docker-contao in production/staging on ECS

Question

docker-contao in production/staging on ECS

Closed this issue 6 years ago · 2 comments

Hey! I really like this setup in development. I've tried to use this multi-container setup also in production/staging on Amazon Elastic Container Services (ECS). I've rewritten the docker-compose.yml to Amazons own format (Task Definitions/JSON). So far it's working great & all the containers run as the should except for one big problem. I get following error message, when I try to visit a PHP page in my Browser:

502 Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /app.php.

Reason: DNS lookup failure for: php

I figured out that this is a problem of my apache-container trying to connect/load files via the php-fpm service from the contao_php container. So when I connect to the contao-php container via ssh + docker exec I realize that following file is causing the problem: /etc/apache2/sites-available/000-default.conf

So this line is causing the problem: ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://php:9000/var/www/share/project/web/$1

file:

ServerName contao_apache
<VirtualHost *:80>
        ServerName contao_apache

        SetEnv MAGE_IS_DEVELOPER_MODE "true"

        ServerAdmin docker@contao_apache
        DocumentRoot /var/www/share/project/web/

        ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://php:9000/var/www/share/project/web/$1

        <Directory /var/www/share>
            Options +FollowSymLinks +ExecCGI
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
<VirtualHost *:443>
    ........... //more stuff
</VirtualHost>

When I check out the logs & do checks in my contao-php container it seems that the php-fpm service is running fine on port 9000. Also I made shure, that port forwarding is enabled for 9000:9000 and that Amazon Security Groups are set fine.
Does someone else have this problem or could point me in the right direction? Thanks!

Answer 1 · 2018-10-30T19:31:11.000Z

Hi @matthiasprieth,
I assume since the docker-compose.yml is not used the php container name php is not available for the php container.
If you change the env var for the web / apache container PHPFPM_HOST: &phpfpm_host php to PHPFPM_HOST: contao_php (or what the name maybe) it could work.

Important Disclaimer: While im very interested to see / know if your setup is working, pls notice that we did not setup the container with any security in mind. So I can not recommend to use them for prodction environments.

Answer 2 · 2018-10-31T09:24:40.000Z

Hi @DanielSchwiperich,
thanks a lot! This was the missing piece. I assumed this was php itself or another service of the fcgi-protocol. I did not think that this was the container name and totally ignored it.

In terms of security: I will keep that in mind & maybe post something later on. But for now I think we can close this issue.

Thanks! 👍