Using nginx alongside the Docker install


(Ben T) #21

There’s nothing wrong with that config file. I’ve just copied it as is. What are the full results of apt-cache show nginx?


(liwei_swjtu) #22

the full results is like this:

dushu@bbs:~$ apt-cache show nginx
Package: nginx
Priority: optional
Section: universe/web
Installed-Size: 89
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Kartik Mistry <kartik@debian.org>
Architecture: all
Version: 1.2.6-1ubuntu3.3
Depends: nginx-full | nginx-light
Filename: pool/universe/n/nginx/nginx_1.2.6-1ubuntu3.3_all.deb
Size: 6310
MD5sum: f0b5620fe99be106a637b671bfd2ef26
SHA1: c2daadea04c6010ec28b7dcae2f998ef2bd9bb2d
SHA256: b6de1585b2be00097a9eb8ee57424049a2dae51280e9bd7f8b0e40a641305bf4
Description-en: small, powerful, scalable web/proxy server
 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This is a dependency package to install either nginx-full (by default) or
  nginx-light.
Homepage: http://nginx.net
Description-md5: 19a4ea43e33eae4a46abf8a78966deb5
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu


(Ben T) #23

I took another look… it looks like the line:

server_name bbs.dushu.ba

is missing a ; at the end.


Confused of expose port
(liwei_swjtu) #24

Mm,that’s it! It works perfect now, thank @trident so much.


(Silver Quettier) #25

Quite a useful thread here!

@trident, I was wondering if you could help me? I’m trying to set up a nginx front alongside the docker install to serve other content based on hostname.

I stumble upon a 502 - Bad Gateway error when trying to reach Discourse through the external Nginx. (Directly requesting on the custom port works.)


(Ben T) #26

Can you run curl http://127.0.0.1:<your custom port>/ and get output to the console?


(Silver Quettier) #27

Thank you for the quick answer.
The command gave me:

curl: (7) Failed to connect to 127.0.0.1 port 3080: Connection refused

Could it be an ownership problem? The Discourse install predates 1.0, and was done long before I wanted to install a front Nginx. It’s all owned by root it seems. :confused:

root@kayak:/var/discourse# ls -l
total 56
drwxr-xr-x  2 root root  4096 Nov 14 19:36 bin
drwxr-xr-x  2 root root  4096 Aug 27 22:12 cids
drwxr-xr-x  2 root root  4096 Mar  6  2014 containers
drwxr-xr-x 10 root root  4096 Aug 27 21:31 image
-rwxr-xr-x  1 root root 12952 Aug 27 21:31 launcher
-rw-r--r--  1 root root  7345 Aug 27 21:31 README.md
drwxr-xr-x  2 root root  4096 Aug 27 21:31 samples
drwxr-xr-x  2 root root  4096 Aug 27 21:31 scripts
drwxr-xr-x 11 root root  4096 Jun  9 14:37 shared
drwxr-xr-x  2 root root  4096 Aug 27 21:31 templates

(Ben T) #28

To make sure, you can access the site externally? If so, then you can replace the 127.0.0.1 with your external IP. In certain cases, this may increase bandwith usage.

Is it possible to update docker to the latest version?


(Silver Quettier) #29
root@kayak:/var/discourse# curl http://192.168.1.3:3080/
<html><body>You are being <a href="http://192.168.1.3:3080/login">redirected</a>.</body></html>

(I can’t check with external IP, the router will not let traffic go through that port.)

Docker is as up-to-date as the Discourse web update page prompted me to update, which is:

root@kayak:/var/discourse# docker version
Client version: 1.2.0
Client API version: 1.14
Go version (client): go1.3.1
Git commit (client): fa7b24f
OS/Arch (client): linux/amd64

Checking with apt-get, it’s lxc-docker-1.2.0. Should I push to 1.3.2? (Current version).


(Ben T) #30

Hmm, there might be a case where the docker container is not running on that IP internally; but the router is translating the address correctly. Can you run docker ps, get the container name and run:

docker inspect -f '{{ .NetworkSettings.IPAddress }}' <container_name>

(Silver Quettier) #31

Interesting!

root@kayak:/var/discourse# docker inspect -f '{{ .NetworkSettings.IPAddress }}' app
172.17.0.5

I read a bit on the topic, and from what I understand it’s the container address on the docker0 virtual Ethernet Bridge interface.

Edit - Possibly relevant:

root@kayak:/var/discourse/containers# iptables -t nat -L -n

(snip)

Chain DOCKER (2 references)
target     prot opt source               destination
DNAT    tcp  --  0.0.0.0/0     0.0.0.0/0   tcp dpt:2038 to:172.17.0.3:2038
DNAT    udp  --  0.0.0.0/0     0.0.0.0/0   udp dpt:2038 to:172.17.0.3:2038
DNAT    tcp  --  0.0.0.0/0     127.0.0.1   tcp dpt:2222 to:172.17.0.3:22
DNAT    tcp  --  0.0.0.0/0     0.0.0.0/0   tcp dpt:6502 to:172.17.0.3:26502
DNAT    udp  --  0.0.0.0/0     0.0.0.0/0   udp dpt:6502 to:172.17.0.3:26502
DNAT    tcp  --  0.0.0.0/0     0.0.0.0/0   tcp dpt:3080 to:172.17.0.5:80   <--- 
DNAT    tcp  --  0.0.0.0/0     0.0.0.0/0   tcp dpt:3022 to:172.17.0.5:22

(Ben T) #32

Does 172.17.0.5 work as an internal way to access your discourse install? I’m a little rusty on some docker details, but I believe anything on that interface accessing port 3080 should direct to port 80 on the web container. Does that interface have an assigned IP?

The reason for the exercise was to check that docker is assigning addresses itself, and not a router.


(Silver Quettier) #33

Based on what we found, I changed Nginx config files (the front one) so the sites-enabled Discourse config file now reads:

upstream discourse {
   server 172.17.0.5;
}

instead of:

upstream discourse {
   server 127.0.0.1:3080;
}

It works. Outside access through DNS is working. Is this a safe solution or will that IP be randomized on Discourse restart, making the config file invalid?


(Daniel Lynch) #34

Hi,

I’ve tried to configure nginx as a frontend proxy following the instructions contained here. My discourse.conf file says:

upstream discourse {
  server 127.0.0.1:4578 fail_timeout=5;
}
 
# configure the virtual host
server {
  # replace with your domain name
  server_name mydomain.net
 
  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    # pass to the upstream discourse server mentioned above
    proxy_pass http://mydomain.net;
  }
}

But I’m getting a 502 Bad Gateway error when I try to access the site on port 80 (accessing the site from port 4578 works just fine).

The error.log from outside the container says:

2014/12/22 19:40:59 [alert] 1016#0: 768 worker_connections are not enough
2014/12/22 19:40:59 [error] 1016#0: *60532 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: [redacted], server: [redacted], request: "POST /message-bus/d6dab21ff4d749b0824ef34bb2835aa5/poll?dlp=t HTTP/1.0", upstream: "http://[redacted]:80/message-bus/d6dab21ff4d749b0824ef34bb2835aa5/poll?dlp=t", host: "[redacted]", referrer: "http://[redacted]/"

And from inside it says:

2014/12/22 20:40:40 [error] 54#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: [redacted], server: _, request: "POST /message-bus/77c8377af79d4ca58923b13ddf3f634a/poll? HTTP/1.1", upstream: "http://127.0.0.1:3000/message-bus/77c8377af79d4ca58923b13ddf3f634a/poll?", host: "[redacted]", referrer: "[redacted]"

I had just done an upgrade of Ubuntu, Docker, and Discourse prior to attempting this (and rebooted).


(Kane York) #35

This is going to break long-polling, you’ll have a broken site.


(Daniel Lynch) #36

I’ve tried it both with that option on and that option off, neither one works. Both give me an immediate 502 Bad Gateway, with the errors I mentioned in the logs.


(Daniel Lynch) #37

My bad. I interpretted the instructions wrong and put http://mydomain.net instead of literally http://discourse for the proxy_pass part. Things seem to be working now. Thanks!


#38

Do I have to bootstrap my current install for discourse to work on a new port?


(Kane York) #39

Do a rebuild, yeah.

A restart might suffice, but you should probably just do a rebuild anyways


#40

I put
`expose:

  • “4578:80”`
    in container/app.yml then did ./launcher bootstrap app, but my discourse still appears on port 80. The forum is just set up, so I could conveniently just delete the whole discourse folder and build from git again. But it would be helpful to know why I guess! :smile:

./launcher rebuild app did the trick!