I use docker-compose and there are two containers, one for uwsgi and one for nginx. But it seems that nginx fails to connect uwsgi.
Here is the environment.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
$ docker --version
Docker version 20.10.3, build 48d30b5
$ docker-compose --version
docker-compose version 1.24.0, build 0aa59064
Strangely, if I login to the nginx container and try to connect to the uwsgi manually, it succeeds as follows.
$ docker-compose ps --service
python
nginx
$ docker-compose exec nginx /bin/bash
# curl python:8001
success!
However, when I try to access uwsgi via nginx, it fails.
# curl localhost:8000/s
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.3</center>
</body>
</html>
Here is my config. What is wrong with these? How can I fix this problem?
docker-compose.yml
version: '3'
services:
nginx:
image: nginx:1.15.3
ports:
- "80:8000"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./python/uwsgi_params:/etc/nginx/uwsgi_params
- .:/code
depends_on:
- python
python:
build: ./python
ports:
- "8001:8001"
volumes:
- ./proj:/code/proj
command: bash -c "ls -l && cd proj && pwd && uwsgi --http :8001 --module fargate.wsgi --logto uwsgilog.txt"
nginx/nginx.conf
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
upstream django {
server python:8001;
}
server {
listen 8000;
server_name localhost;
root /code/nginx/html;
charset utf-8;
include /etc/nginx/default.d/*.conf;
client_max_body_size 100M;
location /static {
alias /code/proj/static;
}
location ~ ^/s/(.*)$ {
uwsgi_pass django;
include /code/python/uwsgi_params;
uwsgi_param SCRIPT_NAME /s;
uwsgi_param PATH_INFO /$1;
}
}
}
python/Dockerfile
FROM python:3.6
ENV PYTHONUNBUFFERED 1
RUN mkdir /code
RUN mkdir /code/python
WORKDIR /code
ADD . /code/python/
RUN pip install -r python/requirements.txt
Related
I'm confused about making a connection from nginx alpine to nginx alpine
both use laravel 9
on the host I can access both using http://localhost:8080
and http://localhost:5001
but when I try to use guzzle in frontend like this
$response = $http->get('http://dashboard:5001');
result is
cURL error 7: Failed to connect to dashboard_service port 5001 after 0 ms:
Connection refused
and I try to curl from frontend container to dashboard container the result is connection refused.I can ping it, but curl not work
this is my docker-compose.yml
version: "3.8"
networks:
networkname:
services:
frontend:
build:
context: .
dockerfile: ./file/Dockerfile
container_name: frontend
ports:
- 8080:80
volumes:
- ./frontend:/code
- ./.docker/php-fpm.conf:/etc/php8/php-fpm.conf
- ./.docker/php.ini-production:/etc/php8/php.ini
- ./.docker/nginx.conf:/etc/nginx/nginx.conf
- ./.docker/nginx-laravel.conf:/etc/nginx/modules/nginx-laravel.conf
networks:
- networkname
dashboard:
build:
context: .
dockerfile: ./file/Dockerfile
container_name: dashboard
ports:
- 5001:80
volumes:
- ./dashboard:/code
- ./.docker/php-fpm.conf:/etc/php8/php-fpm.conf
- ./.docker/php.ini-production:/etc/php8/php.ini
- ./.docker/nginx.conf:/etc/nginx/nginx.conf
- ./.docker/nginx-laravel.conf:/etc/nginx/modules/nginx-laravel.conf
networks:
- networkname
this is my dockerfile
FROM alpine:latest
WORKDIR /var/www/html/
# Essentials
RUN echo "UTC" > /etc/timezone
RUN apk add --no-cache zip unzip curl sqlite nginx supervisor
# Installing PHP
RUN apk add --no-cache php8 \
php8-common \
php8-fpm \
# Installing composer
RUN curl -sS https://getcomposer.org/installer -o composer-setup.php
RUN php composer-setup.php --install-dir=/usr/local/bin --filename=composer
RUN rm -rf composer-setup.php
# Configure supervisor
RUN mkdir -p /etc/supervisor.d/
COPY .docker/supervisord.ini /etc/supervisor.d/supervisord.ini
# Configure PHP
RUN mkdir -p /run/php/
RUN mkdir -p /test
RUN touch /run/php/php8.0-fpm.pid
CMD ["supervisord", "-c", "/etc/supervisor.d/supervisord.ini"]
this is my nginx conf
server {
listen 80;
server_name localhost;
root /code/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass localhost:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
I'm confused about having to set it up in docker, nginx or alpine linux
Thanks.
Hello if you try this from inside container's php you needn't check it with port
Type such from php:
$response = $http->get('http://dashboard');
But, if you check this from out container you may enter like ip:port
$response = $http->get('http://127.0.0.1:5001');
If you are connecting to a docker container within the same network, then use the internal port. If not, use the external port.
In your case, you are trying to connect to the dashboard container from within networkname network. So try http://dashboard instead of http://dashboard:5001
I have been following a few tutorials to try and get my SSL cert working with my docker enviroment. I have decided to go down the route of a self-signed certificate with letsencrypt. I have generated the certificate with the following command
certbot certonly --manual \
--preferred-challenges=dns \
--email {email_address} \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--manual-public-ip-logging-ok \
-d "*.servee.co.uk"
NOTE: I am using multi tenancy so I need the wildcard on my domain
This works, the certificate has been generated on my server. I am now trying to use this with my docker nginx container.
My docker-compose.yml files looks like this
...
services:
nginx:
build:
context: docker/nginx
dockerfile: Dockerfile
ports:
- 433:433
- 80:80
volumes:
- ./src:/var/www/html:delegated
depends_on:
- app
- mysql
networks:
- laravel
...
This is my Dockerfile
FROM nginx:stable-alpine
COPY ./fullchain.pem /etc/nginx/fullchain.pem
COPY ./privkey.pem /etc/nginx/privkey.pem
ADD nginx.conf /etc/nginx/nginx.conf
ADD default.conf /etc/nginx/conf.d/default.conf
RUN mkdir -p /var/www/html
RUN addgroup -g 1000 laravel && adduser -G laravel -g laravel -s /bin/sh -D laravel
RUN chown laravel:laravel /var/www/html
I am copying the pem files into the nginx container so I can use them.
Here is my default.conf file which should be loading my certificate
server {
listen 80;
index index.php index.html;
server_name servee.co.uk;
root /var/www/html/public;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
server {
listen 443 ssl;
server_name servee.co.uk;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
index index.php index.html;
location / {
proxy_pass http://servee.co.uk; #for demo purposes
}
}
The nginx container builds successfully and when I bash into it I can find the pem files. The issue is when I go to https://servee.co.uk I just get Unable to connect error. If I go to http://servee.co.uk it works fine.
I'm not sure what I have missed, this has really put me off docker because its such a pain to get SSL working so hopefully its an easy fix.
You need to update your docker-compose.yml file to use port 443 instead of 433 to match your nginx.conf. Try the below docker-compose.yml file.
...
services:
nginx:
build:
context: docker/nginx
dockerfile: Dockerfile
ports:
- 443:443
- 80:80
volumes:
- ./src:/var/www/html:delegated
depends_on:
- app
- mysql
networks:
- laravel
...
I have a dockerized jenkins container behind dockerized Nginx reverse proxy that work perfectly with http but throw ERR_SSL_PROTOCOL_ERROR when i try to get jenkins url with https.
I used auto-signed certificates
my jenkins Dockerfile:
LABEL maintainer="barrybhoye#gmail.com"
ENV JAVA_OPTS="-Xmx8192m"
ENV JENKINS_OPTS=" --handlerCountMax=300"
USER root
RUN mkdir /var/log/jenkins
RUN mkdir /var/cache/jenkins
RUN chown -R jenkins:jenkins /var/cache/jenkins
RUN chown -R jenkins:jenkins /var/log/jenkins
USER jenkins
ENV JENKINS_OPTS="--handlerCountMax=300 --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war"
my Nginx Dockerfile:
LABEL maintainer="barrybhoye#gmail.com"
RUN yum -y update; yum clean all
RUN yum -y install http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm; yum -y makecache
RUN yum -y install nginx-1.10.1
RUN rm /etc/nginx/conf.d/default.conf
COPY conf/jenkins.conf /etc/nginx/conf.d/jenkins.conf
COPY conf/nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
EXPOSE 443
CMD ["nginx"]
my docker compose:
services:
master:
build: ./jenkins-master
ports:
- "8080:8080"
- "50000:50000"
volumes:
- jenkins-log:/var/log/jenkins
- jenkins-data:/var/jenkins_home
- ./certs:/etc/nginx/ssl
networks:
- jenkins-net
nginx:
build: ./jenkins-nginx
ports:
- "80:80"
- "443:443"
networks:
- jenkins-net
volumes:
jenkins-data:
jenkins-log:
networks:
jenkins-net:
my jenkins conf:
listen 80;
listen 443 ssl;
server_name domaine;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_verify_client off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
location / {
proxy_pass http://domaine:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
my nginx conf:
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
#tcp_nopush on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
I install nginx:1.15.6 container by docker-compose file and I want to remove Server header from all nginx responses, by the search I found bellow way
set "more_set_headers 'Server: custom';" in nginx configuration but there is an error to respond . How can I remove server header in nginx docker? I think I should install "headers-more-nginx-module-0.33" module but I dont know how can i install it :(
error :
[emerg] 1#1: unknown directive "more_set_headers" in /etc/nginx/conf.d/default.conf:22
docker-compose file:
version: '3'
services:
web:
build:
context: nginx
container_name: r_nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./code:/code
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./nginx/ssl:/etc/ssl
- ./nginx/logs:/var/log/nginx
restart: always
depends_on:
- php
php:
build: phpfpm
container_name: r_php
restart: always
volumes:
- ./phpfpm/raya.ini:/opt/bitnami/php/etc/conf.d/custom.ini
- ./code:/code
default.conf :
server_tokens off;
server {
listen 80;
listen 443 ssl;
ssl on;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/cert_chain.crt;
ssl_certificate_key /etc/ssl/private.key;
index index.php index.html;
#server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /code;
error_page 404 403 402 401 422 = /errors/error.php;
error_page 500 501 502 503 504 = /errors/error.php;
# bellow line get error :
# more_set_headers "Server: custom";
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /assets/ {
}
location / {
rewrite ^(.*)$ /index.php;
}
}
more_set_headers is a part of the headers_more module, so it needs an additional nginx package to work properly. nginx-extras could be installed while building docker image for nginx container:
FROM nginx:1.15.6
RUN apt-get update && apt-get install -y nginx-extras
Hope this helps.
Here a solution that worked for me. I took out the version numbers and stripped down the config with only what is really needed.
Dockerfile
FROM ubuntu
RUN apt-get update
RUN apt-get install -y nginx
RUN apt-get install libnginx-mod-http-headers-more-filter
nginx.conf
server_tokens off; # hides version on 404 or 500 pages
more_clear_headers 'Server'; # removes Server header from response headers
server {
...
}
I am trying to get SSL for my site, i have try to do it with many tutorial i have follows, and yeah i can do it, but many of these tutorial mostly using nginx as a webserver.
But.. now i want to get SSL for my site which running on docker and gunicorn as a webserver. I have follows many tutorials and source, but i can't do it.
and so.. how to do that.?, any source example or tutorials will be very appreciated...?
this my Dockerfile:
FROM python:3.6.5-stretch
MAINTAINER Irwan Santosa
RUN apt-get update && apt-get install -y build-essential libpq-dev
ENV INSTALL_PATH_DOCKER /web_app_docker
RUN mkdir -p $INSTALL_PATH_DOCKER
WORKDIR $INSTALL_PATH_DOCKER
COPY requirements.txt requirements_docker.txt
RUN pip install -r requirements_docker.txt
COPY . .
CMD gunicorn -b 0.0.0.0:80 --access-logfile - "web_app.app:create_app()"
and this is my docker-compose.yml :
version: '3'
services:
web_app_docker:
build: .
command: >
gunicorn -b 0.0.0.0:80
--access-logfile -
--reload
"web_app.app:create_app()"
volumes:
- '.:/web_app_docker'
ports:
- '9999:80'
service_postgresql_docker:
image: 'postgres:9.6'
environment:
POSTGRES_USER: 'irwan'
POSTGRES_PASSWORD: '12345'
volumes:
- '/var/lib/postgresql/data'
ports:
- '5435:5432'
[SOLVED] i am do it with nginx reverse proxy.
This my default file config at /etc/nginx/sites-available/default
server
{
listen 80;
listen [::]:80;
server_name irwan.trinanda.tk;
return 301 https://$server_name$request_uri;
}
server
{
listen 443 ssl;
listen [::]:443 ssl;
server_name irwan.trinanda.tk;
ssl on;
ssl_certificate /etc/letsencrypt/live/irwan.trinanda.tk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/irwan.trinanda.tk/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/irwan.trinanda.tk/dhparams.pem;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location /.well-known
{
root /var/www/ssl/website1/;
}
location /
{
include proxy.conf;
proxy_pass http://128.199.80.54:9999/;
}
}
i have follow this tutorial, and yea.. i got it:
https://www.guyatic.net/2017/05/09/configuring-ssl-letsencrypt-certbot-nginx-reverse-proxy-nat/
many thanks to who was wrote that.