Setup nginx
Mohido opened this issue · 11 comments
Reverse proxy must be used, it will forward any request coming to the deployment to the correct container/pod/machine... It will be very helpful when we deploy to the cloud services. In this issue, you have to setup an nginx proxy microservice, when the docker deployment is fired up.
@the4t4 I saw your branch regarding the nginx_setup. I can help with sharing
I use this template in one of my other projects to setup the keycloak path. The location should be /auth because keycloak is using the same settings internally.
server{
listen 80;
location /auth {
proxy_set_header X-Real-IP $address;
proxy_set_header Host $http_host;
proxy_pass http://keycloak:8081; }
}
And the best debugging note that I can give is to look to the nginx logs by using docker-compose -f docker-compose-local.yml logs -f nginx
. And see what is the exact problem there.
@the4t4 I saw your branch regarding the nginx_setup. I can help with sharing I use this template in one of my other projects to setup the keycloak path. The location should be /auth because keycloak is using the same settings internally.
server{
listen 80;
location /auth {
proxy_set_header X-Real-IP $address;
proxy_set_header Host $http_host;
proxy_pass http://keycloak:8081; }
}
@Mohido The problem isn't with the keycloak configuration, nginx is able to reverse proxy to keycloak just fine but it is failing when I try to access other microservices, I am getting 502 Bad Gateway for all of them for some reason
@the4t4 Can you share the logs you get? and can you also share the network of the browser when you send the request? More over, can you try to connect to it from one of the containers internally? for instance:
wget -v -O - https://nginx/cleandb
.
Also don't forget to link Nginx on the other services in the docker-compose-local.yml
@Mohido I managed to fix the issue, quick question, why did you need proxy_set_header X-Real-IP $address;
for keycloak?
@the4t4 It is used to manipulate the nginx header values at the endpoints (Proxied server). I proposed to use this because of a template that I used when I setup keycloak. However, I am not quite sure of the details of configuration. For specific details check these:
https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
https://www.digitalocean.com/community/questions/how-do-i-forward-client-ip-instead-of-proxy-ip-in-nginx-reverse-proxy
@Mohido I know what they are, my question was why you actually needed the client IP for keycloak. As of now, my implementation does not contain this line: proxy_set_header X-Real-IP $address;
and it works fine, so I was curious whether there is a real use case for this because I couldn't find any. I will just leave this out until it becomes apparent why we need it.
I don't think it will form any problems if the keycloak can be accessed anyways. So we can remove it. I most of the time use that old template that I have without resetting much configuration. The most important part for our application is that we can access the keycloak internally and externally. Thus, you can delete the proxy_set_header X-Real-IP $address;
. If you want 1 more test, try to use wget
to the nginx from within the containers. If that works and returns something, then the setup is perfect.
@Mohido
/pgadmin4 $ wget -Y -O http://clean-administration-platform_nginx_1
Connecting to clean-administration-platform_nginx_1 (192.168.160.2:80)
wget: can't open 'index.html': Permission denied
@the4t4 Can you try the following if you have time:
docker exec -it clean-administration-platform_backend_1 sh
to access one of the containers running inside the internal virtual networkwget -O - "http://nginx/<most of the domains you want to test>"
. If this was able to connect and retrieve something, that means the containers can communicate between each other internally (exactly what we want to achieve).
If that works, please, don't forget to close this issue.