Open lonix1 opened 4 years ago
Okay after some tinkering, below is my solution.
My shaarli and nginx containers are on a shared network, that's why I can use the shaarli
address.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name foo.example.com; # populate this
include foo.conf; # populate this, if necessary
access_log /var/log/nginx/shaarli-access.log;
error_log /var/log/nginx/shaarli-error.log error;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
location / {
proxy_pass http://shaarli:80;
}
}
This should be added to the docs.
The nginx reverseproxy configuration should be fixed in https://github.com/shaarli/Shaarli/pull/1389 - https://shaarli.readthedocs.io/en/doc-rework-setup/Reverse-proxy/. @lonix1 Is something else missing?
Is there a "normal" / stand-alone shaarli image - just the app and php-fpm, nothing else?
The shaarli image is just that, Alpine + nginx + php-fpm https://github.com/shaarli/Shaarli/blob/master/Dockerfile
Hey @nodiscc / @ArthurHoaro, sorry for late response only upgraded today to latest version.
Is there a "normal" / stand-alone shaarli image - just the app and php-fpm, nothing else?
The shaarli image is just that, Alpine + nginx + php-fpm https://github.com/shaarli/Shaarli/blob/master/Dockerfile
No what I meant was - and still applicable - is there an image without nginx? It's unnecessary if one is already using a reverse proxy.
Usual setup:
user ---> nginx ---> php-fpm ---> app
Shaarli docker image:
user ---> nginx ---> nginx ---> php-fpm ---> app
Although nginx is fast, running one after the other is incredibly wasteful. It also creates config headaches (as I showed above).
A workaround is to create a custom Dockerfile
and remove all the nginx stuff. I'm working on that, I'll post something here if I get it to work.
A better solution is an image that doesn't bundle nginx. e.g. shaarli/shaarli:1.2.3
(normal) and shaarli/shaarli:1.2.3-nginx
(includes nginx).
Since this issue is still relevant, maybe someone could reopen?
I think I see what you're getting at.
@virtadpt That's a very detailed explanation of the issue... thanks and yes!
In my (and most) setups, different containers are used for different services. Example:
All of them are on the same network as nginx, which serves them all. Of course this is just one network design, but the most common.
Bundling nginx into the container (as done by shaarli) is really helpful to new docker users - so I don't think it's a bad thing. But there should also be a "normal" shaarli image that does not include nginx.
To make this work:
Dockerfile
without /.docker/services.d/nginx/
shaarli/shaarli:1.2.3
shaarli/shaarli:1.2.3-nginx
or shaarli/shaarli:1.2.3-bundle
.conf
file for nginx, as I posted above, it worksI hope someone reopens this, and considers it! Thanks!!
I agree with everything that has been said. Embedding nginx is usefull if you want the Docker image to work out of the box, but in a lot of cases it can be an unnecessary layer.
tag original image as shaarli/shaarli:1.2.3-nginx or shaarli/shaarli:1.2.3-bundle
I would rather tag the new image with something like shaarli/shaarli:1.2.3-fpm
to avoid breaking existing installations.
EDIT: moving back the milestone to 1.0.0 as it makes sense to me to have that possibility for that version. EDIT2: BTW if you want to work on it that would be appreciated :)
I already run dockerised nginx. I want to run dockerised shaarli, and proxy requests from nginx to shaarli.
All examples I've seen are for nginx running inside the shaarli container (which as an aside, is non-standard and was confusing to debug... that said I suppose it's convenient for beginners).
So:
fastcgi_pass
, whereas in the normal setup where the proxy is independent, we would useproxy_pass
.Any advice appreciated!