I have deployed a stack with wordpress and mariadb. If I try to access directly to the website with IP address and port it works but when i configure the reverse porxy with nginx it doesn't load the entire content. Maybe because of php loading or something else.
Nginx is directly installed into the server as a service while wordpress is containerized into a stack
This is the docker-compose.yml file
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- 8080:80
- 9001:9000
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: root
WORDPRESS_DB_PASSWORD: root
WORDPRESS_DB_NAME: db_name
volumes:
- /home/ubuntu/website/dir:/var/www/html
db:
image: mariadb
restart: always
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: db_name
volumes:
- /home/ubuntu/website/data:/var/lib/mysql
while this is the nginx configuration file
server{
listen 443 ssl;
server_name website.domain.it;
ssl_certificate /etc/letsencrypt/live/website.domain.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.domain.it/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8080;
}
}
server{
listen 80;
server_name website.domain.it;
return 301 https://website.domain.it$request_uri;
}
I've seen some other deployment with nginx, wordpress and mariadb in a stack with a strange configuration(not really explicative) but I want to deploy it with the already existent Nginx.
If it is not possible, I need a well written documentation to deploy with Nginx, Wordpress and Mariadb and then configure the nginx in the server.
Related
This is sort of a follow up question to this question.
Originally, I tried to get Keycloak to work in Docker and needed TLS, so I used nginx with docker compose. But I got an infinite spinner like people in the question, which I found via Google when trying to solve my problem. So I read in answers that people in the question said not to KC_HOSTNAME_PORT. So I tried this and indeed, it worked with port 443.
That is fine and good, but I want to get Keycloak to work in my setup with different ports such as 8443. Can someone explain how to do this based on the setup offered in the original question I referred to? Or post a complete example with a docker-compose.yml of how to do it with nginx or traefik?
EDIT: If it helps, here is my docker-compose.yml:
version: '3'
services:
keycloak:
image: quay.io/keycloak/keycloak:19.0.2
container_name: keycloak
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
PROXY_ADDRESS_FORWARDING: 'true'
KC_HOSTNAME_STRICT: 'false'
KC_HTTP_ENABLED: 'true'
KC_PROXY: 'edge'
# more
KC_PROXY_ADDRESS_FORWARDING: "true"
KC_HOSTNAME: kvm1.home
#KC_HOSTNAME_PORT: 4443
ports:
- "8080:8080"
command:
- start-dev
- "--proxy=edge"
- "--hostname-strict-https=false"
nginx:
image: nginx:1.23.1
container_name: nginx
volumes:
- ./templates:/etc/nginx/templates
ports:
#- "8000:80"
#- "4443:443"
- "80:80"
- "443:443"
environment:
- NGINX_HOST=localhost
- NGINX_PORT=80
volumes:
- ./ssl:/etc/nginx/ssl
- ./sites-enabled:/etc/nginx/sites-enabled
- ./nginx.conf:/etc/nginx/nginx.conf:rw
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
# include snippets/snakeoil.conf;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name kvm1.home;
location / {
proxy_pass http://kvm1.home:8080/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
If I used the uncommented KC_HOSTNAME_PORT and the uncommented different ports in nginx.environment, I get the infinite spinner.
If you want keycloak to expose keycloak on a different port, you need to make two changes:
Change the port on which you're publishing web-secure endpoint from Traefik
Set KC_HOSTNAME_PORT to match the new port
So that gets us:
version: "3"
services:
traefik:
image: docker.io/traefik
command:
- --api.insecure=true
- --providers.docker
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
ports:
- "127.0.0.1:8080:8080"
- "80:80"
- "8443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
keycloak:
image: quay.io/keycloak/keycloak
restart: always
command: start
environment:
KC_PROXY_ADDRESS_FORWARDING: "true"
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME: auth.example.com
KC_HOSTNAME_PORT: 8443
KC_PROXY: edge
KC_HTTP_ENABLED: "true"
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/$POSTGRES_DB?ssl=allow
KC_DB_USERNAME: $POSTGRES_USER
KC_DB_PASSWORD: $POSTGRES_PASSWORD
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
labels:
- "traefik.http.routers.cloud-network-keycloak.rule=Host(`auth.example.com`)"
- "traefik.http.routers.cloud-network-keycloak.tls=true"
- "traefik.http.services.cloud-network-keycloak.loadbalancer.server.port=8080"
postgres:
image: docker.io/postgres:14
environment:
POSTGRES_USER: $POSTGRES_USER
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_DB: $POSTGRES_DB
With this configuration, and an appropriate entry in my local /etc/hosts, file, I can access keycloak at https://auth.example.com:8443.
I have an existing NGINX server hosting 2 websites, one as standard and one on a node server. I want to run 3 docker containers as well on this.
All of the tutorials suggest running NGINX in a container, however this would conflict with my existing set up.
nodejs server, ports 3030:3030
mysql, ports 3360:3360
phpmyadmin, ports 8080:80
They run on localhost on my local machine fine, but I cant get NGINX on the remote server to host them.
I want to be able to access the node server at http://publicIP:3030
I have tried to follow this answer but NGINX is giving me 404 error when trying to access.
my nginx config is:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /paragon/ {
proxy_pass http://localhost:3030/;
# proxy_set_header X-SRV paragon;
}
location /phpmyadmin {
proxy_pass http://localhost:8080/;
# proxy_set_header X-SRV phpmyadmin;
}
location /mysql {
proxy_pass http://localhost:3360/;
# proxy_set_header X-SRV mysql;
}
I have tried it with the X-SRV headers uncommented as well.
My docker-compose.yml config is:
services:
web:
container_name: paragon_web
build: .
command: npm run
depends_on:
- db
volumes:
- ./:/app
- /node_modules
networks:
- paragon_net
ports:
- "3030:3030"
db:
container_name: paragon_db
image: mysql:8.0
command:
--default-authentication-plugin=mysql_native_password
--init-file ./src/data/db_init.sql
restart: unless-stopped
volumes:
- ./src/data/db_init.sql:/docker-entrypoint-initdb.d/
- mysql-data:/var/lib/mysql
ports:
- "3360:3306"
expose:
- "3306"
environment:
MYSQL_DATABASE: paragon
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: admin
MYSQL_PASSWORD: paragon99
SERVICE_TAG: dev
SERVICE_NAME: paragon_db
networks:
- paragon_net
# volumes:
phpmyadmin:
container_name: sql_admin
image: phpmyadmin:5.2.0-apache
restart: always
depends_on:
- db
ports:
- "8090:80"
networks:
- paragon_net
networks:
paragon_net:
driver: bridge
The location of the new site on the server are at /var/www/newsite
I am trying to set up pgadmin with docker compose and nginx but there is something weird happened.
every time I enter the site, pgadmin will redirect to /browser and also replaces host to container name, which make me browsing https://pgadmin_container/browser,but sometimes I directly go to https://my_url.com/browser it works, is it bug or I am missing something?
here is the nginx config:
server {
listen 80;
server_name some_name;
limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=10 nodelay;
location / {
resolver 127.0.0.11 valid=30s;
set $upstream_pgadmin pgadmin_container;
proxy_pass http://$upstream_pgadmin:80;
proxy_redirect off;
proxy_buffering off;
}
and here is the docker-compose contents:
pgadmin:
container_name: pgadmin_container
image: dpage/pgadmin4
environment:
PGADMIN_DEFAULT_EMAIL: someEmail
PGADMIN_DEFAULT_PASSWORD: somePassword
PGADMIN_CONFIG_SERVER_MODE: 'False'
volumes:
- ./pgadmin:/root/.pgadmin2
ports:
- "5050:80"
networks:
- shared
restart: unless-stopped
sorry for my bad English
I have a docker-compose.yml as follows setup at my root. For context, I have a Ghost CMS blog hosted on a Digital Ocean droplet. I want to install Commento using Docker (an open source commenting solution), but as I'm routing my traffic through Cloudflare DNS, I require SSL on both the server side and the frontend side.
However, I installed Ghost through Digital Ocean's one click Ghost setup, which configured nginx to be the reverse proxy for my site. Nginx is NOT in the container (installed on server). Nginx listens on port 80 and 443. When I try docker-compose up, it says the following error:
Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
Traefik cannot listen on the same ports at nginx (which is not within the container, but installed on the server itself). How can I fix this problem, and have my commento server reverse proxied through SSL as well? My docker-compose is as below:
version: '3.7'
services:
proxy:
restart: always
image: traefik
command:
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=/etc/traefik/acme/acme.json"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.onHostRule=true"
- "--acme.onDemand=false"
- "--acme.email=changeme#example.com" # TODO: Replace with your email address
- "--docker"
- "--docker.watch"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/acme:/etc/traefik/acme
networks:
- web
ports:
- "80:80"
- "443:443"
labels:
- "traefik.enable=false"
server:
image: registry.gitlab.com/commento/commento:latest
ports:
- 8080:8080
environment:
COMMENTO_ORIGIN: https://commento.example.com # TODO: Replace commento.example.com with your domami$ COMMENTO_PORT: 8080
COMMENTO_POSTGRES: postgres://postgres:passwordexample#db:5432/commento?s$
depends_on:
- db
networks:
- db_network
- web
db:
image: postgres
environment:
POSTGRES_DB: commento
POSTGRES_USER: postgres
POSTGRES_PASSWORD: examplepassword #TODO: Replace STRONG_PASSWORD with th$ networks:
- db_network
volumes:
- postgres_data_volume:/var/lib/postgresql/data
volumes:
postgres_data_volume:
networks:
web:
external
db_network:
Here is my nginx server config under available sites:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
Sorry, kind of new to this. Thank you!
docker-compose.yml
...
ports:
- "80:80"
- "443:443"
...
nginx/conf
...
listen 443 ssl http2;
listen [::]:443 ssl http2;
...
Nginx used HOST port 443, so you cannot reuse it on your docker-compose, you must another one that is free.
I have set up a web application in docker which is currently running internal to the host at 172.19.0.3:8888. I want this web application accessible over the internet on port 443 (https), with requests to port 80 (HTTP) redirected to 443.
I plan to use an Nginx reverse proxy in a docker container to achieve this, but I do not know how to properly configure it to point at the docker container 172.19.0.3:8888. Accessing http://172.19.0.3:8888 from the host works.
Here is the guide I tried to follow, but it just didn't show how to point at a docker container specifically.
https://medium.com/#pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
Note
If I set the port 443 proxy_pass to http://example.org, it works. So Cert configurations are working correctly.
Web application
Running on 172.19.0.3:8888 internal to the host
docker-compose for Nginx and Certbot
My certs are coming back clean.
version: '3'
services:
nginx:
image: nginx:1.15-alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./Volumes/nginx:/etc/nginx/conf.d
- ./Volumes/certbot/conf:/etc/letsencrypt
- ./Volumes/certbot/www:/var/www/certbot
certbot:
image: certbot/certbot
volumes:
- ./Volumes/certbot/conf:/etc/letsencrypt
- ./Volumes/certbot/www:/var/www/certbot
Nginx app.conf
server {
listen 80;
server_name forums.example.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name forums.example.com;
ssl_certificate /etc/letsencrypt/live/forums.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/forums.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://172.19.0.3:8888/;
}
}
Web Application
flarum:
image: mondedie/docker-flarum:0.1.0-beta.8.1-stable
container_name: flarum
env_file:
- ./flarum.env
volumes:
- ./Volumes/assets:/flarum/app/public/assets
- ./Volumes/extensions:/flarum/app/extensions
- ./Volumes/nginx:/etc/nginx/conf.d
depends_on:
- mariadb
mariadb:
image: mariadb:10.2
container_name: mariadb
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_DATABASE=flarum
- MYSQL_USER=flarum
- MYSQL_PASSWORD=password
volumes:
- ./Volumes/mysql/db:/var/lib/mysql
Docker Compose creates a seprate network for docker-compose.yaml file.
So you can add your web application as service (eg: webapp) in current compose file. And in nginx.conf directly point to your service. Rather than using IP you can use the service name as DNS which will resolve by Docker for the same network.
location / {
proxy_pass http://webapp:8888/;
}