Nginx can't see the Node.js container!

Hello,
The YAML file is as follows:

services:
  nginx:
    container_name: Nginx
    build:
      context: /home/containers/nginx
      dockerfile: Dockerfile
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - /home/containers/nginx/nginx.conf:/etc/nginx/nginx.conf
      - "/var/run/docker.sock:/var/run/docker.sock"
    links:
      - user
    depends_on:
      - user
  user:
    container_name: User
    hostname: User
    build:
      context: /home/containers/user
      dockerfile: Dockerfile
    expose:
      - "3000"
    ports:
      - "3000:3000"
    environment:
      - PORT=3000
    volumes:
      - /home/containers/user:/usr/src/app
      - "/var/run/docker.sock:/var/run/docker.sock"
    command: npm start

The Node.js is running on port 3000 and the Nginx configuration file is as follows:

user www-data;
worker_processes auto;
worker_cpu_affinity auto;
pid /run/nginx.pid;
pcre_jit on;
events
{
        worker_connections 16384;
        multi_accept       on;
        use                epoll;
}
worker_rlimit_nofile 33268;

http {
      access_log  /var/log/nginx/access.log;
      error_log  /var/log/nginx/error.log;
      
    
    server {
       server_name _;
       listen 80;
#       listen [::]:443 ssl default_server;
#       listen 443      ssl default_server;
       error_log  /var/log/nginx/error.system-default.log;
       access_log /var/log/nginx/access.system-default.log;
       charset utf-8;
       return 403;
 
       #    ssl_certificate     /etc/ssl/certs/ssl.pem;
       #    ssl_certificate_key /etc/ssl/private/ssl.key;

                   
    location / {
     proxy_pass http://User:3000;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header Host $host;
     proxy_cache_bypass $http_upgrade;
    }
}

        server_names_hash_bucket_size 64;

        include      /etc/nginx/mime.types;
        default_type application/octet-stream;

#        root /var/www/empty-webroot/;
           
        resolver         127.0.0.53;
        resolver_timeout 60s;


#        include /etc/nginx/conf.d/*.conf;
#        ssl_protocols             TLSv1.2 TLSv1.3;
#        ssl_ecdh_curve            X25519:X448:secp256r1:secp384r1:secp521r1:sect571r1;
#        ssl_session_timeout       1d;
#        ssl_session_cache         shared:SSL:50m;
#        ssl_session_tickets       off;
#        ssl_ciphers               ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256->
#        ssl_prefer_server_ciphers on;
#        ssl_dhparam               /etc/letsencrypt/ssl-dhparams.pem;

#        ssl_stapling            on;
#        ssl_stapling_verify     on;
#        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; 

        server_tokens off;
        proxy_hide_header X-Powered-By;
        proxy_hide_header X-AspNet-Version;
        proxy_hide_header X-AspNetMvc-Version;
        proxy_hide_header X-Runtime;
        proxy_hide_header X-Redirect-By;
#        more_set_headers "Server : ";
#        more_set_headers "X-XSS-Protection : 0";
#        more_set_headers "X-Content-Type-Options : nosniff"
#        more_set_headers "X-Download-Options : noopen";
#        more_set_headers "X-Permitted-Cross-Domain-Policies : none"

        gzip              on;
        gzip_min_length   1499;
        gzip_disable      "msie6";
        gzip_vary         on;
        gzip_static       on;
        gzip_proxied      any;
        gzip_comp_level   4;
        gzip_buffers      16 8k;
        gzip_http_version 1.1;
        gzip_types
           application/atom+xml
           application/javascript
           application/json
           application/ld+json
           application/manifest+json
           application/rss+xml
           application/vnd.geo+json
           application/vnd.ms-fontobject
           application/wasm application/x-font-ttf
           application/x-web-app-manifest+json
           application/xhtml+xml application/xml
           image/bmp
           image/svg+xml
           image/x-icon
           font/opentype
           text/cache-manifest
           text/css
           text/javascript
           text/plain
           text/vcard
           text/vnd.rim.location.xloc
           text/vtt
           text/x-component
           text/x-cross-domain-policy
           text/xml
           application/xml+rss;

        limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
        limit_conn      limit_per_ip 130;
        limit_req_zone $binary_remote_addr zone=allips:10m rate=500r/s;
        limit_req      zone=allips burst=400 nodelay;
        limit_req_status  429;
        limit_conn_status 429;

        open_file_cache          max=5000 inactive=240s;
        open_file_cache_valid    60s;
        open_file_cache_min_uses 5;
        open_file_cache_errors   off;

        client_max_body_size        20M;
        client_header_buffer_size   5k;
        large_client_header_buffers 2 2k;
        client_body_buffer_size     32k;

        client_body_timeout   10;
        client_header_timeout 10;
        keepalive_timeout     10;
        send_timeout          10;

#        sendfile    on;
        tcp_nopush  on;
        tcp_nodelay on;

}

I got following error:

# curl localhost:80
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

The log file is as follows:

# cat access.system-default.log 
172.21.50.67 - - [01/Jun/2024:07:37:22 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:22 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.18.0.1 - - [01/Jun/2024:07:37:41 +0000] "GET / HTTP/1.1" 403 146 "-" "curl/7.88.1"

Where is the configuration wrong?

Thank you.

You are asking about an extensive nginx config, but this is a Docker forum.

I can tell you that the target service should be available via user hostname, try a ping from nginx container.

The rest is nginx config.

1 Like

Hi,
Thank you so much for your reply.
When I use the curl user:3000 command in the Nginx container, I can see the website.
Can you take a look at the Nginx configuration file?

No. I don’t know nginx config. This is a Docker forum :slight_smile:

Sometimes I use nginx-proxy, but never touched a config file, as it all is auto-configured via container labels.

1 Like

I’m not sure but aren’t you supposed to create network and to put both containers in this network so they can see each other?

docker network create --driver=bridge my_net

and then your docker file shoild look like this:

services:
  nginx:
    container_name: Nginx
    build:
      context: /home/containers/nginx
      dockerfile: Dockerfile
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - /home/containers/nginx/nginx.conf:/etc/nginx/nginx.conf
      - "/var/run/docker.sock:/var/run/docker.sock"
    links:
      - user
    depends_on:
      - user
    networks:
      - my_net
  user:
    container_name: User
    hostname: User
    build:
      context: /home/containers/user
      dockerfile: Dockerfile
    expose:
      - "3000"
    ports:
      - "3000:3000"
    environment:
      - PORT=3000
    volumes:
      - /home/containers/user:/usr/src/app
      - "/var/run/docker.sock:/var/run/docker.sock"
    command: npm start
    networks:
      - my_net

i’ve added network here

Hi,
Thank you so much for your reply.
Is links different from networks?

Check the docs (links, network).