Posted on by

Docker Nginx resolver

Pin0

Problem

No Nginx resolver configured?

Error 502: Bad Gateway?

failed (111: Connection refused) ?

Nginx not starting ?

Solution: Docker Nginx resolver

Do you have a problem with any of these? Then try out this:

Add the following to your server configuration

resolver 127.0.0.11 valid=10s;

So

server {
    listen 443 ssl;
    server_name dashboard.example.com;

    ssl_certificate /etc/letsencrypt/live/dashboard.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dashboard.example.com/privkey.pem;

    root   /dashboard/;

    location /dashboard/ {
        alias /dashboard/;
        index  index.html;
        try_files $uri $uri/ /dashboard/index.html;
    }

}

becomes

server {
  listen 443 ssl;
  server_name dashboard.example.com;

  resolver 127.0.0.11 valid=10s;

  ssl_certificate /etc/letsencrypt/live/dashboard.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

  root /dashboard/;

  location /dashboard/ {
    alias /dashboard/;
    index index.html;
    try_files $uri $uri/ /dashboard/index.html;
  }

}

Explanation

The default setting of the resolver is something crazy like checking only every 5 minutes if the referenced name can be resolved to an ip and the ip can be reached.

A simple docker-compose up can change the ip address of a backend server. Without reducing the delay for the checks, nginx can take as long as 5 minute to try to resolve a hostname again.

As you can imagine this can create a lot of problems and cost you a lot of customers when you do a new deployment.

Background

When you reference a backend server for a location by name, nginx needs a configuration to learn how to solve it. Especially inside docker the Nginx resolver can´t resolve the hostname.

Therefore you need to specify the ip address which can resolve the hostname to an ip address. And how long such an entry should be valid.

Decreasing the timeout between the request to resolve the name decreases the timeframe in which your service can´t server customers. As long as you don´t get performance issues decrease it just per default.

Alternatively specify the ip address of each server or the static ip of the load balancer before multiple backend servers.

For me this worked wonders. How about you? Did it help you?

Best,

Frank

Sources:

http://nginx.org/en/docs/http/ngx_http_upstream_module.html

https://www.nginx.com/resources/wiki/modules/domain_resolve/

Pin0

Published by Frank

Leave a Reply