How to use Nginx to proxy multiple application sites in Docker

How to use Nginx to proxy multiple application sites in Docker

Preface

What is the role of an agent?
- Multiple domain names are resolved to the same server

- Convenient for one server to open only one port for multiple applications

- Access applications without annoying ports, directly access by domain name

- Application Isolation

- Reduce coupling

- ...

In general, it is easy to maintain, and when maintaining one application, it does not affect other applications.

How to proxy (how do containers communicate with each other)?

You can directly use the proxy function of nginx (see related capabilities separately). The trouble here is the communication between docker containers.

There are four main ways for Docker containers to communicate:

- Access through container IP: After the container is restarted, the IP will change.

- Access through the host machine's ip:port method: If the host machine's IP changes, each application must be changed and the port must be bound, which is troublesome.

- Establish links through link: Too much interdependence is not conducive to maintenance.

- Custom network: Containers in the same bridge network can access each other.

Obviously, the custom network method will be chosen to link related applications to the same network. In this way, there is no dependency between applications and agents and agents, which is not only convenient for maintenance but also for migration. Configuration is not difficult either, you just need to replace the regular IP or domain name with the corresponding container name.

1. Unified Network

So, first you need to create a shared bridge network:

docker network create proxy-network

# View docker network ls

2. Proxy Service Container

Create an nginx service container specifically for proxy, named proxy-nginx, which is built using docker-compose. The final directory structure is as follows:

proxy-nginx
├── docker-compose.yml
├── logs # Logs│ └── error.log
├── nginx
│ ├── Dockerfile
│ ├── nginx.conf
│ └── startup.sh
├── sites #Configuration of the proxied site│ ├── baipiaoquan.com.conf
│ └── chaohuahui.com.conf
└── ssl # certificate file└── baipiaoquan.com.pem

Some files are generated in the subsequent running process. When configuring, you only need to create the necessary files and directories.

docker-compose.yml

version: "3"

networks:
 default:
  external:
   name: proxy-network

services:
 nginx:
  build:
   context: ./nginx
  volumes:
   - ./logs:/var/log/nginx
   - ./sites:/etc/nginx/sites-available
   - ./ssl:/etc/nginx/ssl
  ports:
   - "80:80"
   - "443:443"

Bind the external ports 80 and 443 to the proxy server, and all applications can come in from here.

Dockerfile

FROM nginx:alpine

LABEL maintainer="chuoke"

COPY nginx.conf /etc/nginx/

RUN apk update
  && apk upgrade
  && apk add --no-cache openssl
  && apk add --no-cache bash

RUN set -x ;
  addgroup -g 82 -S www-data ;
  adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1

ADD ./startup.sh /opt/startup.sh

RUN sed -i 's/.//g' /opt/startup.sh

CMD ["/bin/bash", "/opt/startup.sh"]

EXPOSE 80 443

Here we will create a running user group and user www-data for easy configuration and control. This name will be used in the nginx configuration.

nginx.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;
daemon off;

events {
 worker_connections 2048;
 multi_accept on;
 use epoll;
}

http {
 server_tokens off;
 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 15;
 types_hash_max_size 2048;
 client_max_body_size 20M;
 include /etc/nginx/mime.types;
 default_type application/octet-stream;
 access_log /dev/stdout;
 error_log /dev/stderr;

 gzip on;
 gzip_disable "msie6";

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

 include /etc/nginx/conf.d/*.conf;
 include /etc/nginx/sites-available/*.conf;

 open_file_cache off; # Disabled for issue 619
 charset UTF-8;
}

Just copy the default content of nginx. What needs to be changed is the running username. Note that the username must be consistent with the previous setting.

startup.sh

#!/bin/bash

# Start crond in background
crond -l 2 -b

# Start nginx in foreground
nginx

This is used to start the nginx program. The content is currently relatively small, mainly for the convenience of future expansion.

Start the proxy service container

docker-compose up -d nginx

Check whether the startup is normal with docker-compose ps. If not, check whether there are any errors in the configuration.

That’s it, leave it alone for now and create an application.

3. Add Application

Add a site https://baipiaoquan.com/.

Configuring the application container

Also use docker-compose to create the application.

This is a PHP project, so this application requires at least two service containers, nginx and php-fpm. The project directory structure is as follows:

baipiaoquan/
├── docker-compose.yml
├── log
│ └── nginx
│ └── error.log
├── nginx
│ ├── Dockerfile
│ ├── log
│ ├── nginx.conf
│ ├── sites
│ │ └── baipiaoquan.com.conf
│ ├── ssl
│ │ ├── baipiaoquan.com.key
│ │ ├── baipiaoquan.com.pem
│ └── startup.sh
└── php-fpm
  ├── Dockerfile
  └── php.ini

docker-compose.yml

version: '3'

networks:
 proxy:
  external:
    name: ${PROXY_NETWORK_NAME}
 backend:
  driver: ${NETWORKS_DRIVER}

services:
 php-fpm:
   build:
    context: ./php-fpm
   volumes:
    - ./php-fpm/php.ini:/usr/local/etc/php/php.ini
    - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
   networks:
    - backend

 nginx:
   build:
    context: ./nginx
    args:
     - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER}
     - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT}
   volumes:
    - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
    - ./log:/var/log/nginx
    - ./sites:/etc/nginx/sites-available
    - ./ssl:/etc/nginx/ssl
   container_name: ${COMPOSE_PROJECT_NAME}_nginx
   depends_on:
    -php-fpm
   networks:
    - proxy
    - backend

To facilitate adjustment, environment variables are used here.

Note the nginx container name container_name: ${COMPOSE_PROJECT_NAME}_nginx. This value is critical and will be used in subsequent proxies.

.env

# Location of code in the host APP_CODE_PATH_HOST=../

# Location of code in container APP_CODE_PATH_CONTAINER=/var/www

# This is copied from laradock
APP_CODE_CONTAINER_FLAG=:cached

# Select the storage path on the machine. Applicable to all storage systems DATA_PATH_HOST=~/.baipiaoquan/data

### Drivers ################################################

# All volumes driver 
VOLUMES_DRIVER=local 

# Network driver NETWORKS_DRIVER=bridge 

#Proxy network name, this is the PROXY_NETWORK_NAME=proxy-network created earlier

### Docker compose files ##################################
# 
COMPOSE_FILE=docker-compose.yml

# Change the separator from : to ; on Windows
COMPOSE_PATH_SEPARATOR=:

# Project name COMPOSE_PROJECT_NAME=baipiaoquan

The proxy network name used is: proxy-network, which was created earlier;
The container name of nginx will be: baipiaoquan_nginx.

Dockerfile for nginx

This file can be directly taken from the previous one, and then add the relevant information about PHP.

FROM nginx:alpine

COPY nginx.conf /etc/nginx/

RUN apk update
  && apk upgrade
  && apk --update add logrotate
  && apk add --no-cache openssl
  && apk add --no-cache bash

RUN set -x ;
  addgroup -g 82 -S www-data ;
  adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1

ARG PHP_UPSTREAM_CONTAINER=php-fpm
ARG PHP_UPSTREAM_PORT=9000

# Set upstream conf and remove the default conf
RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf
  && rm /etc/nginx/conf.d/default.conf

ADD ./startup.sh /opt/startup.sh
RUN sed -i 's/.//g' /opt/startup.sh

CMD ["/bin/bash", "/opt/startup.sh"]

EXPOSE 80 443

Dockerfile for php-fpm

FROM php:7.3-fpm

ARG PUID=1000

ENV PUID ${PUID}

ARG PGID=1000

ENV PGID ${PGID}

RUN groupmod -o -g ${PGID} www-data &&
  usermod -o -u ${PUID} -g www-data www-data

EXPOSE 9000

WORKDIR /var/www

CMD ["php-fpm"]

Don't forget the php.ini file, you can also use its default one, then you need to delete the related configuration.

Configuration of service baipiaoquan.com.conf

server {

  listen 80 default_server;

  # For https
  listen 443 ssl default_server;
  ssl_certificate /etc/nginx/ssl/3243258_baipiaoquan.com.pem;
  ssl_certificate_key /etc/nginx/ssl/3243258_baipiaoquan.com.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
  ssl_prefer_server_ciphers on;

  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";

  # localhost must be server_name localhost baipiaoquan.com www.baipiaoquan.com;
  root /var/www/; # This is consistent with the previous configuration index index.php index.html index.htm;

  location / {
     try_files $uri $uri/ /index.php$is_args$args;
  }

  location ~ .php$ {
    try_files $uri /index.php =404;
    fastcgi_pass php-upstream; # This is the fastcgi_index index.php configured in nginx Dockerfile;
    fastcgi_buffers 16 16k;
    fastcgi_buffer_size 32k;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    #fixes timeouts
    fastcgi_read_timeout 600;
    include fastcgi_params;
  }

  location ~ /.ht {
    deny all;
  }

  location /.well-known/acme-challenge/ {
    root /var/www/letsencrypt/;
    log_not_found off;
  }
}

I have configured everything here, but it can be simplified and you only need to configure what you need.

Start the application

At this point, you can start the baipiaoquan.com service. Run in the baipiaoquan directory:

docker-compose up -d nginx

If everything goes well, the app should start and be able to receive services. You can also test it by entering the container and accessing localhost to see if the result is what you want. I tested it like this:

docker-compose exec nginx wget localhost

Then look at the size of the returned data and determine whether it is successful based on the situation.
You can use the following command to check whether the application is successfully connected to the proxy-network:

docker network inspect proxy-network

The next step is to make this application accessible to people all over the world.

Add proxy configuration to nginx-proxy

Note: Start the application first, then start the proxy, otherwise nginx will report an error that it cannot find the upstream.

Storage location: proxy-nginx/sites/baipiaoquan.com.conf. Just copy the above configuration and change a few places. The final configuration is as follows:

# My configuration only supports https. If there is no requirement, this does not require a server {
  listen 80;
  server_name baipiaoquan.com www.baipiaoquan.com;
  return 301 https://$host$request_uri; 
}

server {

  # If it is http, configure this # listen 80 default_server;

  # If it is https, configure this listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/3243258_baipiaoquan.com.pem;
  ssl_certificate_key /etc/nginx/ssl/3243258_baipiaoquan.com.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_prefer_server_ciphers on;

  server_name baipiaoquan.com www.baipiaoquan.com;

  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_pass http://baipiaoquan_nginx/; # This value is the container name of the application nginx}
}

Reload the proxy server configuration and run in the nginx-proxy directory:

# Test the configuration file first. This step must be executed successfully. docker-compose exec nginx nginx -t

# If the prompt is successful, reload, otherwise check and modify the configuration file as prompted docker-compose exec nginx nginx -s reload

Wait a moment, if everything goes well, people all over the world should now be able to access this website https://baipiaoquan.com/.

If you need to add other applications, the logic and process are the same. For example, I added another application: https://chaohuahui.com/, and I can ping them and they have the same IP.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:
  • Analysis of the process of simply deploying nginx in Docker container
  • Detailed explanation of docker nginx container startup and mounting to local
  • Methods and steps to build nginx file server based on docker
  • How to build Nginx image server with Docker
  • Implementation of Docker deployment of Django+Mysql+Redis+Gunicorn+Nginx
  • Example of how to implement master-slave hot standby using Docker+keepalived+nginx
  • How to deploy nginx with Docker and modify the configuration file
  • How to use Docker Compose to implement nginx load balancing
  • How to build php+nginx+swoole+mysql+redis environment with docker
  • Use dockercompose to build springboot-mysql-nginx application
  • Teach you how to deploy Vue project with Docker
  • vue-cli3 project from construction optimization to docker deployment method
  • How to deploy Vue project using Docker image + nginx

<<:  A brief understanding of the three uses of standard SQL update statements

>>:  Using JavaScript difference to implement a comparison tool

Recommend

Pure CSS to achieve the list pull-down effect in the page

You may often see the following effect: That’s ri...

Alibaba Cloud applies for a free SSL certificate (https) from Cloud Shield

Because the project needs to use https service, I...

Implementation of Docker private warehouse registry deployment

As more and more Docker images are used, there ne...

One-click installation of MySQL 5.7 and password policy modification method

1. One-click installation of Mysql script [root@u...

VMware Workstation Pro installs Win10 pure version operating system

This article describes the steps to install the p...

Introduction and architecture of Apache Arrow, a high-performance data format library package on JVM (Gkatziouras)

Apache Arrow is a popular format used by various ...

jQuery plugin to implement minesweeper game (3)

This article shares the third article on how to u...

How to choose between MySQL CHAR and VARCHAR

Table of contents VARCHAR and CHAR Types Conclusi...

Docker container connection implementation steps analysis

Generally speaking, after the container is starte...

How to handle long data when displaying it in html

When displaying long data in HTML, you can cut off...

Use of CSS3's focus-within selector

Pseudo-elements and pseudo-classes Speaking of th...

Detailed explanation of permission management commands in Linux (chmod/chown/chgrp/unmask)

Table of contents chmod Example Special attention...

Detailed explanation of Docker usage under CentOS8

1. Installation of Docker under CentOS8 curl http...

Summary of discussion on nginx cookie validity period

Every visit will generate Cookie in the browser, ...

A brief analysis of the issues that should be paid attention to when making 404 error pages

When optimizing a website, we must learn to use e...