I use standard nginx config docker container as ingress reverse proxy for applications dev containers.
Additional proxy config looks like this:
server {
listen 80;
server_name app-name.*;
location / {
set $upstream client-wds;
resolver 127.0.0.11 valid=30s;
proxy_pass http://$upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
}
location /api {
set $upstream server-api;
resolver 127.0.0.11 valid=30s;
proxy_pass http://$upstream;
}
}
And periodically containers stops and in logs there just Killed line:
I seems to happend after big GET request.
I wonder what can be a reason of it, is there any advice how to fix it?
Related
I'm deploying some services using Docker, with docker-compose and a nginx container to proxy to my domain.
I have already deployed the frontend app, and it is accessible from the web. Supposedly, I only need to expose the frontend/nginx port to the web, without me needing to expose the rest of the services. But I'm not able to do that for now.
For example, Client -> Login Request -> frontend <-> (local) Backend get request.
Right now, I'm getting connection refused, and the get is pointing to http://localhost, and not the name of the service defined in docker-compose. (all containers are deployed on the same network, one that I have created)
What do I need to do to configure this?
Here is my nginx config so far:
server {
listen 80 default_server;
listen 443 ssl;
server_name mydomain;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://frontend:3000/;
}
location /auth {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://auth:3003;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
# Same for the other services
(...)
EDIT:
Should I create a location for every get and post that I have for my services?
As:
location getUser/ {
proxy_pass http://auth:3003;
}
On my VPS I only have one port and this is the reason why I use proxer - a dockerized nginx reverse proxy where you provide domain names and local ports to which it should be redirected.
I have successfully set up socket.io server with polling transport (as it uses http methods) but I would like to use websocket transport and this is where it fails. It tells me it can't estabilish wss:// connection to this url.
This is nginx reverse proxy code I am using:
for cfg in $(cat /config); do
domain=$(echo $cfg | cut -f1 -d=)
destination=$(echo $cfg | cut -f2 -d=)
echo ">> Building config for $domain";
config=$(cat <<EOF
server {
listen 80;
listen [::]:80;
server_name $domain;
location / {
proxy_pass $destination;
proxy_set_header Host \$host;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
#proxy_set_header Connection \$connection_upgrade;
proxy_ssl_name \$host;
proxy_ssl_server_name on;
proxy_ssl_verify off;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_session_reuse off;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_read_timeout 120;
proxy_send_timeout 120;
proxy_connect_timeout 120;
}
}
EOF
)
# append new config to the end of nginx config file
echo "$config" >>$out
done
I noticed that this line is commented out and I read that it is needed for wss://:
#proxy_set_header Connection \$connection_upgrade;
Why is it commented out?
Will changing this line affect http proxy?
What changes should I do to allow wss:// on one of domains
This tool has pretty much everything what is needed to set up nginx reverse proxy.
Note that it won't support wss:// out of the box though due to this commented line in its config.
#proxy_set_header Connection \$connection_upgrade;
Uncomment it, rebuild and have a happy reverse proxy which supports wss:// :)
Problem:
We've setup a docker container running on port 3002 and then configured port 3002 to /path/ on my domain www.example.com. There's an express rest api is running on 3002 port container which outputs the req.hostname and when I make a request from let's say www.abc.com, the consoled value of req.hostname is shown to be www.example.com instead of www.abc.com.
Nginx Conf
server {
listen 443 ssl;
ssl_certificate /etc/ssl/__abc.crt;
ssl_certificate_key /etc/ssl/abc.key;
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass http://localhost:3001/;
proxy_set_header Host $host;
}
location /path/ {
proxy_pass http://localhost:3002/;
proxy_set_header Host $http_host;
}
}
What changes do I have to make so I can get the www.abc.com in consoled value?
Nginx's location blocks should be ordered such that more specific expressions come first.
In your example, you should have:
location /path/ {
proxy_pass http://localhost:3002/;
proxy_set_header Host $http_host;
}
location / {
proxy_pass http://localhost:3001/;
proxy_set_header Host $host;
}
Make sure your changes take effect by either running nginx -s reload or restarting the container
I'm trying to host several websites on my droplet. I'm to do that, I'm using NGINX (not container) as reverse proxy to Dockerized apps. One such app I'm using is the dockerized Mediawiki set to run on 0.0.0.0:8081.
Mediawiki container is based on php7.2-apache.
Nginx configuration :
server {
listen 443 ssl;
index index.php;
server_name my.website.com;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://0.0.0.0:8081;
}
ssl_certificate /etc/letsencrypt/live/my.website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.website.com/privkey.pem; # managed by Certbot
}
I run the application on port 8081, as can be seen by through docker ps -a
CONTAINER IMAGE PORTS
e40c9815d6cc mediawiki 0.0.0.0:8081 -> 80/tcp
I can access my.website.com, but it shows the default Apache Ubuntu default page. Accessing other pages and resources (index.php, /folder/index.php, images/pic.jpg) returns 404.
Testing the container with similar setup on my machine local works. I think there maybe something up I didn't get with the NGINX config.
Help?
I am trying to use nginx on the host machine as the reverse proxy before my nextjs app which is deploy on a swarm mode. But it always shows 404 not found error with path like _next/*****/page/index.js.
When I connect to http://machine-host-name:3000 it works well, but connect to http://machine-hos-name/nextjs it shows the 404 not found error.
Here is my nginx setting
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html index.htm index.nginx-debian.html;
server_name _;
location /nextjs {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:3000/;
}
}
Not sure which part is incorrect, kindly give my some advise.
Thank you.
That method of reverse proxying is an anti-pattern.
Your proxy should be in a swarm service as well.
It should use a swarm-api-aware proxy agent that can update your proxy based on the changes swarm makes.
Two good ones are Docker Flow Proxy and Traefik.