I need to setup nginx-proxy container to forward requests to the container with my app. I use the following commands to start containers:
# app
docker run -d -p 8080:2368 \
--name app \
app
# nginx
docker run -d -p 80:8080 \
--name nginx-proxy \
jwilder/nginx-proxy
But when I try to access port 80 on my server, I get ERR_CONNECTION_REFUSED. It's clear for me that nginx container is forwarding not the port I want because on server port 8080 I can access the app.
I tried using network like this:
# network
docker network create -d bridge net
# app
docker run -d -p 8080:2368 \
--name app \
--network net \
app
# nginx
docker run -d -p 80:8080 \
--name nginx-proxy \
--network net \
jwilder/nginx-proxy
But the result seems to be the same.
I need to understand how to make nginx container proxy requests from server port 80 to my app.
It is looking that your app is running on port 2368 which users should not need to reach directly. So the app container's port does not need to be exposed.
You are correct in creating a bridge network and create the containers on it.
You need to remove port mapping from app container and change the port mapping of nginx-proxy container from 80:8080 to 80:80.
You also need to setup nginx-proxy to proxy requests from port 80 to app:2386
This way users hitting the port 80 on the host machine Docker runs will be proxied to your app.
The VIRTUAL_HOST env var with domain name for app container was required to let nginx proxy requests to the app container. No network setup or ports forwarding is needed with this approach. Here is the working setup I came up with:
# app
docker run -d \
--name app \
-e VIRTUAL_HOST=mydomain.com \
app
# nginx
docker run -d -p 80:80 \
--name nginx-proxy \
jwilder/nginx-proxy
Related
I run a Jenkins container instance on our server with this command:
docker run --name jenkins --restart=on-failure -d \
--network jenkins --env DOCKER_HOST=tcp://docker:2376 \
--env DOCKER_CERT_PATH=/jenkincerts/client --env DOCKER_TLS_VERIFY=1 \
-p 8180:8080 -p 50000:50000 \
-v jenkins-home:/var/jenkins_home \
-v docker-certs-jk:/jenkincerts/client:ro \
myjenkin
But I find that port 8180 is exposed to the world, so I do research and find a solution to add a iptables rule with the command:
iptables -I DOCKER-USER -i eth0 ! -s 127.0.0.1 -j DROP
The result is that port is closed, but my Jenkins instance cannot access the internet to download...
Can anyone help me to close exposing ports to the world, but my Jenkins can still access the internet?
From https://docs.docker.com/engine/reference/commandline/run/ :
docker run -p 127.0.0.1:80:8080/tcp ubuntu bash
This binds port 8080 of the container to TCP port 80 on 127.0.0.1 [...]
Note that ports which are not bound to the host (i.e., -p 80:80 instead of -p 127.0.0.1:80:80) will be accessible from the outside. This also applies if you configured UFW to block this specific port, as Docker manages its own iptables rules. Read more
From, well "read more" link https://docs.docker.com/network/iptables/ :
By default, the Docker daemon will expose ports on the 0.0.0.0 address, i.e. any address on the host. If you want to change that behavior to only expose ports on an internal IP address, you can use the --ip option to specify a different IP address. However, setting --ip only changes the default, it does not restrict services to that IP.
If you want docker to listen only on localhost, do -p 127.0.0.1:8180:8080.
I am running several services on my CentOS 7 Linux server. Nginx and netdata are being run as root and are working well.
I started Portainer as a Docker container:
docker volume create portainer_data
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer
I can connect to the Portainer port locally with telnet localhost 9000. But, when I try to telnet ip 9000 from an external client PC on the same network, it doesn't connect.
The Linux server does not have a firewall. Nginx, netdata, and myapp that are not running in Docker work fine. In short, all other services can be accessed from a Linux server without a firewall, but Docker's internal container service is inaccessible.
What do I need to change to be able to reach the container?
You have to disable you ipv6
add this links to /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
to effect those
sysctl -p
I have a web app running in a docker container at port 9000. I need to route the traffic to Nginx in another container in the same network to access it at port 80. How do I achieve this? I tried building an Nginx image and added Nginx.conf. But my Nginx container stops immediately after it runs.
contents of Nginx.conf file
Snippet of containers
You need to bind internal port form containers to the host like:
application
docker run -d \
--network=randon_name \
<image>
nginx
You need to bind internal port form containers to the host like:
docker run -d \
--network=randon_name \
-p 80:80 \ # <host>:<containerPort>
-p 443:443 \ # <host>:<containerPort>
<image>
The docker daemon is running on an Ubuntu machine. I'm trying to start up a zookeeper ensemble in a swarm. The zookeeper nodes themselves can talk to each other. However, from the host machine, I don't seem to be able to access the published ports.
If I start the container with -
docker run \
-p 2181:2181 \
--env ZOO_MY_ID=1 \
--env ZOO_SERVERS="server.1=0.0.0.0:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888" \
zookeeper
It works like a charm. On my host machine I can say echo conf | nc localhost 2181 and zookeeper says something back.
However if I do,
docker service create \
-p 2181:2181 \
--env ZOO_MY_ID=1 \
--env ZOO_SERVERS="server.1=0.0.0.0:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888" \
zookeeper
and run the same command echo conf | nc localhost 2181,
it just gets stuck. I don't even get a new prompt on my terminal.
This works just as expected on the Docker Playground on the official Zookeeper Docker Hub page. So I expect it should for me too.
But... If I docker exec -it $container sh and then try the command in there, it works again.
Aren't published ports supposed to be accessible even by the host machine for a service?
Is there some trick I'm missing about working with overlay networks?
Try to use docket service create --publish 2181:2181 instead.
I believe the container backing the service is not directly exposed and has to go through the Swarm networking.
Otherwise, inspect your service to check which port are published: docker service inspect <service_name>
Source: documentation
I have a development server with a list of docker container running. Every one of them have an application and an nginx in it, listening on port 80 with no ssl encryption, serving the application. So if I have 10 dockers, I would have 10 nginx (I know nginx is designed to serve multiple app, here is not the question).
I would like to have a single point of entry on the server, which would be an nginx, auto redirecting to http, with a certificate generated by let's encrypt.
Is this possible? Listening on port 443 with a let's encrypt, and redirecting to the port 80 of another nginx?
The goal here is to secure all the connections to my different dockers.
For you information, I was trying to use valian/docker-nginx-auto-ssl docker with the command
docker run -d --name main-nginx \
--restart on-failure \
-p 80:80 -p 443:443 \
-e ALLOWED_DOMAINS=www.scaniat.io,dev.scaniat.io,www.dev.scaniat.io,scaniat.io \
-e SITES='scaniat.io=scaniat-frontend-master;dev.scaniat.io=scaniat-frontend-develop' \
--network custom \
valian/docker-nginx-auto-ssl
with no luck.