLabWeb | [04:56:26 INF] User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
AnatomyLabWeb | Hosting environment: Production
AnatomyLabWeb | Content root path: /app
AnatomyLabWeb | Now listening on: http://[::]:80
AnatomyLabWeb | Application started. Press Ctrl+C to shut down.
reverseproxy_1 | 2021/07/15 04:56:33 [error] 23#23: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://172.18.
0.2:5000/", host: "localhost:4000"
reverseproxy_1 | 172.18.0.1 - - [15/Jul/2021:04:56:33 +0000] "GET / HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
reverseproxy_1 | 2021/07/15 04:56:33 [error] 23#23: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "htt
p://172.18.0.2:5000/favicon.ico", host: "localhost:4000", referrer: "http://localhost:4000/"
reverseproxy_1 | 172.18.0.1 - - [15/Jul/2021:04:56:33 +0000] "GET /favicon.ico HTTP/1.1" 502 559 "http://localhost:4000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/91.0.4472.124 Safari/537.36"
I get the web app to work just fine by itself (asp.net/kestrel). But I can't seem to hook it to Nginx.
Any thoughts on this would be great. I've been stuck for quite a bit of time.
The problem came from
upstream web-api {
server web:5000;
}
In the dockerized environment the web container listens :80 so you need to change the config like
upstream web-api {
server web:80;
}
Environment setup
I have an application which is composed by some services:
jenkins server
nginx server with angular
nginx server as a proxy
Those services are defined in the docker-compose file:
version: '3'
services:
reverse:
container_name: reverse-proxy
build:
context: /app/mywallet/MyWalletFe/reverse-proxy
ports:
- "80:80"
networks:
- net
jenkins:
container_name: jenkins
image: jenkins/jenkins
volumes:
- "$PWD/jenkins_home:/var/jenkins_home"
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- net
angular:
container_name: mywallet_fe
build:
context: /app/mywallet/MyWalletFe
networks:
- net
networks:
net:
I defined the following configuration file for the reverse-proxy:
upstream client {
# angular is the name of the service in docker-compose file
server angular:4200;
}
upstream jenkins {
server jenkins:8080;
}
server {
listen 80;
location / {
proxy_pass http://client;
}
location /jenkins {
proxy_pass http://jenkins;
}
}
Finally, here is the Dockerfile for the reverse-proxy service, which copies the configuration file in the nginx container:
FROM nginx
# override default files if present
COPY ./default.conf /etc/nginx/conf.d/default.conf
Goal
My goal is to access Jenkins with SERVER_IP/jenkins
Output
When I run the whole application and try to access to SERVER_IP/jenkins, I get the following error in the reverse-proxy logs:
2020/04/15 21:44:55 [error] 6#6: *10 connect() failed (111: Connection
refused) while connecting to upstream, client: MY_CLIENT_IP, server: ,
request: "GET /login?from=%2Fjenkins HTTP/1.1", upstream:
"http://172.18.0.5:4200/login?from=%2Fjenkins", host: "SERVER_IP",
referrer: "http://SERVER_IP/jenkins" MY_CLIENT_IP
[15/Apr/2020:21:44:55 +0000] "GET /favicon.ico HTTP/1.1" 502 559
"http://SERVER_IP/login?from=%2Fjenkins" "Mozilla/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36" "-" 2020/04/15 21:44:55 [error]
6#6: *10 connect() failed (111: Connection refused) while connecting
to upstream, client: MY_CLIENT_IP, server: , request: "GET
/favicon.ico HTTP/1.1", upstream:
"http://172.18.0.5:4200/favicon.ico", host: "SERVER_IP",
referrer: "http://SERVER_IP/login?from=%2Fjenkins"
where MY_CLIENT_IP is my laptop IP and SERVER_IP is the IP of the server where the application runs.
What's wrong in the configuration of the reverse proxy? If I expose the jenkins and angular services I can reach them, while through the proxy I can't.
Similar question, which doesn't help me (or I don't understand how would those help me)
Docker nginx reverse proxy returns 502 bad gateway "connection refused while connecting to upstream"
Connection refused while connection to upstream - Docker
connect() failed (111: Connection refused) while connecting to upstream for nginx+php-fpm docker
docker nginx connection refused while connecting to upstream
I'm setting up an app with multiple containers, and use nginx to redirect requests to correct container. However, I got stuck with the 502 Bad Gateway error.
Actually, the code is from a course on Udemy: Docker and Kubernetes.
I just copy and paste the code, it ran on instructor machine, but not mine. I tried on my windows and my macbook, restart docker, but still no hope. I looked for solutions on other stackoverflow posts, some other articles, but none of them tell me why it works on others' machines, but not mine.
Here is the repo of the code.
docker-compose.yml (full code):
version: "3"
services:
postgres:
...
redis:
...
nginx:
restart: always
build:
dockerfile: Dockerfile.dev
context: ./nginx
ports:
- "3050:80"
api:
...
client:
...
worker:
...
nginx/Dockerfile.dev
FROM nginx
COPY ./default.conf /etc/nginx/conf.d/default.conf
nginx/default.conf
upstream client {
server client:3000;
}
upstream api {
server api:5000;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://client;
}
location /api {
rewrite /api/(.*) /$1 break;
proxy_pass http://api;
}
}
It runs just fine on instructor's machine and other learners', but not on my machines. I got error when connecting http://localhost:3050 and http://localhost:3050/api:
nginx_1 | 2019/07/08 02:52:35 [error] 6#6: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.25.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://125.235.4.59:3000/", host: "localhost:3050"
nginx_1 | 172.25.0.1 - - [08/Jul/2019:02:52:35 +0000] "GET / HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "-"
nginx_1 | 2019/07/08 02:52:57 [error] 6#6: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.25.0.1, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "http://125.235.4.59:3000/favicon.ico", host: "localhost:3050", referrer: "http://localhost:3050/"
nginx_1 | 172.25.0.1 - - [08/Jul/2019:02:52:57 +0000] "GET /favicon.ico HTTP/1.1" 502 559 "http://localhost:3050/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" "-"
Any help is appreciated.
Needed to amend the docker-compose.yml:
the upstream services should expose their ports so that the nginx service can connect i.e.:
api:
expose:
- '5000'
client:
expose:
- '3000'
the nginx service depends_on the upstream services:
nginx:
depends_on:
- 'client'
- 'api'
Symptoms:
When navigating to the EB URL, page never loads.
I can provide parts of my project config if needed. Here is a portion of the log from my AWS EB instance:
2018/02/18 09:35:22 [warn] 3060#0: conflicting server name "localhost" on 0.0.0.0:80, ignored
2018/02/18 09:46:48 [error] 3064#0: *167 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 172.31.4.6, server: _, request: "GET /users HTTP/1.1", upstream: "http://unix:///var/run/puma/my_app.sock:/users", host: "idea-jotter-api-env.ukn765e3m3.ap-southeast-1.elasticbeanstalk.com"
2018/02/18 09:46:49 [error] 3064#0: *167 connect() to unix:///var/run/puma/my_app.sock failed (111: Connection refused) while connecting to upstream, client: 172.31.4.6, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:///var/run/puma/my_app.sock:/favicon.ico", host: "idea-jotter-api-env.ukn765e3m3.ap-southeast-1.elasticbeanstalk.com", referrer: "http://idea-jotter-api-env.ukn765e3m3.ap-southeast-1.elasticbeanstalk.com/users"
2018/02/19 13:11:50 [error] 3064#0: *24659 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 172.31.31.179, server: _, request: "GET / HTTP/1.1", upstream: "http://unix:///var/run/puma/my_app.sock/", host: "52.221.25.234"
So, I try to install Gitlab and I have some problems. At the end of Installation from source, when I try to start all services, I have a 502 error. I have this message when I try sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production :
Check GitLab API access: FAILED. code: 502
gitlab-shell self-check failed
Try fixing it:
Make sure GitLab is running;
Check the gitlab-shell configuration file:
sudo -u git -H editor /home/git/gitlab-shell/config.yml
Please fix the error above and rerun the checks.
After some search, I think it's a unicorn error. That's what I find in the file log tail -n 15 /home/git/gitlab/log/unicorn.stderr.log :
F, [2015-08-17T14:08:25.266483 #15125] FATAL -- : error adding listener addr="188.213.26.27":80
/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/unicorn-4.6.3/lib/unicorn/socket_helper.rb:147:in `initialize': Permission denied - bind(2) for "188.213.26.27" port 80 (Errno::EACCES)
I don't know how I can change this and if it's the real problem. If it can help, this is the Nginx log tail -f /var/log/nginx/gitlab_error.log :
2015/08/16 16:46:24 [error] 14932#0: *33 limiting connections by zone "limit_per_ip", client: 188.213.26.27, server: gitlab.nova.ovh, request: "GET / HTTP/1.0", host: "gitlab.nova.ovh"
2015/08/16 17:00:41 [error] 14932#0: *71 limiting connections by zone "limit_per_ip", client: 188.213.26.27, server: gitlab.nova.ovh, request: "GET / HTTP/1.0", host: "gitlab.nova.ovh"
2015/08/16 17:01:04 [error] 19194#0: *33 limiting connections by zone "limit_per_ip", client: 188.213.26.27, server: gitlab.nova.ovh, request: "GET / HTTP/1.0", host: "gitlab.nova.ovh"
2015/08/16 17:03:01 [error] 19713#0: *33 limiting connections by zone "limit_per_ip", client: 188.213.26.27, server: gitlab.nova.ovh, request: "GET / HTTP/1.0", host: "gitlab.nova.ovh"
2015/08/17 12:18:09 [error] 18616#0: *3 connect() to unix:/home/git/gitlab/tmp/sockets/gitlab.socket failed (111: Connection refused) while connecting to upstream, client: 82.127.11.127, server: gitlab.nova.ovh, request: "GET / HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab.socket:/", host: "gitlab.nova.ovh"
2015/08/17 12:18:26 [error] 18616#0: *6 connect() to unix:/home/git/gitlab/tmp/sockets/gitlab.socket failed (111: Connection refused) while connecting to upstream, client: 188.213.26.27, server: gitlab.nova.ovh, request: "GET //api/v3/internal/check HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab.socket://api/v3/internal/check", host: "gitlab.nova.ovh"
2015/08/17 13:47:09 [error] 18616#0: *38 connect() to unix:/home/git/gitlab/tmp/sockets/gitlab.socket failed (111: Connection refused) while connecting to upstream, client: 188.213.26.27, server: gitlab.nova.ovh, request: "GET //api/v3/internal/check HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab.socket://api/v3/internal/check", host: "gitlab.nova.ovh"
2015/08/17 13:48:05 [error] 18616#0: *42 connect() to unix:/home/git/gitlab/tmp/sockets/gitlab.socket failed (111: Connection refused) while connecting to upstream, client: 188.213.26.27, server: gitlab.nova.ovh, request: "GET //api/v3/internal/check HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab.socket://api/v3/internal/check", host: "gitlab.nova.ovh"
Unicorn must not bind port 80 which it is denied anyways (hence the error message). Binding ports below 1024 requires root privileges. Also port 80 is used by nginx. Configure unicorn to not listen to TCP ports at all if you're using unix socket or any high port (e.g. 8080 or 8081) for use with TCP socket.