My frontend service can't fetch the backend

henochit · January 3, 2023, 4:03pm

Hi have deployed my app in pre-prod env, I have a frontend and backend, I’m using docker image for front, back, and Nginx.

But the frontend service can’t fetch the backend endpoint, but when I connect the local frontend to my pre-prod backend it works well but it isn’t the same behavior with the pre-prod frontend.

i have this error when i log the front container :

---> ERROR >  Network error: request to https://mydomain.dev/graphql failed, reason: connect ETIMEDOUT 161.35.150.4:443

docker-compose.yml

# path: ./docker-compose.yml

version: '3'
services:
  certbot:
    image: certbot/certbot:latest
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw
      - ./certbot/conf/:/etc/letsencrypt/:rw
  frontend:
    container_name: frontend
    image: mydockerhub/app-front:latest
    restart: always
    ports:
      - 3000:3000
    networks:
      - strapi
  backend:
    container_name: backend
    build: .
    image: mydockerhub/app-back
    restart: always
    env_file: .env
    environment:
      DATABASE_CLIENT: ${DATABASE_CLIENT}
      DATABASE_HOST: myDB
      DATABASE_PORT: ${DATABASE_PORT}
      DATABASE_NAME: ${DATABASE_NAME}
      DATABASE_USERNAME: ${DATABASE_USERNAME}
      DATABASE_PASSWORD: ${DATABASE_PASSWORD}
      JWT_SECRET: ${JWT_SECRET}
      ADMIN_JWT_SECRET: ${ADMIN_JWT_SECRET}
      APP_KEYS: ${APP_KEYS}
      NODE_ENV: ${NODE_ENV}
    ports:
      - '1337:1337'
    networks:
      - strapi
    depends_on:
      - myDB
    volumes:
      - ./app:/srv/app

  myDB:
    container_name: myDB
    platform: linux/amd64 #for platform error on Apple M1 chips
    restart: unless-stopped
    env_file: .env
    image: mysql:5.7
    command: --default-authentication-plugin=mysql_native_password
    environment:
      MYSQL_ROOT_PASSWORD: ${DATABASE_PASSWORD}
      MYSQL_PASSWORD: ${DATABASE_PASSWORD}
      MYSQL_DATABASE: ${DATABASE_NAME}
    volumes:
      - strapi-data:/var/lib/mysql
      #- ./data:/var/lib/mysql # if you want to use a bind folder
    ports:
      - '13306:3306'
    networks:
      - strapi
  webserver:
    container_name: webserver
    image: nginx:latest
    ports:
      - 80:80
      - 443:443
    networks:
      - strapi
    restart: always
    depends_on:
      - frontend
      - backend
    volumes:
      - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./certbot/www:/var/www/certbot/:ro
      - ./certbot/conf/:/etc/nginx/ssl/:ro

volumes:
  strapi-data:

networks:
  strapi:
    name: Strapi
    driver: bridge

rimelek · January 3, 2023, 4:31pm

how do you want to connect to the backend? You have a hostname in the error message, but I don’t see where you configured it for the containers.

henochit · January 3, 2023, 5:13pm

i use nginx, here is the nginx.conf file content :

   events{}

http{
  include mime.types;

  # Expires map
  map $sent_http_content_type $expires {
      default                    off;
      text/html                  epoch;
      text/css                   max;
      application/javascript     max;
      ~image/                    max;
  }

  server {
    listen 80;
    listen [::]:80;

    server_name mydomain.com;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    

    location / {
        return 301 https://mydomain.dev$request_uri;
    }
  }

  server {
    listen 443 default_server ssl;
    listen [::]:443 ssl;

    server_name mydomain.dev;

    ssl_certificate /etc/nginx/ssl/live/mydomain.dev/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/mydomain.dev/privkey.pem;
    
    location /admin {
      sendfile on;
      proxy_pass http://backend:1337;
    }
    
    location /graphql {
      sendfile on;
      proxy_pass http://backend:1337;
    }

    location / {
      sendfile on;
      proxy_pass http://frontend:3000;
    }
  }
}

rimelek · January 3, 2023, 5:18pm

Nginx still needs a working hostname and I can’t see where you set it. Dou you have a local DNS server that makes mydomain.dev available?

henochit · January 3, 2023, 5:23pm

I use mydomain.dev as an example, otherwise I have a valid domain name attached to my server in prod.

rimelek · January 4, 2023, 9:20am

I missed the fact that the error message actually shows an IP address that it wants to connect to. In this case it could be a firewall issue. Is there a reason why you want to use a public domain name for connecting to a local container in the same Docker Compose network? You could just use “backend” instead of “mydomain.dev”.

henochit · January 4, 2023, 9:33am

The reason is that if i use “backend” the client on the browser cannot connect to the backend.

rimelek · January 4, 2023, 9:54am

I see. If there is no way to configure different domains for backend requests in the application, you could try to use “extra hosts” to change the IP address of mydomain.dev for requests coming from the container not from the client:

https://docs.docker.com/compose/compose-file/#extra_hosts

Or you could use network aliases:

https://docs.docker.com/compose/compose-file/#networks

Since we usually don’t want to use public domains for internal requests, I would try the above solutions first. If none of the above helps, then you need to fix the firewall configuration.