Open Trouffman opened 7 years ago
fatk
commented
7 years ago Thanks a lot for raising this issue, i'm aware of it and in the process of updating this repo with a more robust setup.
In the meantime, if you're interested in a working production-grade docker-compose file, check this one out: https://github.com/pixelfordinner/pixelcloud-docker-apps/blob/master/nginx-proxy/docker-compose.yml
1beb
commented
7 years ago I'm working with your example and getting the same problem. Not sure if that was the only issue.
fatk
commented
7 years ago Could you maybe post your nginx.tmpl and generated default.conf as well as full compose setup?
1beb
commented
7 years ago This is in regards to the repo example for pixelfordinner
git clone ...pixelcloud-docker-appscat data/templates/nginx.tmpldocker-compose.yml
version: "2"
services:
nginx:
image: pixelfordinner/nginx
container_name: pixelcloud-nginx_proxy-nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- "./volumes/conf.d:/etc/nginx/conf.d:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:ro"
- "./volumes/certs:/etc/nginx/certs:ro"
- "/usr/share/nginx/html"
networks:
- proxy-tier
docker-gen:
image: jwilder/docker-gen:0.7.3
container_name: pixelcloud-nginx_proxy-docker_gen
restart: unless-stopped
depends_on:
- nginx
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./data/templates:/etc/docker-gen/templates:ro"
- "./volumes/conf.d:/etc/nginx/conf.d:rw"
networks:
- proxy-tier
entrypoint: /usr/local/bin/docker-gen -notify-sighup pixelcloud-nginx_proxy-nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.t$
lets-encrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion:v1.4
container_name: pixelcloud-nginx_proxy-lets_encrypt
restart: unless-stopped
depends_on:
- nginx
- docker-gen
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/vhost.d:/etc/nginx/vhost.d:rw"
- "./volumes/certs:/etc/nginx/certs:rw"
environment:
- "NGINX_DOCKER_GEN_CONTAINER=pixelcloud-nginx_proxy-docker_gen"
# - "ACME_CA_URI=https://acme-staging.api.letsencrypt.org/directory"
# - "DEBUG=true"
locks:
depends_on:
- nginx
image: nginx
container_name: locks
restart: always
environment:
- VIRTUAL_HOST=locks.bertelsen.ca
- LETSENCRYPT_HOST=locks.bertelsen.ca
- lETSENCRYPT_EMAIL=brandon@bertelsen.ca
volumes:
- "./data/locks/:/usr/share/nginx/html"
networks:
proxy-tier:
external:
name: "nginx-proxy"nginx.tmpl
{{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }}
{{ define "upstream" }}
{{ if .Address }}
{{/* If we got the containers from swarm and this container's port is published to host, use host IP:PORT */}}
{{ if and .Container.Node.ID .Address.HostPort }}
# {{ .Container.Node.Name }}/{{ .Container.Name }}
server {{ .Container.Node.Address.IP }}:{{ .Address.HostPort }};
{{/* If there is no swarm node or the port is not published on host, use container's IP:PORT */}}
{{ else if .Network }}
# {{ .Container.Name }}
server {{ .Network.IP }}:{{ .Address.Port }};
{{ end }}
{{ else if .Network }}
# {{ .Container.Name }}
server {{ .Network.IP }} down;
{{ end }}
{{ end }}
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
{{ if (exists "/etc/nginx/proxy.conf") }}
include /etc/nginx/proxy.conf;
{{ else }}
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
{{ end }}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80 deferred;
listen [::]:80 deferred;
access_log /var/log/nginx/access.log vhost;
return 503;
}
{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl http2 deferred;
listen [::]:443 ssl http2 deferred;
access_log /var/log/nginx/access.log vhost;
return 503;
include /etc/nginx/boilerplate/enable/ssl.conf;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
{{ end }}
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
{{ $upstream_name := sha1 $host }}
# {{ $host }}
upstream {{ $upstream_name }} {
{{ range $container := $containers }}
{{ $addrLen := len $container.Addresses }}
{{ range $knownNetwork := $CurrentContainer.Networks }}
{{ range $containerNetwork := $container.Networks }}
{{ if eq $knownNetwork.Name $containerNetwork.Name }}
## Can be connect with "{{ $containerNetwork.Name }}" network
{{/* If only 1 port exposed, use that */}}
{{ if eq $addrLen 1 }}
{{ $address := index $container.Addresses 0 }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var, falling back to standard web port 80 */}}
{{ else }}
{{ $port := coalesce $container.Env.VIRTUAL_PORT "80" }}
{{ $address := where $container.Addresses "Port" $port | first }}
{{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }}
{{ end }}
{{ end }}
{{ end }}
{{ end }}
{{ end }}
}
{{ $default_host := or ($.Env.DEFAULT_HOST) "" }}
{{ $default_server := index (dict $host "" $default_host "default_server") $host }}
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost, falling back to "http" */}}
{{ $proto := or (first (groupByKeys $containers "Env.VIRTUAL_PROTO")) "http" }}
{{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
{{/* Get the first cert name defined by containers w/ the same vhost */}}
{{ $certName := (first (groupByKeys $containers "Env.CERT_NAME")) }}
{{/* Get the best matching cert by name for the vhost. */}}
{{ $vhostCert := (closest (dir "/etc/nginx/certs") (printf "%s.crt" $host))}}
{{/* vhostCert is actually a filename so remove any suffixes since they are added later */}}
{{ $vhostCert := trimSuffix ".crt" $vhostCert }}
{{ $vhostCert := trimSuffix ".key" $vhostCert }}
{{/* Use the cert specified on the container or fallback to the best vhost match */}}
{{ $cert := (coalesce $certName $vhostCert) }}
{{/* Automatically redirect www domains */}}
{{ $www := or (first (groupByKeys $containers "Env.WWW")) "false" }}
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ if $is_https }}
{{ if eq $https_method "redirect" }}
server {
server_name {{ $host }};
listen 80 {{ $default_server }};
listen [::]:80 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
return 301 https://$host$request_uri;
}
{{ end }}
server {
server_name {{ $host }};
listen 443 ssl http2 {{ $default_server }};
listen [::]:443 ssl http2 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
include /etc/nginx/boilerplate/enable/ssl.conf;
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
{{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $cert)) }}
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
{{ else if (exists ("/etc/nginx/certs/dhparam.pem")) }}
ssl_dhparam /etc/nginx/certs/dhparam.pem;
{{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
location / {
{{ if eq $proto "uwsgi" }}
include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ else }}
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ end }}
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
auth_basic "Restricted {{ $host }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
{{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location;
{{ end }}
}
}
{{ if (eq $www "no-www") }}
{{ if and (exists (printf "/etc/nginx/certs/www.%s.crt" $cert)) (exists (printf "/etc/nginx/certs/www.%s.key" $cert)) }}
server {
server_name www.{{ $host }};
listen 80 {{ $default_server }};
listen [::]:80 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
return 301 https://{{$host}}$request_uri;
}
server {
server_name www.{{ $host }};
listen 443 ssl http2 {{ $default_server }};
listen [::]:443 ssl http2 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
include /etc/nginx/boilerplate/enable/ssl.conf;
ssl_certificate /etc/nginx/certs/{{ (printf "www.%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "www.%s.key" $cert) }};
{{ if (exists (printf "/etc/nginx/certs/www.%s.dhparam.pem" $cert)) }}
ssl_dhparam {{ printf "/etc/nginx/certs/www.%s.dhparam.pem" $cert }};
{{ else if (exists ("/etc/nginx/certs/dhparam.pem")) }}
ssl_dhparam /etc/nginx/certs/dhparam.pem;
{{ end }}
return 301 https://{{$host}}$request_uri;
}
{{ end }}
{{ else if (eq $www "www") }}
{{ $nowwwhost := replace $host "www." "" -1 }}
{{ $nowwwcert := replace $cert "www." "" -1 }}
{{ if and (exists (printf "/etc/nginx/certs/%s.crt" $nowwwcert)) (exists (printf "/etc/nginx/certs/%s.key" $nowwwcert)) }}
server {
server_name {{ $nowwwhost }};
listen 80 {{ $default_server }};
listen [::]:80 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
return 301 https://{{$host}}$request_uri;
}
server {
server_name {{ $nowwwhost }};
listen 443 ssl http2 {{ $default_server }};
listen [::]:443 ssl http2 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
include /etc/nginx/boilerplate/enable/ssl.conf;
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $nowwwcert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $nowwwcert) }};
{{ if (exists (printf "/etc/nginx/certs/%s.dhparam.pem" $nowwwcert)) }}
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $nowwwcert }};
{{ else if (exists ("/etc/nginx/certs/dhparam.pem")) }}
ssl_dhparam /etc/nginx/certs/dhparam.pem;
{{ end }}
return 301 https://{{$host}}$request_uri;
}
{{ end }}
{{ end }}
{{ end }}
{{ if or (not $is_https) (eq $https_method "noredirect") }}
server {
server_name {{ $host }};
listen 80 {{ $default_server }};
listen [::]:80 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
location / {
{{ if eq $proto "uwsgi" }}
include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ else }}
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ end }}
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
auth_basic "Restricted {{ $host }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
{{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location;
{{ end }}
}
}
{{ if (eq $www "no-www") }}
server {
server_name www.{{ $host }};
listen 80 {{ $default_server }};
listen [::]:80 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
{{ if (exists (printf "/etc/nginx/vhost.d/www.%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/www.%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
location / {
{{ if eq $proto "uwsgi" }}
include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ else }}
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ end }}
{{ if (exists (printf "/etc/nginx/htpasswd/www.%s" $host)) }}
auth_basic "Restricted {{ $host }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/www.%s" $host) }};
{{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/www.%s_location" $host)) }}
include {{ printf "/etc/nginx/vhost.d/www.%s_location" $host}};
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location;
{{ end }}
}
}
{{ else if (eq $www "www") }}
{{ $nowwwhost := replace $host "www." "" -1 }}
server {
server_name {{ $nowwwhost }};
listen 80 {{ $default_server }};
listen [::]:80 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $nowwwhost)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $nowwwhost }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
location / {
{{ if eq $proto "uwsgi" }}
include uwsgi_params;
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ else }}
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
{{ end }}
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $nowwwhost)) }}
auth_basic "Restricted {{ $nowwwhost }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $nowwwhost) }};
{{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $nowwwhost)) }}
include {{ printf "/etc/nginx/vhost.d/%s_location" $nowwwhost}};
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
include /etc/nginx/vhost.d/default_location;
{{ end }}
}
}
{{ end }}
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server {
server_name {{ $host }};
listen 443 ssl http2 {{ $default_server }};
listen [::]:443 ssl http2 {{ $default_server }};
access_log /var/log/nginx/access.log vhost;
return 500;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
{{ if (exists ("/etc/nginx/certs/dhparam.pem")) }}
ssl_dhparam /etc/nginx/certs/dhparam.pem;
{{ end }}
}
{{ end }}
{{ end }}
{{ end }}default.conf
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80 deferred;
listen [::]:80 deferred;
access_log /var/log/nginx/access.log vhost;
return 503;
}
# locks.bertelsen.ca
upstream a74e4ef89c98ac39054b1bb933d964fd8dd4ed27 {
}
server {
server_name locks.bertelsen.ca;
listen 80 ;
listen [::]:80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://a74e4ef89c98ac39054b1bb933d964fd8dd4ed27;
}
}Looks like your nginx 'locks' instance is not on the nginx-proxy network:
The block:
locks:
depends_on:
- nginx
image: nginx
container_name: locks
restart: always
environment:
- VIRTUAL_HOST=locks.bertelsen.ca
- LETSENCRYPT_HOST=locks.bertelsen.ca
- lETSENCRYPT_EMAIL=brandon@bertelsen.ca
volumes:
- "./data/locks/:/usr/share/nginx/html"Should be
locks:
depends_on:
- nginx
image: nginx
container_name: locks
restart: always
environment:
- VIRTUAL_HOST=locks.bertelsen.ca
- LETSENCRYPT_HOST=locks.bertelsen.ca
- lETSENCRYPT_EMAIL=brandon@bertelsen.ca
volumes:
- "./data/locks/:/usr/share/nginx/html"
networks:
- proxy-tierNot being on the same network (proxy-tier), containers can't communicate.
Also, keep in mind that the image pixelfordinner/nginx has opinionated ssl settings and is not a vanilla nginx.
Hope this helps
1beb
commented
7 years ago Yeah, it seems to work with a simple website like that one. But I can't get wordpress to do anything.
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80 deferred;
listen [::]:80 deferred;
access_log /var/log/nginx/access.log vhost;
return 503;
}
# www.credo.ca
upstream 7beec8d4d01bfa0764fc50991c80c5b48c2df59b {
## Can be connect with "nginx-proxy" network
# wordpress
server 172.19.0.5:80;
}
server {
server_name www.credo.ca;
listen 80 ;
listen [::]:80 ;
access_log /var/log/nginx/access.log vhost;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://7beec8d4d01bfa0764fc50991c80c5b48c2df59b;
}
}
# credo.ca
upstream e7e16a2604eea3db5afe5f9814d2cc38d0a85be8 {
## Can be connect with "nginx-proxy" network
# wordpress
server 172.19.0.5:80;
}
server {
server_name credo.ca;
listen 80 ;
listen [::]:80 ;
access_log /var/log/nginx/access.log vhost;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://e7e16a2604eea3db5afe5f9814d2cc38d0a85be8;
}
}
...
wordpress:
image: wordpress
links:
- mysql
- nginx
container_name: wordpress
volumes:
- "./data/wordpress:/var/www/html/"
environment:
- WORDPRESS_DB_PASSWORDL=pass
- VIRTUAL_HOST=domain.ca
- LETSENCRYPT_EMAIL=my@email.ca
- LETSENCRYPT_HOST=domain.ca
networks:
- proxy-tier
mysql:
image: mysql:5.7
container_name: mysql
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=wordpress
volumes:
- "./data/mysql:/var/lib/mysql"
networks:
- proxy-tier
Bittang
commented
7 years ago go on please
In docker-compose/v2/simple-site/docker-compose.yml the option -only-exposed is causing the issue that dockergen will not find the proper variable to update the template.
Result : It will never forward tot he proper container (as no upstream server)
Error in the logs : [emerg] 1#1: no servers are inside upstream in /etc/nginx/conf.d/default.conf:50
Consequence : No server in Upstream.
Note : -only-exposed as been removed somehow from the doc on dockergen.