Clever Geek Handbook

How to use DNS / Docker swarm service names in Nginx upstream

I have a service running across 4 swarm nodes (ServiceA) and an Nginx service running across 4 nodes on the same Swarm. The Nginx service exposes / publishes ports 80 and 443. All services are connected to the same custom overlay network, and most importantly, I can curl / ping the service name (ServiceA) from the containers to keep everything working so far.

My question is, how do I get the Nginx upstream to work with service names? I read a lot and tried to add this to nginx.conf resolver 127.0.0.11 ipv6=off;

, but it didn't help and the Nginx service won't start. Any ideas on how to get Nginx to look up Docker DNS names?

This is my nginx.conf

events { 
    worker_connections 4096; 
}

http {
    include /etc/nginx/conf/*.conf;
    include /etc/nginx/mime.types;
    proxy_intercept_errors off;
    proxy_send_timeout 120;
    proxy_read_timeout 300;

    upstream serviceA {
        ip_hash;
        server serviceA:8081;
    }

    server {
        listen 80 default_server;
        resolver 127.0.0.11 ipv6=off;
        keepalive_timeout  5 5;
        proxy_buffering    off;
        underscores_in_headers on;

        location ~ ^/serviceA(?<section>.*) {
            access_log /var/log/nginx/access.log nginx_proxy_upstream;
            proxy_pass http://serviceA/$section$is_args$query_string;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

    server {
        listen 443 ssl;
        resolver 127.0.0.11 ipv6=off;
        keepalive_timeout  5 5;
        proxy_buffering    off;
        underscores_in_headers on;

        # allow large uploads
        client_max_body_size 10G;

        ssl_certificate /etc/nginx/ssl/myKey.crt;
        ssl_certificate_key /etc/nginx/ssl/myKey.key;

        location ~ ^/serviceA(?<section>.*) {
            access_log /var/log/nginx/access.log nginx_proxy_upstream;
            proxy_pass http://serviceA/$section$is_args$query_string;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    }
}
+3


source to share


1 answer


Removal resolver

should work if upstream containers (generated DNS records) are already deployed. However, this means that you cannot start nginx unless the upstream containers are already running.

For a dynamic approach with, resolver

you need to make the docker host DNS access from the container ( not through 127.0.0.11

... which is the container itself ) UPDATE: on custom networks, addresses 127.0.0.0/8 can be requested) .

https://docs.docker.com/engine/userguide/networking/configure-dns/ :

Note. If you need access to the host's localhost server, you must change your DNS service on the host to listen on a non-localhost address accessible from the container.



UPDATE: I was able to do this on a custom overlay network in a docker role like this:

  location / {
    resolver 127.0.0.11 ipv6=off;
    set $upstream_addr <swarm_stack_name>:<port>;
    proxy_pass https://$upstream_addr;
    ...
  }

I was unable to get it to work with the upstream {}

nginx directive ... it doesn't seem to handle dynamic permissions, or I was missing something.

+1


source






More articles:


All Articles