CODEWITHSUNDEEP
dockergonginxdocker-compose
Bowa
Bowa

Reputation: 23

Docker-compose, getting go api and nginx to communicate. Port trouble

I have a nginx webserver running and a golang api as backend.

At the moment I have the web-application running at braurl.se.

You can fetch data at http://braurl.se:8080/

You can view the front-end at https://braurl.se

I am having trouble fetching data from my backend and it seems that I've messed up my port configuration

I would like to not expose the 8080 port and rather be able to fetch the data with braurl.se/api/

I believe what I am doing wrong is the port and proxypass within any of the files shown below

This is my files, can anyone point me where and what I'm doing wrong:

Nginx config file:

server {
    listen      80;
    listen [::]:80;
    server_name braurl.se www.braurl.se;

    location / {
        # This redirs to either www.braurl.se or braurl.se but with https.
        rewrite ^ https://$host$request_uri? permanent;
    }

    #for certbot challenges (renewal process)
    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }


    location /api/ {

        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_pass http://goservice:8080;
        fastcgi_buffers 16 16k; 
        fastcgi_buffer_size 32k;

    }

}



#https://braurl.se
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name braurl.se;

    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/braurl.se/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/braurl.se/privkey.pem;

    ssl_buffer_size 8k;

    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    root /usr/share/nginx/html;
    index index.html;

    # Always try index files, this is for React.
    location / {
        try_files $uri /index.html;
    }

    location /api/ {

        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_pass http://goservice:8080;
        fastcgi_buffers 16 16k; 
        fastcgi_buffer_size 32k;

    }


}

Docker-compose file

version: '3.1'

services:
  goservice:
    build: "."
    image: golang
    container_name: goservice
    expose:
      - "80"
    ports:
      - "8080:8080"   
  production-nginx-container:
    container_name: 'production-nginx-container'    
    image: nginx:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./production.conf:/etc/nginx/conf.d/default.conf
      - ./production-site:/usr/share/nginx/html
      - ./dh-param/dhparam-2048.pem:/etc/ssl/certs/dhparam-2048.pem
      - /docker-volumes/etc/letsencrypt/live/braurl.se/fullchain.pem:/etc/letsencrypt/live/braurl.se/fullchain.pem
      - /docker-volumes/etc/letsencrypt/live/braurl.se/privkey.pem:/etc/letsencrypt/live/braurl.se/privkey.pem
    depends_on:
      - "goservice"

Dockerfile (golang):

FROM golang:1.12.7-alpine3.10 AS build
# Support CGO and SSL
RUN apk --no-cache add gcc g++ make
RUN apk add git
WORKDIR /go/src/app
COPY . .
RUN go get github.com/gorilla/mux
RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/test ./main.go

FROM alpine:3.10
RUN apk --no-cache add ca-certificates
WORKDIR /usr/bin
COPY --from=build /go/src/app/bin /go/bin
EXPOSE 8080
ENTRYPOINT /go/bin/test --port 8080

Upvotes: 1

Views: 634

Answers (1)

J-Jacques M
J-Jacques M

Reputation: 1118

NGinx aply priority on path, mean that if the path from the top get a match, it won't check followings path. location / should always been at the end.

Container should share a network to be able to se each others, without having to expose or share port with host.

NGinx config:

server {
    listen      80;
    listen [::]:80;
    server_name braurl.se www.braurl.se;

    #for certbot challenges (renewal process)
    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }

    location / {      # Always at this end (everything else)
        # This redirs to either www.braurl.se or braurl.se but with https.
        rewrite ^ https://$host$request_uri? permanent;
    }
}

-----------------------

#https://braurl.se
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name braurl.se www.braurl.se;

    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/braurl.se/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/braurl.se/privkey.pem;

    ssl_buffer_size 8k;

    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    root /usr/share/nginx/html;
    index index.html;

    location /api/ {    # this First, NGinx use priority, if path match, it won't check the next path
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_pass http://goservice:8080;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
    }

    # Always try index files, this is for React.
    location / {      # Always at this end (everything else)
        try_files $uri /index.html;
    }
}

docker-compose.yml

version: '3.1'

services:
  goservice:
    build: "."
    image: golang
    container_name: goservice
    expose:
      - "8080" # <-- change port number, Dockerfile EXPOSE 8080
    networks:       # <-- Add this
      - random_name # <-- Add this
    # ports:          # <-- To Remove
    #   - "8080:8080" # <-- To Remove

  production-nginx-container:
    container_name: 'production-nginx-container'
    image: nginx:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./production.conf:/etc/nginx/conf.d/default.conf
      - ./production-site:/usr/share/nginx/html
      - ./dh-param/dhparam-2048.pem:/etc/ssl/certs/dhparam-2048.pem
      - /docker-volumes/etc/letsencrypt/live/braurl.se/fullchain.pem:/etc/letsencrypt/live/braurl.se/fullchain.pem
      - /docker-volumes/etc/letsencrypt/live/braurl.se/privkey.pem:/etc/letsencrypt/live/braurl.se/privkey.pem
    depends_on:
      - "goservice"
    networks:       # <-- Add this
      - random_name # <-- Add this

networks:
  - random_name:

Now you can acces the frontend using https://braurl.se and the API using https://braurl.se/api/

Upvotes: 2

Related Questions