Docker and connections between containers

Question

I'm trying create connections between docker's containers. One container with php5-fpm and second with nginx.

Config for php5-fpm default, just few changes:

listen = 9000

listen.allowed_clients =

and nginx (/etc/nginx/sites-available/default):

server {
    listen 80 default_server;
    #listen [::]:80 default_server ipv6only=on;

    root /var/www/testing;
    index index.php

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_pass 192.168.1.2:9000;
        fastcgi_index index.php;
        include fastcgi_params;
    }

}

Then i tried create connections with https://github.com/jpetazzo/pipework, that's why fastcgi_pass 192.168.1.2:9000;.I tried with IP direct from container, but nothing.

and when i'm trying open page with lynx i have BadGateway.

I tried post port MASTER_PORT=$(sudo docker port $MASTER_ID 9000), but nothing... ping goes with no problem. Telnet to port 9000 from nginx keeps open few seconds and then "Connection closed by..."

Who could explain what i'm doing wrong? Thx!

/EDIT/ I tried change fastcgi_pass to 172.17.42.1:9000; (address for docker0 on host machine) and then start tcpdump on host machine:

tcpdump -i docker0 port 9000

and i have:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on docker0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:24:54.529572 IP 172.17.0.20.40932 > 172.17.42.1.9000: Flags [S], seq 141160046, win 14600, options [mss 1460,sackOK,TS val 1235770 ecr 0,nop,wscale 7], length 0
10:24:54.529594 IP 172.17.42.1.9000 > 172.17.0.20.40932: Flags [S.], seq 2944341886, ack 141160047, win 14480, options [mss 1460,sackOK,TS val 1235770 ecr 1235770,nop,wscale 7], length 0
10:24:54.529605 IP 172.17.0.20.40932 > 172.17.42.1.9000: Flags [.], ack 1, win 115, options [nop,nop,TS val 1235770 ecr 1235770], length 0
10:24:54.530324 IP 172.17.0.20.40932 > 172.17.42.1.9000: Flags [P.], seq 1:665, ack 1, win 115, options [nop,nop,TS val 1235771 ecr 1235770], length 664
10:24:54.530387 IP 172.17.42.1.9000 > 172.17.0.20.40932: Flags [.], ack 665, win 124, options [nop,nop,TS val 1235771 ecr 1235771], length 0
10:24:54.530534 IP 172.17.42.1.44233 > 172.17.0.12.9000: Flags [S], seq 1354597292, win 14600, options [mss 1460,sackOK,TS val 1235771 ecr 0,nop,wscale 7], length 0
10:24:54.530549 IP 172.17.0.12.9000 > 172.17.42.1.44233: Flags [R.], seq 0, ack 1354597293, win 0, length 0
10:24:54.531044 IP 172.17.42.1.9000 > 172.17.0.20.40932: Flags [R.], seq 1, ack 665, win 124, options [nop,nop,TS val 1235771 ecr 1235771], length 0

Thus packets goes between containers...but why BadGateway?

Answer 1

Starting with docker 0.6.5 you don't need pipework for that kind of scenario, you can use the new container linking feature. Basically, you tell docker to make a port from a container available to another container.

It's pretty easy to do, too.

What you want to do is have a container with php5-fpm (let's call this container php5-fpm) configured to listen on port 9000 and run it like so:

docker run -d -p 9000 -name php php5-fpm /usr/sbin/php5-fpm -F

We run php5-fpm with the -F flag so that it does not daemonize. As you can see, we use -name to explicitely name our container. We will use this name to reference it in the link we are going to create with the nginx container.

Then you can run your nginx (called nginx) container:

docker run -i -t -link php:php nginx /bin/bash

The -link option tells docker to link the php container under the alias php. The alias is mandatory.

We now have a shell in our nginx container, and we can retrieve the mapped ip and port of the php5-fpm container using the env command:

root@061fe34bd07b:/# env
HOSTNAME=061fe34bd07b
TERM=xterm
PHP_PORT=tcp://172.17.0.44:9000
PHP_PORT_9000_TCP_PROTO=tcp
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/etc/nginx/sites-enabled
PHP_PORT_9000_TCP_PORT=9000
SHLVL=1
HOME=/
PHP_PORT_9000_TCP=tcp://172.17.0.44:9000
PHP_NAME=/crimson_squirrel9/php
DEBIAN_FRONTEND=noninteractive
PHP_PORT_9000_TCP_ADDR=172.17.0.44
container=lxc
OLDPWD=/
_=/usr/bin/env

There are a number of interesting env vars here. The one we are looking for is PHP_PORT, since it gives the most complete information about the linked container:

PHP_PORT=tcp://172.17.0.44:9000

You can now configure nginx's php5-fpm upstream to 172.17.0.44:9000, start it, and check that it works:

/etc/init.d/nginx start
curl http://127.0.0.1/index.php

Voila ! I skipped provisioning and configuration of containers since you seem to have got that right already ;)

Link to the official linking tutorials, using redis: http://docs.docker.io/en/latest/examples/linking_into_redis/

Answer 2

This question is very old but it comes up high in Google so let me post a reply.

I have the same sort of problem although I get a "file not found." PHP-fpm and Nginx in different containers are problematic because Nginx sends php-fpm the location of the to-be executed php file, not the file. So the file has to be present in both containers.

See my question

Answer 3

This may fix the issue:

listen = [::]:9000
;listen.allowed_clients =

This should allow any client to connect to the PHP-FPM container. The key is the "[::]:" which I found in the official PHP Docker repo.

Reasoning

PHP-FPM has a listen.client_allowed setting which allows you to set a list of IPs that can connect, or leave blank for any IP to connect. However, even with it being left blank, the issue still persisted. Digging into the official PHP-FPM repo, I discovered that you also need to set listen = [::]:9000 which then began to allow any IP to connect.