I've read through all of the related traefik / websocket issues here and other forums, but I wasn't able to solve the problem for my setup.
I'm trying to run Dataiku DSS behind Traefik as reverse proxy. But I'm still new to Traefik and can't figure out how to make websockets for my service work via Traefik.
I'm using the following config:
traefik.yml:
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: admin#example.com
storage: acme.json
httpChallenge:
entryPoint: http
traefik/docker-compose.yml:
version: '3'
services:
traefik:
image: traefik:v2.0
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<PW>"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api#internal"
networks:
proxy:
external: true
dataiku/docker-compose.yml:
version: '3.7'
services:
dataiku:
build:
context: .
dockerfile: Dockerfile
restart: on-failure
volumes:
- dss_data:/home/dataiku/dss
labels:
- traefik.enable=true
- traefik.http.routers.dataiku.entrypoints=http
- traefik.http.routers.dataiku.rule=Host(`dataiku.example.com`)
#- traefik.http.middlewares.dataiku-https-redirect.redirectscheme.scheme=https
#- traefik.http.routers.dataiku.middlewares=dataiku-https-redirect
#- traefik.http.routers.dataiku-secure.entrypoints=https
#- traefik.http.routers.dataiku-secure.rule=Host(`dataiku.example.com`)
#- traefik.http.routers.dataiku-secure.tls=true
#- traefik.http.routers.dataiku-secure.tls.certresolver=http
#- traefik.http.routers.dataiku-secure.service=dataiku
- traefik.http.services.dataiku.loadbalancer.server.port=10000
- traefik.docker.network=proxy
volumes:
dss_data:
networks:
proxy:
external: true
However, when I run dataiku, I see that the websocket connections fail. In Firefox, I see that right after the WS connection is attempted, I get the following error: XSRF validation failed.
On Chrome, I see the following: Error during WebSocket handshake: Sent non-empty 'Sec-WebSocket-Protocol' header but no response was received
The request headers looks like this:
Host: example.com
User-Agent: ...
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://example.com
Sec-WebSocket-Protocol: dummy, xsrf-7646db48d09813bbe5038c1aa2967e0a9712f81a24b156731f88bde5d3c4d8a5
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3sSlW9J6GN6d4+bhFr1IIQ==
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
The response headers looks like this:
HTTP/1.1 101 Switching Protocols
Connection: upgrade
Date: Sat, 06 Jun 2020 15:18:08 GMT
Sec-Websocket-Accept: x29WLUMyl5OmRfhZOncdLE65lOU=
Server: nginx
Upgrade: WebSocket
Both errors indicate to me, that the response is missing a correct Sec-WebSocket-Protocol header. But I don't know how to fix that. Initially I thought it might have something to do with TLS, that's why I commented out the secure entrypoint and redirect. But it still exists.
I've previously had no issues with a nginx config like this one:
server {
# Host/port on which to expose Data Science Studio to users
listen 80;
server_name dss.example.com;
location / {
# Base url of the Data Science Studio installation
proxy_pass http://DSS_HOST:DSS_PORT/;
proxy_redirect off;
# Allow long queries
proxy_read_timeout 3600;
proxy_send_timeout 600;
# Allow large uploads
client_max_body_size 0;
# Allow protocol upgrade to websocket
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Does anyone have an idea how to solve this?
Related
In order to host multiple websites I'am trying to reproduce the following schema
diagram
The redirection works correctly with the following sites and without having to indicate the port: https://git.domain.tld and https://portainer.domain.tld
but does not work for: https://test.domain.tld (The page is not redirected correctly => I'm getting this ERR_TOO_MANY_REDIRECTS)
here is my docker-compose :
version: '2'
services:
proxy:
image: jwilder/nginx-proxy
container_name: proxy
restart: unless-stopped
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:rw
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro
ports:
- "80:80"
- "443:443"
networks:
- "default"
- "proxy-tier"
proxy-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
restart: unless-stopped
environment:
- NGINX_PROXY_CONTAINER=proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- "proxy"
depends_on:
- "proxy"
networks:
- "default"
- "proxy-tier"
portainer:
image: portainer/portainer
container_name: portainer
restart: always
environment:
- VIRTUAL_HOST=portainer.domain.tld
- LETSENCRYPT_HOST=portainer.domain.tld
- LETSENCRYPT_EMAIL=xxxxx#xxxx.xxx
- LETSENCRYPT_TEST=false
volumes:
- ./portainer/:/data
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "9000:9000"
networks:
- "default"
- "proxy-tier"
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: unless-stopped
environment:
- VIRTUAL_HOST=git.domain.tld
- LETSENCRYPT_HOST=git.domain.tld
- LETSENCRYPT_EMAIL=xxxx#xxxx.xxx
- LETSENCRYPT_TEST=false
- VIRTUAL_PORT=3000
- ROOT_URL=https://git.domain.tld
- DOMAIN=git.domain.tld
- PROTOCOL=http
- USER_UID=1000
- USER_GID=1000
- POSTGRES_USER=xxxxx
- POSTGRES_PASSWORD=xxxxxxx
- POSTGRESS_DB=xxxxx
volumes:
- ./gitea:/data
ports:
- "9001:3000"
- "9002:22"
networks:
- "default"
- "proxy-tier"
nextcloud:
image: lscr.io/linuxserver/nextcloud
container_name: drive
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- VIRTUAL_HOST=test.domain.tld
- LETSENCRYPT_HOST=test.domain.tld
- LETSENCRYPT_EMAIL=xxxxxxxx#xxxxxxxxxx.xxx
- LETSENCRYPT_TEST=true
- DEBUG=true
ports:
- "9005:443"
- "9006:80"
volumes:
- ./drive/appdata:/config
- ./drive/data:/data
networks:
- "default"
- "proxy-tier"
restart: unless-stopped
volumes:
certs:
vhost.d:
html:
nextcloud:
db:
networks:
proxy-tier:
Thank you in advance for your help, I've been stuck on this problem for a few days
EDIT :
Some lines from proxy logs when I enter test.domain.tld:
nginx.1 | test.domain.tld 91.182.X.X - - [28/Apr/2022:04:21:27 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0" "172.29.0.6:80"
nginx.1 | test.domain.tld 91.182.X.X - - [28/Apr/2022:04:21:27 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0" "172.28.0.3:80"
nginx.1 | test.domain.tld 91.182.X.X - - [28/Apr/2022:04:21:28 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0" "172.29.0.6:80"
...
AND this is from nexcloud :
Exception: Not installed in /config/www/nextcloud/lib/base.php:277
Stack trace:
#0 /config/www/nextcloud/lib/base.php(649): OC::checkInstalled()
#1 /config/www/nextcloud/lib/base.php(1087): OC::init()
#2 /config/www/nextcloud/cron.php(43): require_once('/config /www/nex...')
}
Exception: Not installed in /config/www/nextcloud/lib/base.php:277
Stack trace:
#0 /config/www/nextcloud/lib/base.php(649): OC::checkInstalled()
#1 /config/www/nextcloud/lib/base.php(1087): OC::init()
#2 /config/www/nextcloud/cron.php(43): require_once('/config/www/nex...')
}
Exception: Not installed in /config/www/nextcloud/lib/base.php:277
Stack trace:
#0 /config/www/nextcloud/lib/base.php(649): OC::checkInstalled()
#1 /config/www/nextcloud/lib/base.php(1087): OC::init()
#2 /config/www/nextcloud/cron.php(43): require_once('/config/www/nex...')
}
...
And this is my ngnix config /etc/nginx/conf.d/default.conf
# test.domain.tld
upstream test.domain.tld {
# Exposed ports: [{ 443 9005 tcp 0.0.0.0} { 80 9006 tcp 0.0.0.0}]
# Default virtual port: 80
# VIRTUAL_PORT: <no value>
## Can be connected with "proxy_default" network
# drive
server 172.28.0.3:80;
# Cannot connect to network 'proxy_proxy-tier' of this container
# Cannot connect to network 'proxy_default' of this container
## Can be connected with "proxy_proxy-tier" network
# drive
server 172.29.0.6:80;
}
server {
server_name test.domain.tld;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name test.domain.tld;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/test.domain.tld.crt;
ssl_certificate_key /etc/nginx/certs/test.domain.tld.key;
ssl_dhparam /etc/nginx/certs/test.domain.tld.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/test.domain.tld.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://test.domain.tld;
}
}
The answer is in the question itself - yes, it is possible and you already doing it.
You say the page test.domain.tld is not redirected correctly - what exactly happens?
Without knowing what happens exactly with the redirection when you enter the test.domain.tld, I would suggest some experiments with the nextcloud image, but in the first place I would ensure if in the exact configuration you have, there is no typo in the VIRTUAL_HOST environment variable. In the example it looks good, but in the actual compose file you use there might be a typo that would cause it to fail.
The other services work, so the nextcloud setup might need something yet to work with nginx-proxy.
I have traefik running in docker (on a windows host). The problem I have is that the X-Real-IP header alawys shows the docker network gateway ip instead of the real client ip. I'm not sure what I'm doing wrong, I know traefik in host network mode should work, but then it would no longer find the docker services on it's own.
This is my docker compose file:
version: "3.7"
networks:
t2_proxy:
external:
name: t2_proxy
default:
driver: bridge
services:
traefik:
# The official v2 Traefik docker image
image: traefik/traefik:latest
container_name: traefik
restart: unless-stopped
# Enables the web UI and tells Traefik to listen to docker
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.https.address=:443
- --api=true
- --api.insecure=true
- --api.dashboard=true
- --log=true
- --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/traefiklog/traefik.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --providers.docker=true
- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.xxx.com`)
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.exposedByDefault=false
- --providers.docker.network=t2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
- --providers.file.watch=true # Only works on top level files in the rules folder
networks:
t2_proxy:
ipv4_address: 192.168.90.254
ports:
- target: 443
published: 443
protocol: tcp
mode: host
volumes:
- C:\docker/traefik/rules:/rules
- /var/run/docker.sock:/var/run/docker.sock:ro
- C:\docker/traefik/logs:/traefiklog
- C:\docker/shared:/shared
labels:
- "traefik.enable=true"
whoami:
image: "containous/whoami"
container_name: "whoami"
networks:
t2_proxy:
ipv4_address: 192.168.90.200
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.xxx.com`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.tls=true"
I set up the network with:
docker network create --gateway 192.168.90.1 --subnet 192.168.90.0/24 t2_proxy
and this is the output of the whoami webrequest in the browser:
Hostname: 8752e7b8a5d4
IP: 127.0.0.1
IP: 192.168.90.200
RemoteAddr: 192.168.90.254:36228
GET / HTTP/1.1
Host: whoami.xxx.com:433
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cache-Control: max-age=0
Dnt: 1
Te: trailers
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 192.168.90.1
X-Forwarded-Host: whoami.xxx.com:433
X-Forwarded-Port: 433
X-Forwarded-Proto: https
X-Forwarded-Server: 969f601c0c24
X-Real-Ip: 192.168.90.1
The solution seems to be presented in this guide: https://dockerswarm.rocks/traefik/#getting-the-client-ip
If you need to read the client IP in your applications/stacks using the X-Forwarded-For or X-Real-IP headers provided by Traefik, you need to make Traefik listen directly, not through Docker Swarm mode, even while being deployed with Docker Swarm mode.
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
I’m trying to install Nextcloud on my server with Docker using a Caddy reverse proxy. Caddy is working for other services so I will just copy the Caddyfile here.
There are 3 ways I tried accessing it on the Docker host machine:
localhost:8080 - working
IP of host machine - it says it is not a trusted domain
domain - 502 Bad Gateway
Please help I’ve already tried multiple configurations but can not get it working.
Caddyfile:
{domain} {
tls {email}
tls {
dns godaddy
}
# Enable basic compression
gzip
# Service discovery via well-known
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
proxy / http://nextcloud:8080 {
# X-Forwarded-For, etc...
transparent
# Nextcloud best practices and security
header_downstream Strict-Transport-Security "max-age=15552000;"
header_downstream Referrer-Policy "strict-origin-when-cross-origin"
header_downstream X-XSS-Protection "1; mode=block"
header_downstream X-Content-Type-Options "nosniff"
header_downstream X-Frame-Options "SAMEORIGIN"
}
}
docker-compose file:
version: '3.7'
services:
db:
container_name: nextcloud-db
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- db:/var/lib/mysql
env_file:
- ./nextcloud/config/db.env
environment:
- MYSQL_ROOT_PASSWORD={pw}
networks:
- db
app:
container_name: nextcloud
image: nextcloud
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html
env_file:
- ./nextcloud/config/db.env
environment:
- MYSQL_HOST=db
- NEXTCLOUD_TRUSTED_DOMAINS="localhost {host ip} {domain}"
restart: always
networks:
- proxy
- db
depends_on:
- db
volumes:
db:
nextcloud:
networks:
db:
Figured it out.
In the Caddyfile the nextcloud port should be 80 instead of 8080 as it is in the inner network.
I am trying to containerize all things related to my web app using Docker Compose, including Nginx & SSL Certificates. To do this I am using the Nginx Proxy image from JWilder and the LetsEncrypt Companion, but am having trouble getting the nginx proxy to work, result ends up being:
Nginx 502 Bad Gateway
[error] 31160#0: *35 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: domain.com, request: "GET /dev/ HTTP/1.1", upstream: "webapp://127.0.0.1:8080", host: "domain.com"
This only happened when trying to set up the Nginx proxy and SSL certificates so I know it's a configuration issue for either or both of these containers. If anyone can spot where I am going wrong, I would be extremely grateful!
Here are the containers in question:
version: '3.1'
networks:
mywebapp:
services:
nginx-proxy:
container_name: nginx-proxy
build: ./env/nginx-proxy
networks:
- mywebapp
ports:
- 80:80
- 443:443
env_file:
- ./env/nginx-proxy/.env
depends_on:
- webapp
tty: true
volumes:
- ./src:/home/www/mywebapp/src
- ./storage:/home/www/storage/mywebapp
- ./data/nginx-proxy/logs:/var/log/nginx
- ./env/nginx-proxy/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx-proxy/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx-proxy/webserver/vhost.d:/etc/nginx/vhost.d
- ./env/nginx-proxy/webserver/defaults:/etc/nginx/defaults
- ./env/nginx-proxy/webserver/global:/etc/nginx/global
- ./env/nginx-proxy/ssl/certs:/etc/nginx/certs
- ./env/nginx-proxy/share:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
letsencrypt:
restart: always
container_name: letsencrypt
image: jrcs/letsencrypt-nginx-proxy-companion
env_file:
- ./env/letsencrypt/.env
volumes:
- ./data/letsencrypt/logs:/var/log
- ./env/nginx-proxy/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx-proxy/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx-proxy/webserver/vhost.d:/etc/nginx/vhost.d
- ./env/nginx-proxy/webserver/defaults:/etc/nginx/defaults
- ./env/nginx-proxy/webserver/global:/etc/nginx/global
- ./env/nginx-proxy/ssl/certs:/etc/nginx/certs
- ./env/nginx-proxy/share:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- nginx-proxy
webapp:
container_name: webapp
build: ./env/webapp
hostname: webapp
networks:
- mywebapp
ports:
- 9000:9000
- 8080:8080
volumes:
- ./env/composer:/home/www/.composer
- ./env/global/bashrc:/home/www/.bashrc
- ./data/bash/.bash_history:/home/www/.bash_history
- ~/.ssh:/home/www/.ssh:ro
- ~/.gitconfig:/home/www/.gitconfig:ro
- ./storage:/home/www/storage/mywebapp
- ./src:/home/www/mywebapp/src
Key points being:
Webapp is the source of my web application which is running PHP, MySQL and Nginx webserver. The webapp webserver exposes and listens on port 8080 to serve the PHP files.
Nginx proxy exposes standard ports 443 and 80 and proxy passes to webapp on port 8080
LetsEncrypt Companion generates the certs and renews.
Nginx Proxy server configuration:
upstream webapp {
server 127.0.0.1:8080;
}
server {
listen 80;
listen [::]:80;
server_name webapp.localhost;
location / {
proxy_pass http://webapp;
}
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate certs/default.crt;
ssl_certificate_key certs/default.key;
include /etc/nginx/global/ssl-params.conf;
server_name webapp.localhost;
location / {
proxy_pass http://webapp;
}
}
Webapp webserver configuration:
server {
listen 8080;
listen [::]:8080;
server_name webapp.localhost;
root /home/www/webapp/src;
index index.php;
include /etc/nginx/defaults/php.conf;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
}
When visiting http://webapp.localhost:8080 I can see the webapp webserver serves the page no trouble, so I suspect it's something wrong with my Nginx Proxy server configuration.
Thanks for reading.
Since nginx and webapp are on two separate containers, nginx can't reach webapp on localhost(127.0.0.1) as you've configured for upstream:
upstream webapp {
server 127.0.0.1:8080;
}
Change it to webapp:8080.
While experimenting with docker-compose, I'm running into some issues with NGINX and the dns. The error is the regular "connection refused while connecting to upstream" in NGINX. I think the problem arises due to the port numbers.
Examples online like this one run the NGINX on port 80, which doesn't cause the issue.
The docker-compose.yml:
version: '3'
services:
http-server:
networks:
- mynetwork
image: nginx_image
ports:
- 8080:8080
depends_on:
- frontend
- rest_api
frontend:
networks:
- mynetwork
image: frontend_image
ports:
- 8001:8001
rest_api:
networks:
- mynetwork
image: rest_api_image
ports:
- 8000:8000
networks:
mynetwork:
driver: bridge
nginx.conf for nginx_image has this block:
server {
listen 8080;
location /static/js/ {
proxy_pass http://frontend;
}
location /static/css/ {
proxy_pass http://frontend;
}
location /static/ {
proxy_pass http://rest_api;
}
location / {
proxy_pass http://frontend;
}
location /rest_api/ {
proxy_pass http://rest_api;
}
}
Now, both the frontend and api are called over port 80, while it should be 8001 and 8000.
What am I missing? I would expect docker-compose to make the port mapping automatically.
Thanks in advance!
Kind regards,
DA
EDIT1: here's the error (including the hostname suggestion)
EDIT2: updated the question
http-server_1 | 2018/06/04 14:47:50 [error] 14#14: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "GET /rest_api/admin/ HTTP/1.1", upstream: "http://172.18.0.2:80/rest_api/admin/", host: "localhost:8080"
you have to specify hostnames:
frontend:
image: frontend_image
hostname: frontend
ports:
- 8001:8001
rest_api:
hostname: rest_api