Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx error when using proxy-wide configuration #378

Open
msabramo opened this issue Mar 2, 2016 · 5 comments
Open

nginx error when using proxy-wide configuration #378

msabramo opened this issue Mar 2, 2016 · 5 comments
Labels
kind/bug Issue reporting a bug

Comments

@msabramo
Copy link

msabramo commented Mar 2, 2016

I am trying to follow the instructions on proxy-wide configuration.

Specifically, I want to add a custom nginx config file that can map various paths to various vhosts -- here's what I have:

# Dockerfile

nginx-proxy:
  image: jwilder/nginx-proxy
  volumes:
    - "/var/run/docker.sock:/tmp/docker.sock:ro"
    - "./certs:/etc/nginx/certs:ro"
    - "./path-routing.conf:/etc/nginx/conf.d/path-routing.conf"
  ports:
    - "80:80"
    - "443:443"

and:

# path-routing.conf

server {
  server_name marcs-local-docker-machine.com www.marcs-local-docker-machine.com;
  listen 80 ;
  access_log /var/log/nginx/access.log vhost;
  return 301 https://$host$request_uri;
}
server {
  server_name marcs-local-docker-machine.com www.marcs-local-docker-machine.com;
  listen 443 ssl http2 ;
  access_log /var/log/nginx/access.log vhost;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 5m;
  ssl_session_cache shared:SSL:50m;
  ssl_certificate /etc/nginx/certs/marcs-local-docker-machine.com.crt;
  ssl_certificate_key /etc/nginx/certs/marcs-local-docker-machine.com.key;
  add_header Strict-Transport-Security "max-age=31536000";

  # anonweb
  location / {
    proxy_pass http://anonweb.marcs-local-docker-machine.com;
  }

  # userweb
  location /home {
    proxy_pass http://userweb.marcs-local-docker-machine.com;
  }
  location /user {
    proxy_pass http://userweb.marcs-local-docker-machine.com;
  }
}

When I try to start the nginx-proxy container, I get:

❯ docker-compose up nginx-proxy
Starting smdevstack_nginx-proxy_1
Attaching to smdevstack_nginx-proxy_1
nginx-proxy_1 | forego     | starting nginx.1 on port 5000
nginx-proxy_1 | forego     | starting dockergen.1 on port 5100
nginx-proxy_1 | nginx.1    | 2016/03/02 16:32:18 [emerg] 12#12: unknown log format "vhost" in /etc/nginx/conf.d/path-routing.conf:4
nginx-proxy_1 | nginx.1    | nginx: [emerg] unknown log format "vhost" in /etc/nginx/conf.d/path-routing.conf:4
nginx-proxy_1 | forego     | starting nginx.1 on port 5100
nginx-proxy_1 | forego     | sending SIGTERM to nginx.1
nginx-proxy_1 | forego     | sending SIGTERM to dockergen.1
smdevstack_nginx-proxy_1 exited with code 0

The vhost log format should already be declared in default.conf. I tried to work around this by copying the definition of the vhost log format to path-routing.conf, but then I get:

❯ docker-compose up nginx-proxy
Starting smdevstack_nginx-proxy_1
Attaching to smdevstack_nginx-proxy_1
nginx-proxy_1 | forego     | starting nginx.1 on port 5000
nginx-proxy_1 | forego     | starting dockergen.1 on port 5100
nginx-proxy_1 | dockergen.1 | 2016/03/02 16:34:05 Generated '/etc/nginx/conf.d/default.conf' from 3 containers
nginx-proxy_1 | dockergen.1 | 2016/03/02 16:34:05 Running 'nginx -s reload'
nginx-proxy_1 | dockergen.1 | 2016/03/02 16:34:05 Error running notify command: nginx -s reload, exit status 1
nginx-proxy_1 | dockergen.1 | 2016/03/02 16:34:05 2016/03/02 16:34:05 [emerg] 20#20: duplicate "log_format" name "vhost" in /etc/nginx/conf.d/path-routing.conf:1
nginx-proxy_1 | dockergen.1 | 2016/03/02 16:34:05 Watching docker events
nginx-proxy_1 | nginx.1    | 2016/03/02 16:34:05 [emerg] 12#12: host not found in upstream "anonweb.marcs-local-docker-machine.com" in /etc/nginx/conf.d/path-routing.conf:24
nginx-proxy_1 | forego     | starting nginx.1 on port 5100
nginx-proxy_1 | forego     | sending SIGTERM to nginx.1
nginx-proxy_1 | forego     | sending SIGTERM to dockergen.1
smdevstack_nginx-proxy_1 exited with code 0

It can't find the upstream "anonweb.marcs-local-docker-machine.com" but that's also defined in default.conf.

The kicker is I can remove this stuff and get the container to start and then copy in this path-routing.conf file and nginx reloads just fine.

❯ docker cp path-routing.conf smdevstack_nginx-proxy_1:/etc/nginx/conf.d/

❯ docker-compose restart nginx-proxy
Restarting smdevstack_nginx-proxy_1 ... done

❯ docker-compose ps nginx-proxy
          Name                        Command               State                    Ports
------------------------------------------------------------------------------------------------------------
smdevstack_nginx-proxy_1   /app/docker-entrypoint.sh  ...   Up      0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp

❯ docker-compose logs nginx-proxy
Attaching to smdevstack_nginx-proxy_1
...
nginx-proxy_1 | forego     | starting nginx.1 on port 5000
nginx-proxy_1 | forego     | starting dockergen.1 on port 5100
nginx-proxy_1 | dockergen.1 | 2016/03/02 17:02:01 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy_1 | dockergen.1 | 2016/03/02 17:02:01 Watching docker events

Any ideas? Is nginx-proxy or docker-gen trying to work with this file in isolation or before default.conf has been generated?
@msabramo
Copy link
Author

msabramo commented Mar 2, 2016

I seem to get the same behavior if I try to build a new image that inherits from jwilder/nginx-proxy:

FROM jwilder/nginx-proxy

COPY path-routing.conf /etc/nginx/conf.d/

@msabramo
Copy link
Author

msabramo commented Mar 2, 2016

Looking at the Procfile, I suspect this is happening because nginx and dockergen get started at the same time and probably nginx starts reading path-routing.conf before dockergen has finished generating default.conf.

Need to think a little about how we might solve this...

@msabramo
Copy link
Author

msabramo commented Mar 2, 2016

I was able to make it work by doing some hacking in the container I build:

# Dockerfile
FROM jwilder/nginx-proxy
COPY Procfile /app/
COPY path-routing.conf /etc/nginx/conf.d/
RUN rm /etc/nginx/conf.d/default.conf

and the Procfile:

nginx: while [ ! -f /etc/nginx/conf.d/default.conf ]; do echo "*** Waiting to start nginx..."; sleep 1; done; echo "*** Starting nginx..."; nginx
dockergen: echo "*** Starting docker-gen..."; docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf

This works great:

❯ docker-compose up nginx-proxy
Creating smdevstack_nginx-proxy_1
Attaching to smdevstack_nginx-proxy_1
nginx-proxy_1 | forego     | starting nginx.1 on port 5000
nginx-proxy_1 | forego     | starting dockergen.1 on port 5100
nginx-proxy_1 | nginx.1    | *** Waiting to start nginx...
nginx-proxy_1 | dockergen.1 | *** Starting docker-gen...
nginx-proxy_1 | dockergen.1 | 2016/03/02 17:28:16 Generated '/etc/nginx/conf.d/default.conf' from 3 containers
nginx-proxy_1 | dockergen.1 | 2016/03/02 17:28:16 Running 'nginx -s reload'
nginx-proxy_1 | dockergen.1 | 2016/03/02 17:28:16 Error running notify command: nginx -s reload, exit status 1
nginx-proxy_1 | dockergen.1 | 2016/03/02 17:28:16 Watching docker events
nginx-proxy_1 | nginx.1    | *** Starting nginx...

msabramo added a commit to msabramo/nginx-proxy that referenced this issue Mar 2, 2016
@msabramo
Only start nginx after dockergen is done
b64087a 
This prevents nginx from failing when there is a custom nginx config
that depends on things in the generated nginx config.

Fixes: nginx-proxyGH-378
@msabramo msabramo mentioned this issue Mar 2, 2016
Open
msabramo added a commit to msabramo/nginx-proxy that referenced this issue Mar 2, 2016
@msabramo
Pause 2 seconds before starting nginx
048bfad 
This hopefully lets nginx start after dockergen is done.

This prevents nginx from failing when there is a custom nginx config
that depends on things in the generated nginx config.

Fixes: nginx-proxyGH-378
@msabramo
Copy link
Author

msabramo commented Mar 2, 2016

See #379 for a possible solution.

@bubba-123
Copy link

Tribute Grandma

@tkw1536 tkw1536 added the kind/bug Issue reporting a bug label Apr 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Issue reporting a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msabramo @tkw1536 @bubba-123