Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.6k views
in Technique[技术] by (71.8m points)

networking - Docker Network Nginx Resolver

I am trying to get rid of deprecated Docker links in my configuration. What's left is getting rid of those Bad Gateway nginx reverse proxy errors when I recreated a container.

Note: I am using Docker networks in bridge mode. (docker network create nettest)

I am using the following configuration snippet inside nginx:

location / {
      resolver 127.0.0.1 valid=30s;
      set $backend "http://confluence:8090";
      proxy_pass $backend;
  1. I started a container with hostname confluence on my Docker network with name nettest.
  2. Then I started the nginx container on network nettest.
  3. I can ping confluence from inside the nginx container
  4. confluence is listed inside the nginx container's /etc/hosts file
  5. nginx log says send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53
  6. I tried the docker network default dns resolver 127.0.0.11 from /etc/resol.conf
  7. nginx log says confluence could not be resolved (3: Host not found)

Anybody knows how to configure nginx resolver with Docker Networks or an alternative on how to force Nginx to correctly resolve the Docker network hostname?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

First off, you should be using the Docker embedded DNS server at 127.0.0.11.

Your problem could be caused by 1 of the following:

  1. nginx is trying to use IPv6 (AAAA record) for the DNS queries.

    See https://stackoverflow.com/a/35516395/1529493 for the solution.

    Basically something like:

    http {
        resolver 127.0.0.11 ipv6=off;
    }
    

    This is probably no longer a problem with Docker 1.11:

    Fix to not forward docker domain IPv6 queries to external servers (#21396)

  2. Take care that you don't accidentally override the resolver configuration directive. In my case I had in the server block resolver 8.8.8.8 8.8.4.4; from Mozilla's SSL Configuration Generator, which was overriding the resolver 127.0.0.11; in the http block. That had me scratching my head for a long time...


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...