Docker-compose.yml services for nginx

jackchuong · June 18, 2018, 8:55am

Hi all,
I’m a docker newbie, this is my environment : CentOS Linux release 7.4.1708 (Core) + Docker version 18.05.0-ce, build f150324 .
This is my Dockerfile for nginx image container

From centos:7

#Install epel-release repo
RUN yum -y install --setopt=tsflags=nodocs epel-release &&
yum -y install --setopt=tsflags=nodocs nginx &&
yum clean all

EXPOSE 80
EXPOSE 443
#start nginx
CMD [ “nginx”, “-g”, “daemon off;”]
I build it successfully and can run container
docker build -t nginx .
docker run -d -p 80:80 nginx
934804d597a13c6fae6dcc9bbf5f0a32c7cc97fea5dcbb9e42d0c9c73fdae8d5

Now I want to create service run 2 container. For ex

Assume that on host I place all nginx configuration files are store in /opt/nginx and /opt/nginx/conf.d (/opt/nginx has nginx.conf , fastcgi_params, fastcgi.conf, … and nginx.conf include /etc/nginx/conf.d/*.conf)
Because nginx in container is installed as default so it will read configuration from /etc/nginx.conf right ? How can I map /opt/nginx and /opt/nginx/conf.d from host into /etc/nginx and /etc/nginx/conf.d on container ?
Assume that on host I place my web sites source code in /opt/www , I also want to map /opt/www from host into container.
I imagine my docker-compose.yml will be like

version: “3”
services:
web:
image: nginx
volumes:
- /opt/nginx:/etc/nginx
- /opt/nginx/conf.d:/etc/nginx/conf.d
- /opt/www:/opt/www
deploy:
replicas: 2
restart_policy:
condition: on-failure
ports:
- “80:80”
- “443:443”
networks:
- webnet
networks:
webnet:
Please give me some advice, thank you very much.

jackton1 · June 18, 2018, 9:28am

Simply declare the volume to map in your docket-compose.yml file

volumes:
    - path/to/my/app:app
    - path/to/nginx.conf:/etc/nginx/nginx.conf
    - path/to/site/conf:/etc/nginx/conf.d

jackchuong · June 18, 2018, 9:41am

Yes! Thank you, it works !

jackchuong · June 19, 2018, 3:24am

I have 1 more question, I want prevent Docker from manipulating iptables and mange my iptables rules by hand, so I create file /etc/docker/daemon.json

{
“ipv6”: false,
“iptables”: false
}

I clean all iptables rules

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

then restart docker, but it will add new rules into iptables automatically

systemctl restart docker.service
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all – anywhere anywhere

Start docker service and container will add more iptables rule. I know it is not related to the topic but instead creating new one but same info …
How can I stop docker from manipulating iptables rules ?

terpz · June 19, 2018, 6:22pm

I belive its related to this: https://github.com/docker/for-linux/issues/136

jackchuong · June 20, 2018, 1:57am

Thank you terpz,this issue is still open so I will wait, also, the file /etc/docker/daemon.json make me another trouble , after restarting docker I cannot build image, I get error

Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was
14: curl#6 - “Could not resolve host: mirrorlist.centos.org; Unknown error”
The command ‘/bin/sh -c yum -y install --setopt=tsflags=nodocs epel-release && yum -y install --setopt=tsflags=nodocs nginx && yum clean all’ returned a non-zero code: 1

I guess it is because “ipv6”: false , I want to disable ipv6 for docker cause I disabled ipv6 on my host. I remove “ipv6”: false from /etc/docker/daemon.json and everything back to normal.

jackchuong · June 21, 2018, 9:48am

I need your help again, now I cannot run stack/service with docker-compose.yml . This is my nginx image Dockerfile

From centos:7

#Install epel-release repo
RUN yum -y install --setopt=tsflags=nodocs epel-release &&
yum -y install --setopt=tsflags=nodocs nginx &&
yum clean all

EXPOSE 80
EXPOSE 443
#start nginx
CMD [ “nginx”, “-g”, “daemon off;”]

I build it successfully and can run container nginx , port 80 listen and I can access to http://myip

docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              80649ca2adb9        16 minutes ago      271MB
nginx               <none>              cd5239a0906a        2 weeks ago         109MB
centos              7                   49f7960eb7e4        2 weeks ago         200MB

This is my docker-compose.yml

version: "3"
services:
  web:
    image: nginx
    volumes:
      - /opt/nginx/nginx.conf:/etc/nginx/nginx.conf
      - /opt/nginx/conf.d:/etc/nginx/conf.d
      - /opt/www:/opt/www
    deploy:
      replicas: 2
      restart_policy:
        condition: on-failure
    ports:
      - "80:80"
      - "443:443"
    networks:
      - webnet
networks:
   webnet:

docker stack deploy -c docker-compose.yml nginx
Creating network nginx_webnet
Creating service nginx_web
docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
g5z6ldp9icab        nginx_web           replicated          0/2                 nginx:latest        *:80->80/tcp, *:443->443/tcp

Why it doesn’t create 2 containers ? No port 80 listen

stevejr · June 22, 2018, 8:38am

Can you check the service to see if what is happening as your replica count is 0.

Try a docker service ps <service name> and a docker service inspect <service name> and see what the results are.

jackchuong · June 22, 2018, 9:18am

Hi Steve, thanks for your reply, here the result

docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
hspa8eevv64o        nginx_web           replicated          0/2                 nginx:latest        *:80->80/tcp, *:443->443/tcp

docker service ps hspa8eevv64o
ID                  NAME                IMAGE               NODE                    DESIRED STATE       CURRENT STATE               ERROR                       PORTS
x0xs2nd8ejf3        nginx_web.1         nginx:latest        localhost.localdomain   Ready               Ready 2 seconds ago
zn0dw7o8bp7c         \_ nginx_web.1     nginx:latest        localhost.localdomain   Shutdown            Failed 27 seconds ago       "task: non-zero exit (1)"
vsrwx20s1hkf         \_ nginx_web.1     nginx:latest        localhost.localdomain   Shutdown            Failed 42 seconds ago       "task: non-zero exit (1)"
zkpfi06i8x9o         \_ nginx_web.1     nginx:latest        localhost.localdomain   Shutdown            Failed about a minute ago   "task: non-zero exit (1)"
x5ptlg3onlga         \_ nginx_web.1     nginx:latest        localhost.localdomain   Shutdown            Failed about a minute ago   "task: non-zero exit (1)"
n61almhzpu2f        nginx_web.2         nginx:latest        localhost.localdomain   Ready               Ready 2 seconds ago
vt6k3wtpfd83         \_ nginx_web.2     nginx:latest        localhost.localdomain   Shutdown            Failed 3 seconds ago        "task: non-zero exit (1)"
xbx2oo7dd8jp         \_ nginx_web.2     nginx:latest        localhost.localdomain   Shutdown            Failed 19 seconds ago       "task: non-zero exit (1)"
tnkmgf3aupmx         \_ nginx_web.2     nginx:latest        localhost.localdomain   Shutdown            Failed 50 seconds ago       "task: non-zero exit (1)"
xirg7j68iq9o         \_ nginx_web.2     nginx:latest        localhost.localdomain   Shutdown            Failed 2 minutes ago        "task: non-zero exit (1)"

docker service inspect hspa8eevv64o
[
    {
        "ID": "hspa8eevv64o5gv31gu71guze",
        "Version": {
            "Index": 1254
        },
        "CreatedAt": "2018-06-22T09:12:50.903205447Z",
        "UpdatedAt": "2018-06-22T09:12:50.919451642Z",
        "Spec": {
            "Name": "nginx_web",
            "Labels": {
                "com.docker.stack.image": "nginx",
                "com.docker.stack.namespace": "nginx"
            },
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "nginx:latest@sha256:3e2ffcf0edca2a4e9b24ca442d227baea7b7f0e33ad654ef1eb806fbd9bedcf0",
                    "Labels": {
                        "com.docker.stack.namespace": "nginx"
                    },
                    "Privileges": {
                        "CredentialSpec": null,
                        "SELinuxContext": null
                    },
                    "Mounts": [
                        {
                            "Type": "bind",
                            "Source": "/opt/nginx/nginx.conf",
                            "Target": "/etc/nginx/nginx.conf"
                        },
                        {
                            "Type": "bind",
                            "Source": "/opt/nginx/conf.d",
                            "Target": "/etc/nginx/conf.d"
                        },
                        {
                            "Type": "bind",
                            "Source": "/opt/www",
                            "Target": "/opt/www"
                        }
                    ],
                    "StopGracePeriod": 10000000000,
                    "DNSConfig": {},
                    "Isolation": "default"
                },
                "Resources": {},
                "RestartPolicy": {
                    "Condition": "on-failure",
                    "Delay": 5000000000,
                    "MaxAttempts": 0
                },
                "Placement": {
                    "Platforms": [
                        {
                            "Architecture": "amd64",
                            "OS": "linux"
                        },
                        {
                            "OS": "linux"
                        },
                        {
                            "Architecture": "arm64",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "386",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "ppc64le",
                            "OS": "linux"
                        },
                        {
                            "Architecture": "s390x",
                            "OS": "linux"
                        }
                    ]
                },
                "Networks": [
                    {
                        "Target": "gwarfhstnup7pbwm3iqr7jtn4",
                        "Aliases": [
                            "web"
                        ]
                    }
                ],
                "ForceUpdate": 0,
                "Runtime": "container"
            },
            "Mode": {
                "Replicated": {
                    "Replicas": 2
                }
            },
            "UpdateConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "RollbackConfig": {
                "Parallelism": 1,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "EndpointSpec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 80,
                        "PublishedPort": 80,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 443,
                        "PublishedPort": 443,
                        "PublishMode": "ingress"
                    }
                ]
            }
        },
        "Endpoint": {
            "Spec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 80,
                        "PublishedPort": 80,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 443,
                        "PublishedPort": 443,
                        "PublishMode": "ingress"
                    }
                ]
            },
            "Ports": [
                {
                    "Protocol": "tcp",
                    "TargetPort": 80,
                    "PublishedPort": 80,
                    "PublishMode": "ingress"
                },
                {
                    "Protocol": "tcp",
                    "TargetPort": 443,
                    "PublishedPort": 443,
                    "PublishMode": "ingress"
                }
            ],
            "VirtualIPs": [
                {
                    "NetworkID": "kkonnnjrdlxb8gi45k6hobsun",
                    "Addr": "10.255.0.107/16"
                },
                {
                    "NetworkID": "gwarfhstnup7pbwm3iqr7jtn4",
                    "Addr": "10.0.0.3/24"
                }
            ]
        }
    }
]

stevejr · June 22, 2018, 10:17am

Ok, so we need to see why the task is exiting so next step is to do a docker service logs <service|task name> and see what is being logged out.

Are you sure that the host volumes you are mapping into the service are present and contain the required files? Remember when mounting a host volume in a service it needs to be present on every node in the Swarm - please refer to Deploy services to a swarm | Docker Docs for more information on volumes in a service.

jackchuong · June 22, 2018, 11:12am

This is log result

docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
mvlgx0lzjtyk        nginx_web           replicated          0/2                 nginx:latest        *:80->80/tcp, *:443->443/tcp

[root@localhost docker]# docker service logs nginx_web
nginx_web.2.85c9zc1kyy4y@localhost.localdomain    | 2018/06/22 10:41:09 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.qbeaprfqqpww@localhost.localdomain    | 2018/06/22 10:41:25 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.2.x1gvf2k0qtsg@localhost.localdomain    | 2018/06/22 10:41:32 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.2.x1gvf2k0qtsg@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.2.85c9zc1kyy4y@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.qbeaprfqqpww@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.o5rz54p5ka8r@localhost.localdomain    | 2018/06/22 10:41:40 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.2.shcn1gq6g28j@localhost.localdomain    | 2018/06/22 10:41:40 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.2.r4xyj05y7dkr@localhost.localdomain    | 2018/06/22 10:41:16 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.m14cicyqk6rk@localhost.localdomain    | 2018/06/22 10:41:02 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.2.r4xyj05y7dkr@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.o5rz54p5ka8r@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.2.shcn1gq6g28j@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.qelxkozis1xn@localhost.localdomain    | 2018/06/22 10:40:54 [emerg] 1#1: open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.qelxkozis1xn@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24
nginx_web.1.m14cicyqk6rk@localhost.localdomain    | nginx: [emerg] open() "/etc/opt/rh/rh-nginx18/nginx/fastcgi_params" failed (2: No such file or directory) in /etc/nginx/conf.d/test.conf:24

Please ignore service id , I stop and start it so the id is different . Now I understand
In container, /etc/nginx/nginx.conf include file /etc/nginx/conf.d/test.conf, this is test.conf

server {
        listen 80;
        server_name test.mydomain.com;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    root /opt/www/test/;
    gzip  on;
gzip_comp_level 9;
gzip_min_length 1000;
gzip_proxied off;
gzip_types text/plain text/css application/xml+html application/javascript image/jpeg image/x-icon image/gif image/png video/jpeg;
gzip_disable "MSIE [1-6]\.";

index index.html index.htm index.php;

location / {
               try_files $uri $uri/ /index.php?/$request_uri;
        }

    location ~ \.php$ {
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        /etc/opt/rh/rh-nginx18/nginx/fastcgi_params;

    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_read_timeout 150;
        fastcgi_pass  127.0.0.1:9003;

    fastcgi_index index.php;

    }
}

The part “include /etc/opt/rh/rh-nginx18/nginx/fastcgi_params;” doesn’t work because “/etc/opt/rh/rh-nginx18/nginx/fastcgi_params” doesn’t exist .
I think I misunderstand the workflow here, my nginx image is build as default (as you can see my nginx Dockerfile above) so I think these files/folders must be existed in my container (as when I yum install nginx on host)

ls /etc/nginx/
conf.d     fastcgi.conf          fastcgi_params          koi-utf  mime.types          nginx.conf          scgi_params          uwsgi_params          win-utf
default.d  fastcgi.conf.default  fastcgi_params.default  koi-win  mime.types.default  nginx.conf.default  scgi_params.default  uwsgi_params.default

And I want to override only file /etc/nginx/nginx.conf and folder /etc/nginx/conf.d in my container with my preparation on host.
The part “include /etc/opt/rh/rh-nginx18/nginx/fastcgi_params;” in container should works cause file /etc/nginx/fastcgi_params should be existed in container ?

This Swarm has only 1 member node now and yes, the host volumes I am mapping into the service are present and contain the required files. Removing the part related to “fastcgi_params” from test.conf make it works ok.
Again, thank you very much.

stevejr · June 22, 2018, 2:11pm

No problem and glad it is working.

Instead of mapping entire host volumes you could just COPY in your files into the image unless you really need to mount the host volumes.

jackchuong · June 23, 2018, 3:33am

I want to keep my images simple as possible and leave the “configuration” part for docker-compose.yml . This is my configuration now
Nginx image Dockerfile

From centos:7

#Install epel-release repo
RUN yum -y install --setopt=tsflags=nodocs epel-release && \
yum -y install --setopt=tsflags=nodocs nginx && \
yum clean all

EXPOSE 80
EXPOSE 443
#start nginx
CMD [ "nginx", "-g", "daemon off;"]

php-fpm70 image Dockerfile

From centos:7

#Install centos-release-scl-rh
RUN yum install -y --setopt=tsflags=nodocs centos-release-scl-rh && \
    yum install -y --setopt=tsflags=nodocs \
rh-php70-php.x86_64 \
rh-php70-php-bcmath.x86_64 \
rh-php70-php-common.x86_64 \
rh-php70-php-devel.x86_64 \
rh-php70-php-enchant.x86_64 \
rh-php70-php-fpm.x86_64 \
rh-php70-php-gd.x86_64 \
rh-php70-php-intl.x86_64 \
rh-php70-php-json.x86_64 \
rh-php70-php-ldap.x86_64 \
rh-php70-php-mbstring.x86_64 \
rh-php70-php-mysqlnd.x86_64 \
rh-php70-php-pear.noarch \
rh-php70-php-pspell.x86_64 \
rh-php70-php-process.x86_64 \
rh-php70-php-recode.x86_64 \
rh-php70-php-snmp.x86_64 \
rh-php70-php-soap.x86_64 \
rh-php70-php-xml.x86_64 \
rh-php70-php-zip.x86_64 && \
    yum clean all

EXPOSE 9003
#start php-fpm70
CMD [ "/opt/rh/rh-php70/root/usr/sbin/php-fpm", "--nodaemonize"]

docker-compose.yml

version: "3"
services:
  web:
    image: nginx
    volumes:
      - /opt/nginx/nginx.conf:/etc/nginx/nginx.conf
# map /opt/nginx/conf.d/test.conf to /etc/nginx/conf.d/test.conf in container
      - /opt/nginx/conf.d:/etc/nginx/conf.d
# map source code folder from host to container
      - /opt/www:/opt/www
    deploy:
      replicas: 2
      restart_policy:
        condition: on-failure
    ports:
      - "80:80"
      - "443:443"
    networks:
      - webnet
  php-fpm70:
    image: php-fpm70
    deploy:
      replicas: 2
      restart_policy:
        condition: on-failure
    volumes:
# override php-fpm config incontainer
# My www.conf on host has "listen = 127.0.0.1:9003" , I want to change php-fpm port from 9000 #(default) to 9003
      - /opt/php-fpm70/www.conf:/etc/opt/rh/rh-php70/php-fpm.d/www.conf
    ports:
      - "9003:9003"
    networks:
      - webnet
networks:
   webnet:

test.conf

server {
        listen 80;
        server_name test.mydomain.com;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    root /opt/www/test/;
    gzip  on;
gzip_comp_level 9;
gzip_min_length 1000;
gzip_proxied off;
gzip_types text/plain text/css application/xml+html application/javascript image/jpeg image/x-icon image/gif image/png video/jpeg;
gzip_disable "MSIE [1-6]\.";

index index.html index.htm index.php;

location / {
               try_files $uri $uri/ /index.php?/$request_uri;
        }

    location ~ \.php$ {
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include         fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_read_timeout 150;
        fastcgi_pass  127.0.0.1:9003;

    fastcgi_index index.php;

    }
}

docker stack deploy -c docker-compose.yml getstartedlab
Creating network getstartedlab_webnet
Creating service getstartedlab_web
Creating service getstartedlab_php-fpm70
docker service ls
ID                  NAME                      MODE                REPLICAS            IMAGE               PORTS
tvhoegirh0u1        getstartedlab_php-fpm70   replicated          2/2                 php-fpm70:latest    *:9003->9003/tcp
eyso1a223bpb        getstartedlab_web         replicated          2/2                 nginx:latest        *:80->80/tcp, *:443->443/tcp

I can access to test.mydomain.com --> “Welcome to nginx” , but I cannot access test.mydomain.com/abc.php which actually show phpinfo --> “502 Bad Gateway”, here log result

docker service logs getstartedlab_web
getstartedlab_web.2.mqami2228dix@localhost.localdomain    | 10.255.0.2 - - [23/Jun/2018:03:04:15 +0000] "GET / HTTP/1.1" 200 1281 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
getstartedlab_web.1.kd3jvdlhayoa@localhost.localdomain    | 2018/06/23 03:04:15 [error] 7#7: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 10.255.0.2, server: test.mydomain.com, request: "GET /poweredby.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:9003", host: "test.mydomain.com", referrer: "http://test.mydomain.com/"
getstartedlab_web.2.mqami2228dix@localhost.localdomain    | 2018/06/23 03:04:15 [error] 7#7: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 10.255.0.2, server: test.mydomain.com, request: "GET /nginx-logo.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:9003", host: "test.mydomain.com", referrer: "http://test.mydomain.com/"
getstartedlab_web.1.kd3jvdlhayoa@localhost.localdomain    | 10.255.0.2 - - [23/Jun/2018:03:04:15 +0000] "GET /poweredby.png HTTP/1.1" 502 173 "http://test.mydomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
getstartedlab_web.2.mqami2228dix@localhost.localdomain    | 10.255.0.2 - - [23/Jun/2018:03:04:15 +0000] "GET /nginx-logo.png HTTP/1.1" 502 173 "http://test.mydomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
getstartedlab_web.2.mqami2228dix@localhost.localdomain    | 2018/06/23 03:04:18 [error] 7#7: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 10.255.0.2, server: test.mydomain.com, request: "GET /abc.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9003", host: "test.mydomain.com"
getstartedlab_web.2.mqami2228dix@localhost.localdomain    | 10.255.0.2 - - [23/Jun/2018:03:04:18 +0000] "GET /abc.php HTTP/1.1" 502 173 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"

Is there something wrong with docker network so nginx container cannot connect with php-fpm70 container ?

docker network ls
NETWORK ID          NAME                   DRIVER              SCOPE
6d4cc5aa09f4        bridge                 bridge              local
78fb32ab0e58        docker_gwbridge        bridge              local
9sxuyuxcwjlq        getstartedlab_webnet   overlay             swarm
270e6709c894        host                   host                local
svsdczo4kr26        ingress                overlay             swarm
ffbf775e969e        none                   null                local

docker network inspect getstartedlab_webnet
[
    {
        "Name": "getstartedlab_webnet",
        "Id": "9sxuyuxcwjlquoqu1zbaz8huf",
        "Created": "2018-06-23T10:03:56.620174441+07:00",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.0.0/24",
                    "Gateway": "10.0.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "9d30d57e6b1d5f9fd71d4771b760c991d2146b308cf3df74875fd31ecebebf1e": {
                "Name": "getstartedlab_web.2.mqami2228dixlrujxwqpncskd",
                "EndpointID": "304470a08228b130ed3fadb7f36ccdc2898b9dd3849a5d80a8e03ac9a93e8504",
                "MacAddress": "02:42:0a:00:00:05",
                "IPv4Address": "10.0.0.5/24",
                "IPv6Address": ""
            },
            "a2a3d652da946138fd6b33ad757540934f055cc01db1cbc344b3619109f72fbb": {
                "Name": "getstartedlab_php-fpm70.1.h1ded0ovmlpxdsfwxsps0pbzr",
                "EndpointID": "ce27144f8ede515ae1a36b0e44f890d4293cd9d7c0998fa36b4ca01e8c58930d",
                "MacAddress": "02:42:0a:00:00:07",
                "IPv4Address": "10.0.0.7/24",
                "IPv6Address": ""
            },
            "ea839fff4e013d0f64ff4597bb63910119f41527378b69fa71af1a55d7eb6f56": {
                "Name": "getstartedlab_web.1.kd3jvdlhayoayfhhr8bx5mqna",
                "EndpointID": "3af0749441b3a5825f0f36fe4c2b1d7565f859baee38f2179cf874824c3ce101",
                "MacAddress": "02:42:0a:00:00:04",
                "IPv4Address": "10.0.0.4/24",
                "IPv6Address": ""
            },
            "f191bd551d0df8912af64e1b789e1dcb31ac2d01d8e12b3164910815be677d3e": {
                "Name": "getstartedlab_php-fpm70.2.l70dy735x4d71z25gkizcyd60",
                "EndpointID": "a3a0fd18ed70d5123e66b92fa0ecef781b46b51b6d8a99e007462c87c2044208",
                "MacAddress": "02:42:0a:00:00:08",
                "IPv4Address": "10.0.0.8/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4107"
        },
        "Labels": {
            "com.docker.stack.namespace": "getstartedlab"
        },
        "Peers": [
            {
                "Name": "2a7b6aa7e0ce",
                "IP": "192.168.0.124"
            }
        ]
    }
]

On host, I can see there is nginx and php-fpm containers are runnung, I cant telnet telnet 127.0.0.1 80 but cannot telnet 127.0.0.1 9003.

jackchuong · June 25, 2018, 7:36am

The problem is php-fpm70 container cannot be connected from outsite, and I figure out reason.
I have to comment out line “listen.allowed_clients = 127.0.0.1” in my php-fpm www.conf to allow connection from outside the container.
I want to run many php-fpm version instances (each container) at same time so I have to change php-fpm config to change listen port. This is final OK configuration

version: "3.3"
services:
  php-fpm70:
    deploy:
      replicas: 2
      restart_policy:
        condition: on-failure
    configs:
      - source: www.conf.1
        target: /etc/opt/rh/rh-php70/php-fpm.d/www.conf
    volumes:
      - /opt/www:/opt/www
    ports:
      - "9003:9003"
    networks:
      - webnet
  web:
    image: nginx
    deploy:
      replicas: 2
      restart_policy:
        condition: on-failure
    configs:
      - source: nginx.conf
        target: /etc/nginx.conf
      - source: nginx-conf.d
        target: /etc/nginx/conf.d/test.conf
    volumes:
      - /opt/www:/opt/www
    ports:
      - "80:80"
      - "443:443"
    networks:
      - webnet

configs:
  nginx.conf:
    file: /opt/nginx/nginx.conf
  nginx-conf.d:
    file: /opt/nginx/conf.d/test.conf
  www.conf.1:
    file: /opt/php-fpm70/www.conf

networks:
   webnet:

test.conf

server {
        listen 80;
        server_name test.mydomain.com;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    root /opt/www/test/;
    gzip  on;
gzip_comp_level 9;
gzip_min_length 1000;
gzip_proxied off;
gzip_types text/plain text/css application/xml+html application/javascript image/jpeg image/x-icon image/gif image/png video/jpeg;
gzip_disable "MSIE [1-6]\.";

index index.html index.htm index.php;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
# change here a little bit
        fastcgi_pass php-fpm70:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

www.conf

...
listen = 9003
;listen.allowed_clients = 127.0.0.1
...

Thank you very much.

boiky · July 12, 2018, 10:19am

What’s wrong with official nginx image?
https://hub.docker.com/_/nginx/

Topic		Replies	Views
Docker-compose.yml services for php-fpm General	10	33439	June 25, 2018
How to start nginx on docker container through the Dockerfile and without systemctl General docker	1	31222	September 11, 2019
./docker-compose.yml is invalid because: Unsupported config option for services.app: 'db' General docker	7	5798	November 8, 2022
Short help to sort out my first yml and dockerfile General	3	602	May 24, 2020
Cannot access published port Compose	2	2515	February 4, 2022

Docker-compose.yml services for nginx

Related Topics