Nginx as Reverse Proxy for Docker VHosts

Question

I'm currently trying to built my own webserver/service and wanted to set up things like this:

• Wordpress for the main "blog"
• Gitlab for my git repositories
• Owncloud for my data storage

I've been using Docker for getting a nice little gitlab running, which works perfectly fine, mapping to port :81 on my webserver with my domain.

What annoys me a bit is, that Docker images are always bound to a specific portnumber and are thus not really easy to remember, so I'd love to do something like this:

git.mydomain.com for gitlab
mydomain.com (no subdomain) for my blog
owncloud.mydomain.com for owncloud

As far as I understood, I need a reverse proxy for this, which I decided to use nginx for. So I set things up like this:

http {
include       mime.types;
default_type  application/octet-stream;

sendfile        on;

keepalive_timeout  65;

server {
    listen       80;
    server_name  mydomain.com;
    location / {
            proxy_pass http://localhost:84;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
server {
    listen 80;
    server_name git.mydomain.com;

    location / {
        proxy_pass http://localhost:81;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

This way, I have git.mydomain.com up and running flawlessly, but my wordpress just shows me a blank webpage. My DNS is setup like this:

Host   Type   MX Destination
*      A      IP
@      A      IP
www    CNAME   @

Am I just too stupid or whats going on here?

Answer 1

I know your question is more specifically about your Nginx proxy configuration, but I thought it would be useful to give you this link which details how to set up an Nginx docker container that automagically deploys configurations for reverse-proxying those docker containers. In other words, you run the reverse proxy and then your other containers, and the Nginx container will route traffic to the others based on hostname.

Basically, you pull the proxy container and run it with a few parameters set in the docker run command, and then you bring up the other containers which you want proxied. Once you've got docker installed and pulled the nginx-proxy image, the specific commands I use to start the proxy:

docker run -d --name="nginx-proxy" --restart="always" -p 80:80 \ -v /var/run/docker.sock:/tmp/docker.sock jwilder/nginx-proxy

And now the proxy is running. You can verify by pointing a browser at your address, which should return an Nginx 502 or 503 error. You'll get the errors because nothing is yet listening. To start up other containers, it's super easy, like this:

docker run -d --name="example.com" --restart="always" \ -e "VIRTUAL_HOST=example.com" w3b1x/mywebcontainer

That -e "VIRTUAL_HOST=example.com" is all it takes to get your Nginx proxy routing traffic to the container you're starting.

I've been using this particular method since I started with Docker and it's really handy for exactly this kind of situation. The article I linked gives you step-by-step instructions and all the information you'll need. If you need more information (specifically about implementing SSL in this setup), you can check out the git repository for this software.

Answer 2

Your nginx config look sane, however, you are hitting localhost:xx, which is wrong. It should be either gatewayip:xx or better target_private_ip:80.

An easy way to deal with this is to start your containers with --link and to "inject" the ip via a shell script: have the "original" nginx config with a placeholder instead of the ip, then sed -i with the value from the environment.