Inter-container communication in azure container instances

Question

I'm trying to create a container instance group in azure container instances. I have two docker images : a guincorn web application server listening on an exposed port 8000, and a nginx proxy server. I am able to deploy to azure container instances, but I get the following error in my proxy container.

> nginx: [emerg] host not found in upstream "web:8000" in /etc/nginx/conf.d/nginx.conf:7

It seems like I am not configuring the container network correctly. Can someone please hint how I should configure a inter-container network on azure container instances? I build the images on my local machine, then pushed them to docker hub, and then built the container group in an ACI YAML file

I am able to get this group working on my local machine with the following configuration files → ACI .yml configuration :

name: webapp-containers
apiVersion: '2018-10-01'
location: eastus
properties: # Properties of a container group
    containers: # Array of container instances in group

    - name: web # Instance name
      properties: # Instance properties
        image: johnvorsten/my_site_web:1.08
        environmentVariables: 
              [shortened...]
            - name: WEBAPP_INTERNAL_PORT
              value: '8000'
        resources:
            requests: 
                cpu: 1
                memoryInGb: 1
        ports: # Exposed on the container instance
            - protocol: tcp
              port: '8000'

    - name: webapp-proxy
      properties:
        image: johnvorsten/my_site_nginx:1.02
        resources:
            requests:
                cpu: 1
                memoryInGb: 0.5
        environmentVariables: 
            - name: PROXY_EXTERNAL_PORT
              value: '80' # Exposed on container
            - name: PROXY_EXTERNAL_PORT_HTTPS
              value: '443' # Exposed on container
            - name: WEBAPP_INTERNAL_PORT
              value: '8000'
            - name: WEBAPP_HOSTNAME_AZURE
              value: web

        ports: # Exposed on instance
            - protocol: tcp
              port: '80'
            - protocol: tcp
              port: '443'
        volumeMounts:
        - mountPath: /home/apps/web/static-serve
          name: static-serve

    imageRegistryCredentials:
    - server: index.docker.io
      username: username
      password: password

    osType: Linux
    ipAddress:
        type: Public
        dnsNameLabel: jv-webapp-group
        ports: # Exposed in container group (external)
            - protocol: tcp
              port: '80'
            - protocol: tcp
              port: '443'

    volumes: 
    - name: static-serve
      emptyDir: {}
tags: {}
type: Microsoft.ContainerInstance/containerGroups

My nginx configuration file :

upstream upstream_server {
    server web:8000;
}

server {
    listen 80;
    listen [::]:443 ssl;
    listen 443 ssl;

    server_name localhost; # Change when deploying to production

    ssl_protocols TLSv1.2;

    ssl_ciphers [...]
    ssl_prefer_server_ciphers  on;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  24h;

    keepalive_timeout 300; # up from 75 secs default

    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';

    ssl_certificate      /etc/nginx/ssl.crt;
    ssl_certificate_key  /etc/nginx/ssl.key;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location / {
        proxy_pass http://upstream_server;
        proxy_set_header Connection "";

        # See ip address of client (not proxy)
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header Host $host;

        # Not sure what this is useful for
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_redirect off;

        error_log  /var/log/nginx/proxy_pass_log.log;
    }

    location /static-serve/ {
        alias /home/app/web/static-serve/;
    }

} # End server

Answer 1

The answer provided by J.Vo is correct but for better understanding, A Container group is a collection of containers running on the same host and sharing the same resources and life cycle. The concept is more like the pod in Kubernetes and less like containers in docker-compose.

So if you want to request any app container running/exposed on 8000 port, you can make a URI as localhost:8000 instead of web:8000

Answer 2

From the MSDN :

Within a container group, container instances can reach each other via localhost on any port, even if those ports aren't exposed externally on the group's IP address or from the container