I am trying to get rid of deprecated Docker links in my configuration. What's left is getting rid of those Bad Gateway
nginx reverse proxy errors when I recreated a container.
Note: I am using Docker networks in bridge mode. (docker network create nettest
)
I am using the following configuration snippet inside nginx:
location / { resolver 127.0.0.1 valid=30s; set $backend "http://confluence:8090"; proxy_pass $backend;
confluence
on my Docker network with name nettest
. nettest
.confluence
from inside the nginx containerconfluence
is listed inside the nginx container's /etc/hosts
filesend() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
127.0.0.11
from /etc/resol.conf
confluence could not be resolved (3: Host not found)
Anybody knows how to configure nginx resolver with Docker Networks or an alternative on how to force Nginx to correctly resolve the Docker network hostname?
Running NGINX Open Source in a Docker ContainerYou can create an NGINX instance in a Docker container using the NGINX Open Source image from the Docker Hub. where: mynginx1 is the name of the created container based on the NGINX image.
If nginx is running in a container then your site is going to be 100% dead to the world while Docker isn't running. Users will get a connection error. When nginx is installed directly on your host you can serve a 503 maintenance page that doesn't depend on Docker or any containers running.
If you are using nginx as a proxy and/or reverse proxy, the nginx is caching the DNS information and if you are using AWS Application Load Balancer behind the nginx, and nginx sometimes needs to restart and/or DNS flushing to send a request to the AWS Application Load Balancer because AWS is always giving a CNAME and ...
Docker containers take DNS IPs from the host machine, which is managed by systemd-resolve . Those IPs themselves are the cloud provider's DNS.
First off, you should be using the Docker embedded DNS server at 127.0.0.11
.
Your problem could be caused by 1 of the following:
nginx is trying to use IPv6 (AAAA record) for the DNS queries.
See https://stackoverflow.com/a/35516395/1529493 for the solution.
Basically something like:
http { resolver 127.0.0.11 ipv6=off; }
This is probably no longer a problem with Docker 1.11:
Fix to not forward docker domain IPv6 queries to external servers (#21396)
Take care that you don't accidentally override the resolver
configuration directive. In my case I had in the server
block resolver 8.8.8.8 8.8.4.4;
from Mozilla's SSL Configuration Generator, which was overriding the resolver 127.0.0.11;
in the http
block. That had me scratching my head for a long time...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With