Of Stack

The Method of Using Nginx to Proxy Multiple Application Sites in Docker

  • 2021-07-18 09:28:53
  • OfStack

Preface

What is the role of an agent?
-Multiple domain names resolved to the same server

-It is convenient for one server and multiple applications to open only one port

-Access the application without annoying ports, and access the domain name directly

-Application isolation

-Reduced coupling

- ...

Generally speaking, it is convenient to maintain, and when maintaining one application, it does not affect other applications.

How to proxy (how to communicate between containers)?

You can use the proxy function of nginx directly (see the related capabilities separately), and the trouble here is the communication between docker containers.

There are four main ways to communicate between Docker containers:

-Access through container IP: IP changes after the container is restarted.

-Access through the host ip: port: If the host IP changes, each application must be changed once, and the port must be bound, which is troublesome.

-Link through link: too tightly interdependent for maintenance.

-Custom network: Containers in the same bridged network can access each other.

Obviously, we will choose the way of customizing network to link related applications to the same network, so that there is no dependence between applications, agents and agents, which is not only convenient for maintenance, but also convenient for migration. Configuration is not troublesome, just replace the regular IP or domain name with the corresponding container name.

1. Unified 1 Network

Then, you first need to create a shared bridging network: 


docker network create proxy-network

#  View 
docker network ls

2. Proxy service container

Create a proxy-specific nginx service container named proxy-nginx, built here using docker-compose, whose directory structure ends up as follows: 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem

Some files are generated in the subsequent running process. When configuring, you only need to create the necessary files and directories.

docker-compose.yml 


version: "3"

networks:
 default:
  external:
   name: proxy-network

services:
 nginx:
  build:
   context: ./nginx
  volumes:
   - ./logs:/var/log/nginx
   - ./sites:/etc/nginx/sites-available
   - ./ssl:/etc/nginx/ssl
  ports:
   - "80:80"
   - "443:443"

Bind the external ports of 80,443 to the proxy server, and all applications can come in from here.

Dockerfile 


FROM nginx:alpine

LABEL maintainer="chuoke"

COPY nginx.conf /etc/nginx/

RUN apk update
  && apk upgrade
  && apk add --no-cache openssl
  && apk add --no-cache bash

RUN set -x ;
  addgroup -g 82 -S www-data ;
  adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1

ADD ./startup.sh /opt/startup.sh

RUN sed -i 's/.//g' /opt/startup.sh

CMD ["/bin/bash", "/opt/startup.sh"]

EXPOSE 80 443

The running user group and user www-data will be created here for easy configuration and control. This name will be used in the configuration of nginx.

nginx.conf 


user www-data;
worker_processes 4;
pid /run/nginx.pid;
daemon off;

events {
 worker_connections 2048;
 multi_accept on;
 use epoll;
}

http {
 server_tokens off;
 sendfile on;
 tcp_nopush on;
 tcp_nodelay on;
 keepalive_timeout 15;
 types_hash_max_size 2048;
 client_max_body_size 20M;
 include /etc/nginx/mime.types;
 default_type application/octet-stream;
 access_log /dev/stdout;
 error_log /dev/stderr;

 gzip on;
 gzip_disable "msie6";

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

 include /etc/nginx/conf.d/*.conf;
 include /etc/nginx/sites-available/*.conf;

 open_file_cache off; # Disabled for issue 619
 charset UTF-8;
}

This copy of the content of nginx default line, need to change is to run the user name, note that the user name and the previous settings to maintain 1.

startup.sh 


#!/bin/bash

# Start crond in background
crond -l 2 -b

# Start nginx in foreground
nginx

This is used to start the nginx program, the content is relatively small, mainly for the future expansion of content convenience.

Start the agent service container 


docker-compose up -d nginx

Check whether the startup is normal docker-compose ps. If not, check whether there are errors in the configuration.

That's it. Let's put it first and create the application.

Step 3 Add an application

Add a site https://baipiaoquan.com/.

Configure Application Container

Also use docker-compose to create applications.

This is an php project, so this application needs at least two service containers, nginx and php-fpm. The project directory structure is as follows: 


baipiaoquan/
 --  docker-compose.yml
 --  log
 The    Off-  nginx
 The      Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  log
 The    --  nginx.conf
 The    --  sites
 The    The    Off-  baipiaoquan.com.conf
 The    --  ssl
 The    The    --  baipiaoquan.com.key
 The    The    --  baipiaoquan.com.pem
 The    Off-  startup.sh
 Off-  php-fpm
   --  Dockerfile
   Off-  php.ini

docker-compose.yml 


version: '3'

networks:
 proxy:
  external:
    name: ${PROXY_NETWORK_NAME}
 backend:
  driver: ${NETWORKS_DRIVER}

services:
 php-fpm:
   build:
    context: ./php-fpm
   volumes:
    - ./php-fpm/php.ini:/usr/local/etc/php/php.ini
    - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
   networks:
    - backend

 nginx:
   build:
    context: ./nginx
    args:
     - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER}
     - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT}
   volumes:
    - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
    - ./log:/var/log/nginx
    - ./sites:/etc/nginx/sites-available
    - ./ssl:/etc/nginx/ssl
   container_name: ${COMPOSE_PROJECT_NAME}_nginx
   depends_on:
    - php-fpm
   networks:
    - proxy
    - backend

For the convenience of adjustment, environment variables are used here.

Note the container name container_name for nginx: ${COMPOSE_PROJECT_NAME} _nginx, which is critical and will be used in subsequent agents.

.env 


#  Location of code in host machine 
APP_CODE_PATH_HOST=../

#  Location of code in container 
APP_CODE_PATH_CONTAINER=/var/www

#  This is copied  laradock
APP_CODE_CONTAINER_FLAG=:cached

#  Select the storage path on the machine. Applicable to all storage systems 
DATA_PATH_HOST=~/.baipiaoquan/data

### Drivers ################################################

# All volumes driver 
VOLUMES_DRIVER=local 

#  Network driver  
NETWORKS_DRIVER=bridge 

#  The proxy network name, which is created earlier  
PROXY_NETWORK_NAME=proxy-network

### Docker compose files ##################################
# 
COMPOSE_FILE=docker-compose.yml

# Change the separator from : to ; on Windows
COMPOSE_PATH_SEPARATOR=:

#  Project name 
COMPOSE_PROJECT_NAME=baipiaoquan

The proxy network name used is: proxy-network, which was created earlier;
The container name for nginx will be: baipiaoquan_nginx.

Dockerfile of nginx

This file can take the previous one directly, and then add something related to php. 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem
0

Dockerfile for php-fpm 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem
1

Don't forget the php. ini file. You can also use its default, so delete this related configuration.

Configuration of service baipiaoquan. com. conf 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem
2

I have it all here. In fact, it can be streamlined. I only need to configure what I need.

Start the application

At this point, you can start the service of baipiaoquan. com and run it in the directory of baipiaoquan: 


docker-compose up -d nginx

If there is no accident, the application should be started and can receive services. You can also test, enter the container under localhost to see if the results are desired. Here's how I tested it: 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem
4

Then look at the size of the returned data and judge whether it is successful according to the situation.
You can see if the application successfully connected to proxy-network by using the following command: 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem
5

The next step is to make this application accessible to people all over the world.

Add Agent Configuration to nginx-proxy

Note: Start the application first, and then start the agent, otherwise nginx can not find upstream error.

Storage location: proxy-nginx/sites/baipiaoquan. com. conf, just copy the above configuration and change it to several places. The final configuration is as follows: 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem
6

Reload the proxy server configuration and run it in the nginx-proxy directory: 


proxy-nginx
 --  docker-compose.yml
 --  logs #  Journal 
 The    Off-  error.log
 --  nginx
 The    --  Dockerfile
 The    --  nginx.conf
 The    Off-  startup.sh
 --  sites #  Configured by the proxy site 
 The    --  baipiaoquan.com.conf
 The    Off-  chaohuahui.com.conf
 Off-  ssl #  Certificate file 
   Off-  baipiaoquan.com.pem
7

Hold on for a moment, and if the cut goes well, people all over the world should be able to access this website https://baipiaoquan.com/ by now.

If you need to add other applications, it is a kind of logic and process copy. For example, I added another application: https://chaohuahui.com/, so that their IP is one kind under ping 1.

Related articles: