Docker Community Forums

Share and learn in the Docker community.

Connection Refused from Upstream

(Chrishane) #1

Trying to setup nginx and tomcat in separate containers. Steps to recreate what I’m seeing:

docker network create rock-net [to create private bridge network]
docker run -d -p 4444:8080 --name apps --network rock-net tomcat:9.0.6-jre-alpine
docker run -d -p 5555:80 --name webserver --network rock-net nginx:1.13.11-alpine
docker network connect bridge webserver [connect the webserver to both public and private networks]

When I run this in the browser, I get the generic nginx page:

http:// localhost:5555

Next I want to connect nginx to tomcat:

modify nginx default.conf to have the
location / { proxy_pass http://apps:4444/;} [have tried a lot of variations here]
reload wit nginx -s reload

When I am logged onto the nginx webserver (docker exec -it webserver /bin/ash), I can ping apps and get a response.

When I issue a browser connection (chrome):

http:// localhost:5555

I get the nginx error page and the following in the nginx error log (set to debug):

2018/04/10 17:24:44 [error] 47#47: *19 connect() failed (111: Connection refused) while connecting to upstream, client:, server: localhost, request: “GET /manager HTTP/1.1”, upstream: “http: // manager”, host: “localhost:5555”

Nothing on the tomcat server logs.

I’ve run docker network inspect on both bridge and rock-net. On the bridge, only webserver is connected. On the rock-net network, both webserver and apps container are connected.

All three components (chrome browser and 2 containers) are running on the same machine (latest docker download as of today, windows 10 pro). I’ve turned off the firewall.

Thoughts on what could be causing the containers to not be able to talk to each other? Or thoughts on next step to debug?


(Chrishane) #2

So I changed the proxy_pass to use:
proxy_pass http://apps:8080

And it works. Any idea why the port mapping (4444:8080) isn’t being used for private networking?


(Chrishane) #3

ok - nevermind. Got it. Finally understood the docs and port mapping isn’t needed for private networked containers.