I understand how docker-composer map ports, but what does it mean when a config file map two different port couples, as seen in the following example?
web:
image: nginx
ports:
- "80:80"
- "443:443"
Config sample was taken from php7-dockerized repo.
It means that for your web service, nginx container has port 80 open and can be accessed from the outside world on port 80 and also has port 443 open and can be accessed from the outside on port 443.
Here the mapping is on the same port. But you can have for exemple:
web:
image: nginx
ports:
- "8080:80"
Here the ports are not the same anymore. It means that
in order to access your service from the outside world, you would have to visit let say localhost:8080 on your machine.
But for nginx running inside of the container, the port to listen to is port 80, so it would be port 80 that would be inside your nginx.conf file:
server {
listen 80;
...
Related
i'm new to docker networking and nginx stuff, but try to "dockerize" everything on a local devserver. for tests a docker image with nginx which should redirect another container (gogs) from port 3000 to a specific url with port 80. And i want to have the reverse proxy configs and the docker images "separated", for each "app" an own docker-compose file.
so i should reach with http://app.test.local the gog installation.
BUT: i reach with http://app.test.local only a bad gateway of nginx and with http://app.test.local:3000 i reach the gog installation...
i tried many tutorials, but somehwere there have to be an error, thats slips in every time
so what i did:
$ docker network create testserver-network
created
docker-compose for nginx:
version: '3'
services:
proxy:
container_name: proxy
hostname: proxy
image: nginx
ports:
- 80:80
- 443:443
volumes:
- /docker/proxy/config:/etc/nginx
- /docker/proxy/certs:/etc/ssl/private
networks:
- testserver-network
networks:
testserver-network:
and one for gogs:
version: '3'
services:
gogs:
container_name: gogs
hostname: gogs
image: gogs/gogs
ports:
- 3000:3000
- "10022:22"
volumes:
- /docker/gogs/data:/var/gogs/data
networks:
- testserver-network
networks:
testserver-network:
(mapped directories work)
configured default.conf of nginx:
# upstream gogs {
# server 0.0.0.0:10880;
# }
server {
listen 80;
server_name app.test.local;
location / {
proxy_pass http://localhost:3000;
}
}
and added to hosts file on client
app.test.local <server ip>
docker exec proxy nginx -t and docker exec proxy nginx -s reload say everythings fine...
Answer
You should connect both containers to the same docker network and then proxy to http://gogs:3000 instead. You also shouldn't need to expose port 3000 on your localhost unless you want http://app.test.local:3000 to work. I think ideally you should remove that, so http://app.test.local should proxy to your gogs server, and http://app.test.local:3000 should error out.
Explanation
gogs is exposed on port 3000 inside its container, which is then further exposed on port 3000 on your host machine. The nginx container does not have access to port 3000 on your host, so when it tries to proxy to http://localhost:3000 it is proxying to port 3000 inside the nginx container (which is hosting nothing).
After you have joined the containers to the same network, you should be able to reference the gogs container from the nginx container by its hostname (which you've set to gogs). Now nginx will proxy through the docker network. So you should be able to perform the proxy without needing to expose 3000 on your local machine.
I have an nginx container running in the host of my Plesk with this docker compose configuration:
# docker-compose.yml
[...]
web:
build:
context: .
dockerfile: ./docker/web/DockerFile
depends_on:
- app
ports:
- 1080:80
- 10443:443
volumes:
- .:/var/www/app
restart: always
It was ok if I access to the host using the specific port:
https://example.com:10443
But I don't know how to make the proper port forwading:
example.com:443 -> docker:10443
example.com:80 -> docker:1080
I know the quick answer is using Proxy Rules but it just doesn't work for me, I set this rule:
But still the https calls are not forwarded to the container:
https://example.com (still opens the plesk default site)
This works:
https://example.com:10443 (opens the nginx site)
The other problem I am heading is that Proxy Rules only allows me to set one rule per URL Route (even if the port is different) and I need to set up 2 rules for the same route:
example.com:443 -> docker:10443
example.com:80 -> docker:1080
TL;TR:
How to forward all requests to example.com/* 443 and 80 ports to my docker container?
The port mapping is incorrect to achieve your target.
How to resolve:
ports:
- 1080:80
- 10443:443
should be changed into
ports:
- 80:1080
- 443:10443
Reason:
in port mapping, the one on the left of the colon is port in the host, while the one on the right of the colon is port in the container.
I have a Nginx webserver that I'm running from inside a docker container. The problem I am having is that all client IP addresses in the nginx access.log are 172.19.0.1, the container's gateway. I would like the IP addresses shown to nginx to be the real IP addresses of the clients.
I've tried a few solutions that I found, including
Using Nginx's realip module
set_real_ip_from 172.19.0.1;
real_ip_header X-Real-IP;
real_ip_recursive on;
which still logged the gateway ip
Setting the ports to host networking mode, which was ineffectual because I'm on macOS, and it is only supported on Linux.
The dockerfile I'm using looks like this
version: "3"
services:
nginx:
container_name: nginx
ports:
- target: 80
published: 80
- target: 443
published: 443
volumes:
# [my volumes]
restart: unless-stopped
image: nginx
I want to run Nginx as static file server behind Traefik reverse proxy using Docker (docker-compose).
docker-compose.yml
version: '3.8'
services:
traefik:
image: traefik
command:
- --entrypoints.web.address=:80
- --providers.docker
- --providers.docker.exposedbydefault=false
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
nginx:
build: ./docker/dev/nginx/.
labels:
- traefik.enable=true
- traefik.http.routers.nginx.entrypoints=web
- traefik.http.routers.nginx.rule=PathPrefix(`/static`) || PathPrefix(`/media`) || Path(`/robots.txt`) || Path(`/favicon.ico`)
- traefik.http.services.nginx.loadbalancer.server.port=80
nginx.conf
server {
listen 80;
listen [::]:80;
...
}
And it works,
But when I try to change internal nginx port to another, lets say 8082, Traefik returns 502 error and prints '502 Bad Gateway' caused by: dial tcp 172.21.0.6:8082: connect: connection refused" in debug logs.
By changing port I mean:
replacing traefik.http.services.nginx.loadbalancer.server.port=80 with traefik.http.services.nginx.loadbalancer.server.port=8082 in docker-compose.yml
replacing listen 80; listen [::]:80; with listen 8082; listen [::]:8082; in nginx.conf
I have other apps in config, like Django running on gunicorn server. There is no problem for gunicorn to listen on 3000 port, and for Traefik to forward incoming :80 requests to :3000.
Why doesn't it work with nginx?
You have told nginx to listen to 8082 port which is ok, but the container has to expose the port. (I guess by default the container expose 80 port)
You seem to have a custom nginx image, so you can add/replace the EXPOSE keyword in your image to have something like this : EXPOSE 8082.
You have to build and restart the container for the change to take effect, then you can check the exposed ports with docker-compose ps.
I have an two containers running via docker-compose:
version: '3'
services:
web:
image: me/web
container_name: web
nginx:
image: me/nginx
container_name: nginx
ports:
- '80:80'
volumes:
- ../nginx:/etc/myapp/nginx
My nginx container copies in a new default.conf from the mapped volume from the entrypoint.sh:
#!/usr/bin/env bash
cp /etc/myapp/nginx/default.conf /etc/nginx/conf.d/default.conf
nginx -g 'daemon off;'
My custom default.conf looks like:
server {
listen 80;
server_name my.website.com;
location / {
proxy_pass http://web/;
}
}
With this configuration everything works as expected. After starting with docker-compose I can then navigate to http://my.website.com and access the web container instance properly.
However, now I want to change my port to something other than the default 80, such as 81 for example:
services:
..
nginx:
image: me/nginx
container_name: nginx
ports:
- '81:80'
..
Now this no longer works. Whenever I visit http://my.website.com:81 I get:
This site can’t be reached
my.website.com refused to connect.
ERR_CONNECTION_REFUSED
The other weird part is that if I use localhost rather than my.website.com, everything works just fine on port 81. Ex:
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://web/;
}
}
Navigating to http://localhost:81 works correctly.
What am I doing wrong here? How do I configure nginx to something other than localhost (my domain) and proxy on a different port than 80 to my web container?
Check that port 81 is open on my.website.com i.e. check firewall rules are in place etc