Sticky Cookie Sessions

bryaneriksson · December 23, 2021, 8:49pm

Ok so the first error I received was that the resolver directive cannot be used in the upstream block. So I moved the resolver directive to the server block. Now the error is:
nginx: [emerg] host not found in upstream "tasks.multiuser:80"
Here are the container names:
e04c9981fe09 mydockerstack_multiuser.1.wos8rexum9u4m4r4cel6cqr0z
fca252d19039 mydockerstack_multiuser.2.imz29xw17tccnok8ob3c04abv

meyay · December 23, 2021, 10:16pm

Hmm, according nginx documentation upstream allows the resolver directive, see: Module ngx_http_upstream_module

Though, I must admit, I never used it there, as I never had the need to implement sticky sessions in nginx.

Hmm, the external network ${DOCKER_NETWORK_NAME} is of type overlay, right? In my tests it works with tasks.${servicename} and tasks.${servicename}.${networkname} with deploy mode replicated and global - both variants return dnsrr ips of the containers… Not sure if this is because the resolver didn’t work in the upstream block.

The container names don’t matter for that issue.

bryaneriksson · December 23, 2021, 10:20pm

Ok thanks! Ya, network is overlay, and I will try tasks.${servicename}.${networkname} with my stack deploy!

meyay · December 23, 2021, 10:24pm

Like is said the ${networkname} shouldn’t matter and additionaly it introduces a maintainance mess, as you would always need to modify the configuration in case a different network name is used.

The service name must literaly match the name of the service declared in the compose file. The same usualy is true for the network, but I have no idea if this still applies when default points to an external network with different name - even though inside the compose file a service’s network declaration needs default, I would expect it to use the external networks name from inside the container.

Btw. you can drop the :80 on the upstream server directive.

bryaneriksson · December 23, 2021, 10:29pm

Sounds good! Also, I moved the network creation into the docker-compose file.
networks:
net:
driver: overlay
attachable: true
and added networks: net to each service

bryaneriksson · December 23, 2021, 10:50pm

Ok, here is my my nginx default.conf file:

upstream besoshub {
    ip_hash;

    server tasks.multiuser;

}

server {

    listen 80;
    server_name example.com;  # Real domain hidden

    # set DNS resolver as Docker internal DNS
    resolver 127.0.0.11 valid=10s;
    resolver_timeout 5s;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # websocket headers
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Scheme $scheme;

        proxy_buffering off;

        set $target http://besoshub;
        proxy_pass $target;
    }
}

With 2 multiuser replicas, I get the following error after GitLab redirects back to my server after authenticating:

400: Bad Request
OAuth state missing from cookies

So possibly the ip_hash directive is not working to enable sticky sessions.
Thanks again for all your help and super quick responses!!!

bryaneriksson · December 23, 2021, 10:55pm

I bet it has something to do with my nginx only listening on port 80 and not 443 haha! I will set that up now!