Develop Reference

vue / nodejs & nginx in docker: connect() failed (111: Connection refused) while connecting to upstream

directory structure:
myapp
-- frontend
---- docker
------ frontend
-------- nginx
-------- nginx.conf
docker-compose.yml
docker-compose.yml: https://pastebin.com/THxMf0xM
(moved to pastebin to avoid that annoying "mostly code" error)
default.conf:
server {
listen 80;
server_name localhost;
root /var/www/html;
location / {
proxy_pass http://vue:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
why do I get connect() failed (111: Connection refused) while connecting to upstream ?

https://pastebin.com/THxMf0xM line number 23, should be pointing to port 80 i.e. ports: - '8081:80'

fixed by changing proxy_pass http://vue:8081; to proxy_pass http://vue:8080;
notice the 8080 port.
secondly, rebuild the frontend service
and lastly, remove the ports option from vue service
thank you guys

Gitlab vs Registry in docker container behind proxy ERROR

I'm trying to enable gitlab registry running in docker behing nginx proxy on centos lxd container :)
Nginx's configuration on centos
server {
listen *:80;
server_name registry.site.name;
return 301 https://$server_name$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server{
listen 443 ssl http2;
server_name registry.site.name;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/site.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.name/privkey.pem;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000" always;
location /{
proxy_pass http://localhost:8085;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Url-Scheme $scheme;
}
}
Gitlab.rb configuration
registry_external_url 'https://registry.site.name'
gitlab_rails['registry_enabled'] = true
registry['enable'] = true
registry['registry_http_addr'] = "git.site.name:8085" # (it is the same as gitlab ip - 172.17.0.3:8085)
registry_nginx['enable'] = false
Docker-compose
version: '2.3'
services:
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
container_name: 'git'
hostname: 'git.site.name'
ports:
- '22:22'
- '8081:8081'
- '8085:8085'
volumes:
- '/data/Projects/git/config:/etc/gitlab'
- '/var/log/git:/var/log/gitlab'
- '/data/Projects/git/data:/var/opt/gitlab'
network_mode: bridge
Looks good. If i make a request to registry.site.name, i see it in gitlab/registry/current log. Registry page also opens good in the project.
But, i can't use CLI
Every time i'm trying to docker login registry.site.name it fails with
Error response from daemon: Get https://registry.site.name/v2/: remote error: tls: protocol version not supported
And this request stopped before git docker container, my nginx proxy logs:
2020/08/05 10:42:21 [crit] 268168#0: *9 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 10.200.3.1, server: 0.0.0.0:443
The same error is triggered if i try to check tls1.2 connection with
curl -I -v -L --tlsv1.2 --tls-max 1.2 registry.site.name
So maybe docker login uses tls 1.2 but i don't understand why it is not working, because i set it up in nginx config.
I also tried nginx configuraton from that question gitlab docker registry with external nginx and omnibus
but still no luck

The mistake was that nginx config FOR git.site.conf didn't contain TLSv1.2
So be sure that both config (git&registry) have tls 1.2 support

Need help about nginx reverse proxy (and jenkins ?) configuration

I am trying to setup a basic mockup (for training) with 2 docker containers :
One with nginx
One with jenkins
nginx is used as a reverse container (the next step wil be https frontend).
jenkins is supposed to be publicly accessible as www.devportal.org:90/ci
I have partially succeeds. I mean that I can access it with the given address. But ...
When I try to connect with the admin user, I get the login page. But when filling the user / password, I am redirected to http://www.devportal.org/ci/.
If I add the port to this address, I obtain the instance home page, connected as the admin user.
When I select the manage page, I see a warning message saying that my reverse proxy configuration is broken.
Besides, when going to configure system, the page is displayed but it never finishes loading.
I tried various configuration for nginx, but none of them gave me the correct result.
The Jenkins Location URL is set to the instance address known by nginx.
As far as both are within containers linked to a dedicated docker network where jenkins is known as jenkins_ci, the address is http://jenkins_ci:8080/ci/.
And if I run :
docker exec nginx_revproxy wget http://jenkins_ci:8080/ci/
I actually get the home page.
Here is my nginx configuration (in : /etc/nginx/conf.d/reverse_proxy.conf)
# Reverse proxy configuration for one jenkins server
# Nginx listen public traffic on port 90 and forward to jenkins container address on port 8080
server {
listen 90;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location ^~ /ci/ {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins_ci:8080/ci/;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 90;
proxy_redirect http://jenkins_ci:8080/ http://www.devportal.org:90/;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
}
When getting an error page at connexion I see this on nginx container log
172.17.0.1 - - [19/Jul/2019:12:32:04 +0000] "GET /ci/ HTTP/1.1" 404 153 "http://www.devportal.org:90/ci/login?from=/ci/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-"
2019/07/19 12:32:04 [error] 7#7: *40 "/usr/share/nginx/html/ci/index.html" is not found (2: No such file or directory), client: 172.17.0.1, server: localhost, request: "GET /ci/ HTTP/1.1", host: "www.devportal.org", referrer: "http://www.devportal.org:90/ci/login?from=/ci/"
On the jenkins container log I also have :
Jul 19, 2019 2:18:25 PM hudson.diagnosis.ReverseProxySetupMonitor getTestForReverseProxySetup
WARNING: http://www.devportal.org/ci/manage vs. http:
Additional information
With nginx conf:
server {
listen 90;
server_name www.devportal.org;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
#rewrite all static files into requests to the root
#E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /ci/ {
proxy_pass http://jenkins_ci:8080;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 90;
proxy_redirect http://jenkins_ci:8080/ http://www.devportal.org:90/;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Connection ""; # Clear for keepalive
}
}
and
<jenkins.model.JenkinsLocationConfiguration>
<adminAddress>[my mail address]</adminAddress>
<jenkinsUrl>http://www.devportal.org:90/ci</jenkinsUrl>
</jenkins.model.JenkinsLocationConfiguration>
in
jenkins.model.JenkinsLocationConfiguration.xml
I make some progress regarding the error message in jenkins log :
Jul 22, 2019 11:59:35 AM hudson.diagnosis.ReverseProxySetupMonitor getTestForReverseProxySetup
WARNING: http://www.devportal.org/ci/manage vs. http://www.devportal.org:90/ci/manage
Now, I only loose the port number (I lost the whole domain name before).
Note that it is the same with or without proxy_redirect.

So Jenkins URL should be set to what your user see as standing in description:
Optionally specify the HTTP address of the Jenkins installation, such as
http://yourhost.yourdomain/jenkins/. This value is used to let Jenkins know how
to refer to itself, ie. to display images or to create links in emails. This is
necessary because Jenkins cannot reliably detect such a URL from within itself
so in your case: http://www.devportal.org:90/
That line should be probably removed as I think it's not needed:
proxy_redirect http://jenkins_ci:8080/ http://www.devportal.org:90/;
And you should remove '/ci' from proxy pass like this
proxy_pass http://jenkins_ci:8080;

failed (113: No route to host) while connecting to upstream

I want using nginx make reverse proxy(docker container). However, there have been some exceptions.
issue context
Centos version: 7.4.1708
nginx version: 1.13.12
docker version: 1.13.1
Open firewall and exposed 80 port
nginx reproxy on docker container: failed (113: No route to host) while connecting to upstream
nginx reproxy on host: function normal
nginx configuration:
server
{
listen 80;
server_name web.pfneo.geo;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.18.0.249:88;
}
access_log logs/web.tk_access.log;
}
close the firewall
nginx reproxy on docker container: function normal
nginx reproxy on host: function normal
Open firewall not expose port
nginx app service on docker container（88 port）: function normal
It seems that this problem is caused by docker?
Docker can ignore the host firewall?

Unicorn + Nginx Rails production error

I'm following this tutorial to deploy a RoR app with Capistrano but I'm getting an error in my production server
[error] 28314#0: *1 connect() to unix:/tmp/unicorn.myapp.sock failed (111: Connection refused) while connecting to upstream, client: xx.xxx.xx.xx, server: , request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.myapp.sock:/", host: "myapp.cloudapp.azure.com"
My /etc/nginx/sites-available/default
upstream app {
# Path to Unicorn SOCK file, as defined previously
server unix:/tmp/unicorn.myapp.sock fail_timeout=0;
}
server {
listen 3000;
server_name localhost;
root /home/deploy/apps/myapp/current/;
try_files $uri/index.html $uri #app;
location #app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
I changed the server to many different things, but I get the exact same error, with the same host, server, upstream.
The problem was with Unicorn, somewhere in my Capistrano deploy, it wasn't restarting Unicorn as it should.

Nginx logs indicate that this is an issue with the backend server. After your backend up is up and running. Check:
Does the socket file exist? ls -lthd /tmp/unicorn.myapp.sock
Can you make a direct HTTP connect to the socket, bypassing Nginx?
Once those tests pass, test again through Nginx.