Docker网络Nginx Resolver [英] Docker Network Nginx Resolver
问题描述
Bad Gateway nginx反向代理错误。 注意:在桥接模式下使用Docker网络。 ( docker network create nettest )
我在nginx内使用以下配置代码片段:
location / {
resolver 127.0.0.1 valid = 30s;
set $ backendhttp:// confluence:8090;
proxy_pass $ backend;
- 我启动了一个主机名为
confluence在我的Docker网络上,名称为nettest。 - 然后我在网络上启动了nginx容器
nettest。 - 我可以ping code> confluence 从nginx容器的内部
-
confluence列在nginx容器的/ etc / hosts文件 - nginx日志说'send()failed(111:Connection refused)while resolving,resolver:127.0.0.1: 53``
- 我尝试从
/ etc / resol中的docker网络默认dns解析器127.0.0.11conf - nginx日志说
汇合无法解决(3:主机未找到)
任何人都知道如何使用Docker Networks配置nginx解析器,还是如何强制Nginx正确解析Docker网络主机名?
首先,您应该使用Docker嵌入式DNS服务器,位于 127.0.0.11 。
您的问题可能是由以下1个原因引起的:
-
nginx正在尝试使用IPv6(AAAA记录)进行DNS查询。
请参阅 https://stackoverflow.com/a/35516395/1529493 解决方案。
基本上是这样的:
http {
resolver 127.0.0.11 ipv6 = off ;
}
这可能不再是Docker 1.11的问题:
修复不将码头站域IPv6查询转发到外部服务器
(#21396 )
-
小心你不要t意外覆盖
解析器配置指令。在我的情况下,我在服务器块解析器8.8.8.8 8.8.4.4;从 Mozilla的SSL配置生成器,它覆盖解析器127.0这让我长时间搔我头脑...http块中的.0.11;
请参阅 https://trac.nginx.org/nginx/ticket/658#评论:5 如何避免对DNS服务器的IP地址进行硬编码。
基本上为您的Docker容器创建启动脚本,例如:
#!/ bin / bash
export NAMESERVERS = $(cat / etc /resolv.conf | grepnameserver| awk'{print $ 2}'| tr'\\\
''')
envsubst'$ NAMESERVERS' /etc/nginx/nginx.conf.tmpl> /etc/nginx/nginx.conf
exec nginx -gdaemon off;
给定例如
http {
#...
resolver $ NAMESERVERS;
包含/etc/nginx/conf.d/*.conf;
}
in /etc/nginx/nginx.conf。 tmpl 。
我个人使用 confd ,这使得事情更加易于管理。
I am trying to get rid of deprecated Docker links in my configuration. What's left is getting rid of those Bad Gateway nginx reverse proxy errors when I recreated a container.
Note: I am using Docker networks in bridge mode. (docker network create nettest)
I am using the following configuration snippet inside nginx:
location / {
resolver 127.0.0.1 valid=30s;
set $backend "http://confluence:8090";
proxy_pass $backend;
- I started a container with hostname
confluenceon my Docker network with namenettest. - Then I started the nginx container on network
nettest. - I can ping
confluencefrom inside the nginx container confluenceis listed inside the nginx container's/etc/hostsfile- nginx log says `send() failed (111: Connection refused) while resolving, resolver: 127.0.0.1:53``
- I tried the docker network default dns resolver
127.0.0.11from/etc/resol.conf - nginx log says
confluence could not be resolved (3: Host not found)
Anybody knows how to configure nginx resolver with Docker Networks or an alternative on how to force Nginx to correctly resolve the Docker network hostname?
First off, you should be using the Docker embedded DNS server at 127.0.0.11.
Your problem could be caused by 1 of the following:
nginx is trying to use IPv6 (AAAA record) for the DNS queries.
See https://stackoverflow.com/a/35516395/1529493 for the solution.
Basically something like:
http { resolver 127.0.0.11 ipv6=off; }This is probably no longer a problem with Docker 1.11:
Fix to not forward docker domain IPv6 queries to external servers (#21396)
Take care that you don't accidentally override the
resolverconfiguration directive. In my case I had in theserverblockresolver 8.8.8.8 8.8.4.4;from Mozilla's SSL Configuration Generator, which was overriding theresolver 127.0.0.11;in thehttpblock. That had me scratching my head for a long time...
See https://trac.nginx.org/nginx/ticket/658#comment:5 for how to avoid hardcoding the IP address of the DNS server.
Basically create a startup script for your Docker container, e.g.:
#!/bin/bash
export NAMESERVERS=$(cat /etc/resolv.conf | grep "nameserver" | awk '{print $2}' | tr '\n' ' ')
envsubst '$NAMESERVERS' < /etc/nginx/nginx.conf.tmpl > /etc/nginx/nginx.conf
exec nginx -g "daemon off;"
Given you have e.g.
http {
# ...
resolver $NAMESERVERS;
include /etc/nginx/conf.d/*.conf;
}
in /etc/nginx/nginx.conf.tmpl.
Personally I use confd, which makes things much more manageable.
这篇关于Docker网络Nginx Resolver的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
