Menu
Im trying to set up NGINX within a Docker container so that it will perform SSL termination for traffic going to another container (tcp443 -> tcp3001).
However Im getting a 502 Bad Gateway from NGINX with the following error in the NGINX logs:
connect() failed (111: Connection refused) while connecting to upstream
Containers
The following containers are running:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3b640f25af44 nginx "nginx -g 'daemon ..." 3 seconds ago Up 2 seconds 80/tcp, 0.0.0.0:443->443/tcp hopeful_swartz
f7b13bf2bdcd ghost "docker-entrypoint..." 21 hours ago Up 21 hours 127.0.0.1:3001->2368/tcp zen_carson
Port 3001 Test
I can reach the backend server (container) on port 3001.
root@linode-server:~# curl -IL http://127.0.0.1:3001
HTTP/1.1 302 Found
X-Powered-By: Express
Location: /private/
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 31
Date: Sat, 07 Apr 2018 19:25:02 GMT
Connection: keep-alive
HTTP/1.1 200 OK
X-Powered-By: Express
Cache-Control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 2655
ETag: W/"a5f-wAxdmCnbgI8/PCwspg8GKWyhtRw"
Vary: Accept-Encoding
Date: Sat, 07 Apr 2018 19:25:02 GMT
Connection: keep-alive
NGINX Config
worker_processes 5;
events { worker_connections 1024; }
http {
server {
listen 443 ssl;
ssl_certificate /etc/nginx/packetflow.crt;
ssl_certificate_key /etc/nginx/packetflow.key;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host linode.packetflow.co.uk;
}
}
}
766
The best way to solve this issue is to assign a separate IP address to every HTTPS server: server { listen 192.168. 1.1:443 ssl; server_name www.example.com; ssl_certificate www. example.com.
Nginx and Docker reverse proxy configuration A reverse proxy handles client requests, and then forwards those requests to another server that runs in the backend. This backend origin server processes the request and provides a response back to Nginx, which then sends the response back to the client.
Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP.
SSL termination intercepts encrypted https traffic when a server receives data from a secure socket layer (SSL) connection in an SSL session. SSL termination or SSL offloading decrypts and verifies data on the load balancer instead of the application server.
You have basic issue of reachability. When you have below in your Nginx Config
proxy_pass http://127.0.0.1:3001;
Your are saying that within the same nginx container another service is running at port 3001. But the service is running in another container.
Next looking at your docker ps output
f7b13bf2bdcd ghost "docker-entrypoint..." 21 hours ago Up 21 hours 127.0.0.1:3001->2368/tcp zen_carson
The port inside the container is 2368 and not 3001. Now comes the part of launching the container so you know its address
If you are you launching your docker container through command line then you will launch the container like below
docker run -d --name ghost ghost
Then in your nginx config you will use
proxy_pass http://ghost:2368;
The better way is to actually through docker-compose. So you will create docker-compose.yml file
version: 3
services:
ghost
build: ghost
image: ghost
web:
build: web
image: web
ports:
- 443:443
You should look at below link
https://docs.docker.com/compose/overview/
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
