Question

Is Dockerfile Config Independent of nginx Server Blocks?

Posted February 9, 2021 1.2k views
NginxDockerCI/CDCustom ImagesUbuntu 20.04WebAssembly

I’m working on setting up my development/deployment pipeline for my ubuntu Droplet. I used the one-click Docker Droplet and have followed the guides Install nginx, Initial Server Setup, and Secure nginx.

Where I get lost is how the Docker container and nginx/nginx server block are tied together. I have my image on Docker Hub, building on changes to my GitHub repo. That works great. I can pull the images onto my server, and run them, but I don’t know how to access them or set them up with a server block.

For example, this guide says I should be able to run a container, map it to port 8080, and access it via http://my-ip:8080 but that doesn’t work for me. Thinking 8080 probably isn’t exposed by default, I allowed it in ufw, restarted ufw, and tried again, but no luck. Trying this, and trying to figure out why it doesn’t work, and if it even should, has left me more confused.

Any input that could help clear up this last piece of the puzzle appreciated.

Thanks!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hi there,

Can you share the command that you use to start your containers here?

Port 8080 is just an example for the guide, if you bind your containers on different ports, then you would need to use that specific port in your reverse proxy config.

Feel free to share the output of the docker ps command here.

Regards,
Bobby

  • Hi Bobby, thanks for your reply.

    I have used

    docker run -dit --name container-1 -p 8080:80 httpd:2.4
    

    docker ps currently shows

    CONTAINER ID   IMAGE       COMMAND              CREATED        STATUS        PORTS                  NAMES
    5ba1f6d99380   httpd:2.4   "httpd-foreground"   17 hours ago   Up 17 hours   0.0.0.0:8080->80/tcp   container-1
    

    If I run curl my-ip:8080 I see:
    <html><body><h1>It works!</h1></body></html>

    However, when I try to access my-ip:8080 in a browser, it doesn’t load.

    • Hi there @TurboLaser,

      Yes indeed this looks like your firewall might be blocking the connections. Do you get the same result after opening port 8080?

      sudo ufw allow 8080
      

      Also, do you have any other firewalls enabled besides ufw?

      Regards,
      Bobby

      • Yes, same result after allowing 8080 through ufw (and restarting ufw).

        I don’t believe I have any other firewalls enabled.

        • Hi there,

          What I could suggest is checking if the container is actually listening on that port with the following command:

          netstat -plant | grep 8080
          

          Also, can you share your Nginx server block here? If you have Nginx configured as a reverse proxy, you should be able to access the container on port 80 directly.

          Regards,
          Bobby

          • Hi @bobbyiliev - I meant to reply to you but added an answer instead.

            My server is up and running, and I seem to have no issues with the proxy_pass setup.

            I would still be curious about when 8080 would be publicly accessible, and when it wouldn’t, as in my tests allowing it through ufw didn’t seem to make a difference. Just to further my understanding :)

          • Hi there @TurboLaser,

            Yep, as the container is binding on 0.0.0.0:8080 this means that by visiting your_ip:8080 you should be able to access it publicly.

            If this is not the case, then it is mostlikely due to a firewall on the server or if you have a managed firewall from DigitalOcean. Another thing that could be preventing you from accessing the service directly on port 8080 is a local firewall on your home/office network.

            Hope that this helps!
            Regards,
            Bobby

Yes, I can access containers on port 80 directly, however I was confused that I couldn’t access them over 8080 as it might have indicated a problem with my server setup. One of the per-requisites in your guide is setting up nginx with ufw.

netstat -plant | grep 8080

returns

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      81965/docker-proxy

My server block:

server {

        root /var/www/myurl.com/html;
        #replaced folder with {server-block}
        index index.html index.htm index.nginx-debian.html;

        server_name myurl.com www.myurl.com;

        location / {
               # try_files $uri $uri/ =404;
                proxy_pass  http://localhost:8080;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/myurl.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/myurl.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}
server {
    if ($host = www.myurl.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = myurl.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name myurl.com www.myurl.com;


    return 404; # managed by Certbot




}
edited by MattIPv4