Docker Network Nginx Resolver

Question

I am trying to get rid of deprecated Docker links in my configuration. What's left is getting rid of those Bad Gateway nginx reverse proxy errors when I recreated a container.

Note: I am using Docker networks in bridge mode. (docker network create nettest)

I am using the following configuration snippet inside nginx:

location / {       resolver 127.0.0.1 valid=30s;       set $backend "http://confluence:8090";       proxy_pass $backend; 

1. I started a container with hostname confluence on my Docker network with name nettest.
2. Then I started the nginx container on network nettest.
3. I can ping confluence from inside the nginx container
4. confluence is listed inside the nginx container's /etc/hosts file
5. nginx log says send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
6. I tried the docker network default dns resolver 127.0.0.11 from /etc/resol.conf
7. nginx log says confluence could not be resolved (3: Host not found)

Anybody knows how to configure nginx resolver with Docker Networks or an alternative on how to force Nginx to correctly resolve the Docker network hostname?

Answer 1

First off, you should be using the Docker embedded DNS server at 127.0.0.11.

Your problem could be caused by 1 of the following:

1. nginx is trying to use IPv6 (AAAA record) for the DNS queries.

   See https://stackoverflow.com/a/35516395/1529493 for the solution.

   Basically something like:

   http {     resolver 127.0.0.11 ipv6=off; } 

   This is probably no longer a problem with Docker 1.11:

   Fix to not forward docker domain IPv6 queries to external servers (#21396)

2. Take care that you don't accidentally override the resolver configuration directive. In my case I had in the server block resolver 8.8.8.8 8.8.4.4; from Mozilla's SSL Configuration Generator, which was overriding the resolver 127.0.0.11; in the http block. That had me scratching my head for a long time...