Reputation: 5952
docker: networking without linking
I have the following setup running on one host:
- 1 container with nginx: this one serves as reverse proxy for some webservices
- x container offering webservices, having exposed a port to the host
- x "oldschool"/non dockerized webservices
when configuring nginx to proxy to "localhost:$EXPOSED_OR_NATIVE_PORT", this does not work, because nginx can't connect to this port. How do I have to configure the dockerized nginx in order to serve as proxy for container and standard services?
Linking nginx with the docker webserives might be one solution, although i don't like the idea to have all containers linked to the nginx. And this does not solve the problem, that this nginx should also serve as reverse for standard services on this host.
Any idea/recommendation?
Thanks
Upvotes: 1
Views: 285
Answers (3)
Reputation: 12190
If you want nginx inside a container to proxy for services on the host, you might just run that container with --net=host, so it is not placed inside a network namespace and accesses the host's network interfaces directly.
Upvotes: 1
Reputation: 5952
Answering myself after trying a lot of stuff. I hope this helps someone.
I had the following process:
As @Ben mentioned, using the bridge ip helped and everthing was fine.
But then i realized, that this setup does not work with UFW on ubuntu and every exposed port of every dockercontainer running was reachable from the internet.
The reason for that is, that docker is fiddling around with iptables and this conflicts with the UFW generated iptables rules. Quite dangerous in my eyes. In order to fix that problem, i started the dockerdaemon with DOCKER_OPTS="--iptables=false". That solved the problem of the worldwide reachable exposed dockerports. But now I can't access the docker container again from the ngix container. This is where @Bryan helped out: The container started with --net host has access to localhost and all exposed ports.
One last step was nessesary: adding this iptables rule was needed in order to have access to the www from within a docker container: iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE
LG Dakky
Upvotes: 1
Reputation: 351
If your nginx is dockerized and you want to reach an other container or host you should use the hosts ip and NOT localhost. The default is 172.17.42.1 as can be read here https://docs.docker.com/articles/networking/
So you should proxy to:
proxy_pass http://172.17.42.1:$EXPOSED_OR_NATIVE_PORT;
Upvotes: 0
Related Questions
- serving multiple docker microservices behind nginx proxy
- Nginx without Docker connecting to docker container (clojure)
- Use proxy inside a Docker container
- Using Docker Nginx Reverse Proxy for Docker containers applications
- Docker: Multiple container on port 80 without NGinx
- Docker networking reverse proxy without docker-compose
- Docker as a Proxy server for a web service
- Can you use nginx reverse proxy to docker containers without exposing any ports?
- Docker - nginx proxy - access hosts between containers
- Reverse proxying with dockerized nginx