Develop Reference

Problem with nginx reverse proxy and docker. Only one proxy_path is working

I am completly lost.. So i have two proxy_paths in my nginx conf: '/' and '/api'. '/' redirects to my frontend and is working perfectly but the '/api' proxy path is not working at all. The proxy server is logging requests to '/api/' but not forwarding them to my actual api-server. I'm missing something. Is the '/' proxy_path some sort of catch all that overrides any other proxy paths? Any assistance would be invaluable! Thanks! Here are my configs:
nginx reverse proxy conf:
server {
listen 80;
server_name proxy;
location / {
proxy_pass http://frontend_prod:3000/;
}
location /api {
proxy_pass http://api_prod:3333/;
}
}
docker-compose:
version: '3.1'
services:
proxy:
build: ./proxy/
ports:
- '9000:80'
restart: always
depends_on:
- frontend_prod
- api_prod
frontend_prod:
build: ./frontend/nginx/
ports:
- '3000'
depends_on:
- api_prod
restart: always
db:
image: mariadb
restart: always
environment:
MYSQL_ROOT_PASSWORD: hunter2
api_prod:
build: ./backend/api/
command: npm run production
ports:
- '3333'
depends_on:
- db

GET http://api:1337/games net::ERR_NAME_NOT_RESOLVED for nuxt.js pages using asyncData

I have somewhat complicated setup with docker. Everything's working as expected except I have this weird problem.
Visiting index page or /pages/_id pages I have no errors. But when I try to open /other-page it crashes. All are using the same API url.
Error found in the console when opening /other-page:
GET http://api:1337/games net::ERR_NAME_NOT_RESOLVED
Not sure what to do, any suggestions?
nuxt.config.js
axios: {
baseURL: 'http://api:1337'
},
docker-compose.yml
version: '3'
services:
api:
build: .
image: strapi/strapi
environment:
- APP_NAME=strapi-app
- DATABASE_CLIENT=mongo
- DATABASE_HOST=db
- DATABASE_PORT=27017
- DATABASE_NAME=strapi
- DATABASE_USERNAME=
- DATABASE_PASSWORD=
- DATABASE_SSL=false
- DATABASE_AUTHENTICATION_DATABASE=strapi
- HOST=api
- NODE_ENV=production
ports:
- 1337:1337
volumes:
- ./strapi-app:/usr/src/api/strapi-app
#- /usr/src/api/strapi-app/node_modules
depends_on:
- db
restart: always
links:
- db
nuxt:
# build: ./app/
image: "registry.gitlab.com/username/package:latest"
container_name: nuxt
restart: always
ports:
- "3000:3000"
links:
- api:api
command:
"npm run start"
nginx:
image: nginx:1.14.2
expose:
- 80
container_name: nginx
restart: always
ports:
- "80:80"
volumes:
- ./nginx:/etc/nginx/conf.d
depends_on:
- nuxt
links:
- nuxt
index.vue
...
async asyncData({ store, $axios }) {
const games = await $axios.$get('/games')
store.commit('games/emptyList')
games.forEach(game => {
store.commit('games/add', {
id: game.id || game._id,
...game
})
})
return { games }
},
...
page.vue
...
async asyncData({ store, $axios }) {
const games = await $axios.$get('/games')
store.commit('games/emptyList')
games.forEach(game => {
store.commit('games/add', {
id: game.id || game._id,
...game
})
})
return { games }
},
...
Nginx conf
upstream webserver {
ip_hash;
server nuxt:3000;
}
server {
listen 80;
access_log off;
connection_pool_size 512k;
large_client_header_buffers 4 512k;
location / {
proxy_pass http://webserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
}
UPDATE:
Tried what Thomasleveil suggested. Now I'm receiving following error:
nuxt | [2:09:35 PM] Error: connect ECONNREFUSED 127.0.0.1:80
So, it seems like now /api is being forwarded to 127.0.0.1:80. Not sure why ^^
nuxt.config.js
axios: {
baseURL: '/api'
},
server: {
proxyTable: {
'/api': {
target: 'http://localhost:1337',
changeOrigin: true,
pathRewrite: {
"^/api": ""
}
}
}
}
docker-compose.yml
version: '3'
services:
reverse-proxy:
image: traefik # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
volumes:
- /var/run/docker.sock:/var/run/docker.sock # listen to the Docker events
networks:
- mynet
api:
build: .
image: strapi/strapi
container_name: api
environment:
- APP_NAME=strapi-app
- DATABASE_CLIENT=mongo
- DATABASE_HOST=db
- DATABASE_PORT=27017
- DATABASE_NAME=strapi
- DATABASE_USERNAME=
- DATABASE_PASSWORD=
- DATABASE_SSL=false
- DATABASE_AUTHENTICATION_DATABASE=strapi
- HOST=api
- NODE_ENV=development
ports:
- 1337:1337
volumes:
- ./strapi-app:/usr/src/api/strapi-app
#- /usr/src/api/strapi-app/node_modules
depends_on:
- db
restart: always
networks:
- mynet
labels:
- "traefik.backend=api"
- "traefik.docker.network=mynet"
- "traefik.frontend.rule=Host:example.com;PathPrefixStrip:/api"
- "traefik.port=1337"
db:
image: mongo
environment:
- MONGO_INITDB_DATABASE=strapi
ports:
- 27017:27017
volumes:
- ./db:/data/db
restart: always
networks:
- mynet
nuxt:
# build: ./app/
image: "registry.gitlab.com/username/package:latest"
container_name: nuxt
restart: always
ports:
- "3000:3000"
command:
"npm run start"
networks:
- mynet
labels:
- "traefik.backend=nuxt"
- "traefik.frontend.rule=Host:example.com;PathPrefixStrip:/"
- "traefik.docker.network=web"
- "traefik.port=3000"
networks:
mynet:
external: true

Visiting index page or /pages/_id pages I have no errors. But when I try to open /other-page it crashes.
To reformulate:
I have a main page at / that shows some links targeting pages at /pages/_id (where _id is a valid game id)
When I open / or /pages/_id, the content shows up
But if I click a link from page / targeting /pages/xxx (where xxx is a valid id), I got an error
Furthermore if I refresh the page, I then see the content and not the error
content for those pages comes from an api server. Pages are supposed to fetch the content by calling the api server and then render the page contents with the response.
What's happening here?
AsyncData
The way asyncData works in nuxt.js is the following:
on first page load
the user enters the url http://yourserver/pages/123 in its browser
the nuxt web server handles the request, resolve the route and mount the vue component for that page
the asyncData method from the vue component is called from the nuxt.js server side
the nuxt.js server (not the user browser) then fetch the content by making different call to http://api:1337/games/123, receive the response and the content renders.
when the user clicks a link for another page
Something a bit different happens now.
The user is still on the page http://api:1337/games/123 which has a link to the main page listing all the games (http://yourserver/) and click it.
the browser does not load any new page. Instead, the user browser makes an ajax call to http://api:1337/games to try to fetch the new content. And fails due to a name resolution error
Why?
This is a feature brought to you by nuxt.js to speed up page content loading time. from the documentation, the important bit of information is:
asyncData is called every time before loading the page component. It will be called server-side once (on the first request to the Nuxt app) and client-side when navigating to further routes.
server-side means the call is made from the nuxt server to the api server
client-side means the call is made from the user browser to the api server
Now the fun part:
the nuxt server is running in a first container
the api server is running in a second container and is listening on port 1337
from the nuxt container, the url for calling the api server is http://api:1337/, and this works fine
from the user browser, calling http://api:1337 fails (net::ERR_NAME_NOT_RESOLVED) because the user computer does not know how to translate the domain name api to an IP address. And even if it could, this IP Address would be unreachable anyway.
What can be done?
You need to set up a reverse proxy that will forward requests made by the user browsers to url starting with http://yourserver/api/ to the api container on port 1337.
And you need to configure nuxt.js so that links to the api made client-side (from the user browser) use the url http://yourserver/api instead of http://api:1337/
And you need to configure nuxt.js so that it keeps calling http://api:1337 for calls made server-side.
adding a reverse proxy for calls made from nuxt (server-side)
Since you are using the nuxt.js Axios module to make calls to the api container, you are half way there.
The Axios module has a proxy option that can be set to true in nuxtjs.config.js
Bellow is an example of setting up a reverse proxy for your project using Traefik, but the documentation state that the proxy is incompatible with the usage of the baseURL option. The prefix option must be used instead.
Your nuxt.config.js should then look like this:
axios: {
prefix: '/api',
proxy: true
},
proxy: {
'/api/': {
target: 'http://localhost:1337',
pathRewrite: {
'^/api/': ''
}
}
},
This works fine from your development computer, where if strapi is running and responding at http://localhost:1337. But this won't work in a container because we there need to replace http://localhost:1337 with http://api:1337.
To do so, we can introduce an environment variable (STRAPI_URL):
axios: {
prefix: '/api',
proxy: true
},
proxy: {
'/api/': {
target: process.env.STRAPI_URL || 'http://localhost:1337',
pathRewrite: {
'^/api/': ''
}
}
},
We will later set the STRAPI_URL in the docker-compose.yml file.
adding a reverse proxy for calls made from the user browser (client-side)
Since I gave up on implementing reverse proxies with nginx when using docker, here's an example with Traefik:
docker-compose.yml:
version: '3'
services:
reverseproxy: # see https://docs.traefik.io/#the-traefik-quickstart-using-docker
image: traefik:1.7
command: --docker
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
api:
image: strapi/strapi
environment:
- ...
expose:
- 1337
labels:
traefik.frontend.rule: PathPrefixStrip:/api
traefik.port: 1337
nuxt:
image: ...
expose:
- 3000
command:
"npm run start"
labels:
traefik.frontend.rule: PathPrefixStrip:/
traefik.port: 3000
Now all HTTP requests made by the user browser to http://yourserver will be handled by the Traefik reverse proxy.
Traefik will configure forwarding rules by looking at labels starting with traefik. on the nuxt and api containers.
What changed?
You now have 2 reverse proxies:
one for server-side requests (the nuxt.js Proxy module)
one for client-side requests (Traefik)
It's not done yet
We now need to instruct the nuxt.js Proxy module that it must forward requests to http://api:1337/. We are going to use the STRAPI_URL environment variable for that.
And we need to instruct nuxt Axios module that the user browser must call the api on http://yourserver/api. This is done with the API_URL_BROWSER environment variable.
All together
nuxt.config.js
axios: {
prefix: '/api',
proxy: true
},
proxy: {
'/api/': {
target: process.env.STRAPI_URL || 'http://localhost:1337',
pathRewrite: {
'^/api/': ''
}
}
},
docker-compose.yml
version: '3'
services:
reverseproxy: # see https://docs.traefik.io/#the-traefik-quickstart-using-docker
image: traefik:1.7
command: --docker
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
api:
image: strapi/strapi
environment:
- ...
expose:
- 1337
labels:
traefik.frontend.rule: PathPrefixStrip:/api
traefik.port: 1337
nuxt:
image: ...
expose:
- 3000
command:
"npm run start"
environment:
NUXT_HOST: 0.0.0.0
STRAPI_URL: http://api:1337/
API_URL_BROWSER: /api
labels:
traefik.frontend.rule: PathPrefixStrip:/
traefik.port: 3000

Struggling To Integrate Nginx Proxy + LetsEncrypt Companion With My Docker Composed Web App

What I am trying to achieve
I am trying to integrate an SSL certificate for my production site, bonus if I could create a self-signed certificate for local development.
The issue I am having
When trying to integrate the nginx-proxy and letsencrypt-companion it always results in a redirect loop or 502 Bad gateway error.
I've looked around at a variety of ways to integrate these 2 companions but I still am stuck about how to integrate this but always ask myself the same questions when attempting to integrate into my environment.
More detail about my environment
I am running a multi-container Docker Compose web app which uses PHP/PHP-FPM 7.2, MySQL & Nginx. The config looks like:
version: '3.1'
networks:
mywebapp:
services:
nr_nginx:
build: ./env/nginx
networks:
- mywebapp
ports:
- 80:80
- 443:443
env_file:
- ./env/nginx/.env
depends_on:
- nr_php72
tty: true
volumes:
- ./src:/home/www/mywebapp/src
- ./storage:/home/www/storage/mywebapp
- ./data/nginx/logs:/var/log/nginx
- ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx/webserver/defaults:/etc/nginx/defaults
- ./env/nginx/webserver/global:/etc/nginx/global
- ./env/nginx/ssl/:/etc/letsencrypt/
- ./env/nginx/share:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nr_mysql:
build: ./env/mysql
networks:
- mywebapp
ports:
- 3306:3306
env_file:
- ./env/mysql/.env
volumes:
- ./data/mysql:/var/lib/mysql
- ./env/mysql/conf.d:/etc/mysql/conf.d
- ./data/dbimport/:/docker-entrypoint-initdb.d
nr_php72:
build: ./env/php72
hostname: php72
networks:
- mywebapp
depends_on:
- nr_mysql
ports:
- 9000:9000
- 8080:8080
volumes:
- ./env/composer:/home/www/.composer
- ./env/global/bashrc:/home/www/.bashrc
- ./data/bash/.bash_history:/home/www/.bash_history
- ~/.ssh:/home/www/.ssh:ro
- ~/.gitconfig:/home/www/.gitconfig:ro
- ./storage:/home/www/storage/mywebapp
- ./src:/home/www/mywebapp/src
Questions
Should the nginx-proxy replace my existing "nr_nginx" container?
Do I have remove the 80:80, 433:433 port mapping for "nr_nginx" and instead assign a random unique port of my choice e.g. 5000?
If yes to question 2, how do I tell the nginx-proxy to proxy pass to my container of port 5000?

Okay, so I think I have solved it:
No it shouldn't replace your own nginx configuration
Yes, remove ports 80 and 443 as this wil be handled by the nginx-proxy, rather expose the ports in your container.
You do not require manually configuring proxy_pass as nginx-proxy does this for you, so long as you specify a VIRTUAL_PORT environment variable.
Here is the boilerplate code that worked for me:
Boilerpalte nginx-proxy-letsencrypt-companion
docker-compose.yml:
version: "3"
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./env/nginx/certs:/etc/nginx/certs
- ./env/nginx/vhost.d:/etc/nginx/vhost.d
- ./env/nginx/share:/usr/share/nginx/html
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
volumes:
- ./env/nginx/certs:/etc/nginx/certs
- ./env/nginx/vhost.d:/etc/nginx/vhost.d
- ./env/nginx/share:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
networks:
default:
external:
name: nginx-proxy
Boilerplate Nginx PHP MySQL Environment
docker-compose.yml
version: '3.1'
services:
nginx:
container_name: nginx
build: ./env/nginx
ports:
- 5000:5000
expose:
- 80
- 443
environment:
- VIRTUAL_HOST=your.domain.com,www.your.domain.com
- VIRTUAL_PORT=5000
- LETSENCRYPT_EMAIL=your#email.com
- LETSENCRYPT_HOST=your.domain.com
depends_on:
- php72
tty: true
volumes:
- ./src:/home/www/webapp/src
- ./storage:/home/www/storage/webapp
- ./data/nginx/logs:/var/log/nginx
- ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx/webserver/defaults:/etc/nginx/defaults
- ./env/nginx/webserver/global:/etc/nginx/global
- /var/run/docker.sock:/tmp/docker.sock:ro
mysql:
container_name: mysql
build: ./env/mysql
ports:
- 3306:3306
env_file:
- ./env/mysql/.env
volumes:
- ./data/mysql:/var/lib/mysql
- ./env/mysql/conf.d:/etc/mysql/conf.d
- ./data/dbimport/:/docker-entrypoint-initdb.d
php72:
container_name: php72
build: ./env/php72
hostname: php72
depends_on:
- mysql
ports:
- 9000:9000
volumes:
- ./env/composer:/home/www/.composer
- ./env/global/bashrc:/home/www/.bashrc
- ./data/bash/.bash_history:/home/www/.bash_history
- ~/.ssh:/home/www/.ssh:ro
- ~/.gitconfig:/home/www/.gitconfig:ro
- ./storage:/home/www/storage/webapp
- ./src:/home/www/webapp/src
networks:
default:
external:
name: nginx-proxy
/etc/nginx/conf.d/default.conf - inside "nginx" container:
server {
listen 5000;
listen [::]:5000;
server_name www.your.domain.com;
root /my/web/root/src;
index index.php;
include /any/conf/includes/here.conf;
location / {
fastcgi_param HTTPS 'on';
try_files $uri $uri/ /index.php$is_args$args;
}
}
The fastcgi_param HTTPS 'on'; conf prevents a redirect loop, you can alternatively add $_SERVER['HTTPS'] = 'on'; to your index.php

nginx/docker routing config

I have a digital ocean droplet. In the root of it are the following files
apps/
-main/
-index.html
nginx.conf
docker-compose.yml
My docker-compose.yml file has the following
version: '3'
networks:
proxy:
external: true
internal:
external: false
services:
traefik:
image: traefik:alpine
ports:
- "8080:8080"
- "80:80"
- "443:443"
restart: always
labels:
- logLevel="DEBUG"
- "traefik.backend=monitor"
- "traefik.frontend.rule=Host:monitor.domain.com"
- "traefik.port=8080"
- "traefik.frontend.entryPoints=http,https"
- "traefik.enable=true"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
expose:
- "8080"
networks:
- internal
- proxy
custom-badge:
image: user/app
environment:
PORT: 3000
ports:
- "3000:3000"
labels:
- traefik.enabled=true
- traefik.backend=app
- traefik.frontend.rule=Host:app.domain.com
- traefik.docker.network=proxy
- traefik.port=3000
networks:
- internal
- proxy
server:
image: nginx:alpine
labels:
- traefik.enabled=true
- traefik.backend=
- traefik.frontend.rule=Host:domain.com
- traefik.docker.network=proxy
- traefik.port=80
volumes:
- "./apps:/etc/nginx/html:ro"
- "./nginx.conf:/etc/nginx/nginx.conf:ro"
command: [nginx-debug, '-g', 'daemon off;']
depends_on:
- traefik
and my nginx.conf
events {
worker_connections 1024; ## Default: 1024
}
http {
server {
listen 80;
server_name domain.com www.domain.com;
location / {
root /etc/nginx/html/main;
proxy_pass domain.com:8080/;
}
}
}
Problem is, when I run docker-compose up everything starts up and I can see all 3 containers started but when I go to domain.com I am not seeing my index.html file. What have I done wrong ?
The other domains work fine: app.domain.com & monitor.domain.com which makes me think it must be something wrong with the nginx config and what files need to be served.

You have a loop - remove proxy_pass. Nginx should serve the data from root folder, not proxy the requests to another service.

Traefik with nginx container

I spend so much time on it and I didn't found any solution.
I already setup Traefik and the nginx container, here is my docker-compose.yml
version: '3'
networks:
proxy:
external: true
internal:
external: false
services:
mysql:
image: 'mysql:5.7'
environment:
MYSQL_ROOT_PASSWORD: null
networks:
- internal
labels:
- traefik.enable=false
adminer:
image: 'adminer:latest'
labels:
- traefik.backend=adminer
- 'traefik.frontend.rule=Host:db-admin.xxxx.xyz'
- traefik.docker.network=proxy
- traefik.port=8080
networks:
- internal
- proxy
depends_on:
- mysql
portainer:
image: portainer/portainer
networks:
- internal
- proxy
labels:
- "traefik.frontend.rule=Host:portainer.xxxx.xyz"
- "traefik.port=9000"
- "traefik.backend=portainer"
- traefik.docker.network=proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
restart: unless-stopped
Nginx-Pro:
image: nginx:latest
container_name: Nginx-Pro
labels:
- traefik.backend=Nginx-Pro
- traefik.frontend.rule=Host:new.xxxx.fr
- traefik.docker.network=proxy
- "traefik.port=80"
- "traefix.port=443"
- "traefik.frontend.entryPoints=http"
networks:
- internal
- proxy
depends_on:
- mysql
volumes:
- /var/www/nginx-pro/:/var/www/
- /etc/nginx/nginx-pro/:/etc/nginx
So I also setup vhost on the server in /etc/nginx/sites-enabled
I also add log to traefik conf but nothing is appening.
Here is my vhost config :
server {
listen *:80;
root /var/www/new.xxx.fr;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name new.xxx.fr www.new.xxx.fr;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args;
}
location ~ /\.ht {
deny all;
}
}
And the problem is that i always have Bad Gateway message from Traefik.

You need to add traefik.frontend.passHostHeader so nginx can match the Host header with the server_name.
But as this nginx is only for the one domain you match already with traefik.frontend.rule=Host:new.xxxx.fr you can also leave the server_name out of the nginx vhost config and use the default config.
Also remove "traefix.port=443" as you only use http between traefik and nginx, what you want is "traefik.frontend.entryPoints=http,https", you can also add "traefik.frontend.headers.SSLRedirect=true" to always redirect http to https.