Hello
Thank you @meyay @meyay
No worries, I am not an expert, yet was trying my best and no worries.
Here are my configs:
On the Host server, NGINX config is:
upstream wordpress {
server localhost:9070;
}
server {
listen 80;
listen [::]:80;
server_name xyz.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name http://xyz.example.com;
ssl_certificate /etc/letsencrypt/live/wildcard.example.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wildcard.example.com-0001/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_verify_depth 3;
ssl_dhparam /etc/nginx/dhparam.pem;
index index.php index.html index.htm;
root /var/www/html;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
Now, the docker-compose.yml
version: '3'
services:
db:
image: mysql:8.0
container_name: db
restart: unless-stopped
env_file: .env
environment:
- MYSQL_DATABASE=wordpress
volumes:
- dbdata:/var/lib/mysql
command: '--default-authentication-plugin=mysql_native_password'
networks:
- app-network
wordpress:
depends_on:
- db
image: wordpress:6.2.2-php8.0-fpm-alpine
container_name: wordpress
restart: unless-stopped
ports:
- "127.0.0.1:9070:9070"
env_file: .env
environment:
- WORDPRESS_DB_HOST=db:3306
- WORDPRESS_DB_USER=$MYSQL_USER
- WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD
- WORDPRESS_DB_NAME=wordpress
volumes:
- /var/www/html:/var/www/html
volumes:
dbdata:
networks:
app-network:
driver: bridge
When I try to access xyz.example.com, I get:
502 Bad Gateway
In the NGINX error.log with log level “info”, I can see:
2023/08/09 19:47:51 [error] 17181#17181: *1 connect() failed (111: Unknown error) while connecting to upstream, client: 186.79.201.000, server: http://xyz.example.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9070", host: "xyz.example.com"
For “docker compose ps”, I get:
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
db mysql:8.0 "docker-entrypoint.s…" db 29 minutes ago Up 3 seconds 3306/tcp, 33060/tcp
wordpress wordpress:6.2.2-php8.0-fpm-alpine "docker-entrypoint.s…" wordpress 29 minutes ago Up 3 seconds 9000/tcp, 127.0.0.1:9070->9070/tcp
For “docker network ls”:
NETWORK ID NAME DRIVER SCOPE
a8d2d5803b41 bridge bridge local
c577a7812f2c host host local
82629c23af3d none null local
5a1e235c2f82 wordpress_app-network bridge local
ee559d7c813c wordpress_default bridge local
For “docker network inspect wordpress_app-network”:
[
{
"Name": "wordpress_app-network",
"Id": "5a1e235c2f82c9889d336920be40312d3b20c70d80b9a2e6c04c58d71e3526d4",
"Created": "2023-08-09T19:22:23.551479464Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"baab7f2a5cc9a2deb0581184b61c5c33b24c97078c61203722e09e6aa24afcb8": {
"Name": "db",
"EndpointID": "5a4cbbaa0bb368dc8e926cf56518cdfd68dd32b4246e79c071b54d5783dd74da",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "app-network",
"com.docker.compose.project": "wordpress",
"com.docker.compose.version": "2.20.2"
}
}
]
The same for the other network “wordpress_default”:
[
{
"Name": "wordpress_default",
"Id": "ee559d7c813ce48ece88cdd7f2949cfde037530f1213a5c54a3fe49ffbf38137",
"Created": "2023-08-09T19:22:23.609158268Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"530ecaf6fb4d7d10900960857ed47b4163661c789a347b1315916ac854e4ec5c": {
"Name": "wordpress",
"EndpointID": "c29dc63c242e10002545d256cd681083f95e00fa099b6ceef0d463465bb61805",
"MacAddress": "02:42:ac:13:00:02",
"IPv4Address": "172.19.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "wordpress",
"com.docker.compose.version": "2.20.2"
}
}
]
Last notes:
- I can see that none of the “networks” is binding to 127.0.0.1
- The wordpress container connects to port 9000 despite the docker compose YML file indicates different ports setup!
I hope the above shows in detail the setup that I have.
Let me know if anything else can help with this.
Thanks a lot
Khaldoun