CODEWITHSUNDEEP
amazon-web-servicesdockernginxamazon-ecsnginx-reverse-proxy
iqueqiorio
iqueqiorio

Reputation: 1187

Nginx not resolving DNS - AWS ECS

I have 2 services in AWS ECS in a VPC. We'll call them Service A and Service B. Service A has an nginx container and I am trying to proxy_pass to service B. I am using service connect for DNS between the services.

I have been looking at Nginx internal dns resolve issue but I am still have the issue. I have full exec access into the service A container as well for troubleshooting. Below is my config

I have a VPC with DNS enabled

enter image description here

Then I have my nginx.conf which is abbreviated:

http {

    server {
    listen 80;
    listen 443 ssl;

    resolver 169.254.169.253;
    # I have also tried using the CIDR of VPC + 2 in my case
    # 10.0.0.2
    #I have also set the variable as shown in the SO question above
    #But that cause other errors 

    location / {

        proxy_pass http://service-B:8080;

    }

}

When I run this all and make a request I see in the nginx logs that service-B gets resolved to 127.255.0.1. And it always gets resolved to this and then I get a timeout.

When I exec into Service A, I can telnet to service B and it connects. But when I curl I get an error of upstream request timeout

What is missing here?

Upvotes: 0

Views: 830

Answers (3)

ameershaik24
ameershaik24

Reputation: 31

When using Service Connect, communication between NGINX (Service A) and Service B can be achieved even without needing resolver.

In Service Connect configuration,

  • select the same Namespace (let's say 'DevCluster') &
  • run NGINX (Service A) in "Client side only" mode &
  • run Service B in "Client and server" mode

Then, use the below config in nginx

http {
    upstream backendServiceB {
        server service-B.devcluster:8080;   # <-- service connect endpoint
    }

    server {
        listen 80;
    
        location / {
            proxy_pass http://backendServiceB;
        }
    }
}

The service connect endpoints that are created for an ECS service are visible in the Configuration and networking tab -> Service Connect section of the service in the ECS management console.

In the minimal client - server service config (i.e. when custom Discovery or DNS names are not provided), service connect endpoint would be <<port_name_in_task_def>>.<<cluster_name>>:<<port>>.

Upvotes: 0

Sienna Dragon
Sienna Dragon

Reputation: 44

I deduce that the issue may be caused by misconfigured DNS settings. Verify whether the /etc/resolv.conf file records the DNS server addresses you need.

The content of /etc/resolv.conf appears like:

# Generated by NetworkManager
nameserver 192.168.8.1
nameserver fe80::801c:8ff:fe03:b3c0%enp6s0
nameserver 172.18.8.254
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 172.21.0.21
nameserver 172.21.201.22
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver fe80::e006:4bff:fe85:5a73%enxe2064b855a74

Each line in the file configures a DNS server address, and the system will request DNS record from top to bottom. If you need to modify this file, it is recommended to use the nmtui tool to configure the correct DNS server addresses for the network card.

Upvotes: -1

Skill Skot
Skill Skot

Reputation: 1

Check IP address 169.254.169.253 Then VPN DNS in check resolver in nginx.

proxy_set_header Host $host; (error_log /path/to/error.log error;') No firewall rules Port between service B and nginx

Upvotes: 0

Related Questions