Docker nginx reverse proxy 502 error on fastcgi

Question

I'm trying to build multiwebsite docker server.

I want to have one container for proxy and others for websites. Also I want to use fastcgi due to better performance.

I'm using jwilder/nginx-proxy

PROBLEM: setting fastcgi (- VIRTUAL_PROTO=fastcgi) causing 502 Bad Gateway error:

2017/12/21 22:06:20 [error] 5#5: *24 connect() failed (111: Connection refused) while connecting to upstream, 
client: 77.X3.38.17, server: domain.tdl, request: "GET / HTTP/2.0", upstream: "fastcgi://172.18.0.2:9000", host: "domain.tdl"

WEBSITE CONTAINER

version: "3"
services:
   test:
     image: richarvey/nginx-php-fpm:latest
     volumes:
       - /srv/www/domain.tdl/data:/var/www/html
     expose:
       - 80
       - 443
     restart: always
     environment:
       VIRTUAL_HOST: domain.tdl
       VIRTUAL_PROTO: fastcgi
       VIRTUAL_PORT: 9000
       VIRTUAL_ROOT: /var/www/html
     container_name: test
networks:
  default:
    external:
      name: nginx-proxy

NGINX-PROXY COINTAINER

version: '3'
services:
  nginx:
    image: nginx
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    container_name: nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
      - /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
      - /srv/www/nginx-proxy/html:/usr/share/nginx/html
      - /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
  nginx-gen:
    image: jwilder/docker-gen
    command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    container_name: nginx-gen
    restart: unless-stopped
    volumes:
      - /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
      - /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
      - /srv/www/nginx-proxy/html:/usr/share/nginx/html
      - /srv/www/nginx-proxy/certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /srv/www/nginx-proxy/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    restart: unless-stopped
    volumes:
      - /srv/www/nginx-proxy/conf.d:/etc/nginx/conf.d
      - /srv/www/nginx-proxy/vhost.d:/etc/nginx/vhost.d
      - /srv/www/nginx-proxy/html:/usr/share/nginx/html
      - /srv/www/nginx-proxy/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
      NGINX_PROXY_CONTAINER: "nginx"

networks:
  default:
    external:
      name: nginx-proxy

NGINX CONFIG FILE FROM NGINX-PROXY CONTAINER

# domain.tdl
upstream domain.tdl {
                                ## Can be connect with "nginx-proxy" network
                        # test
                        server 172.18.0.2:9000;
}
server {
        server_name domain.tdl;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        return 301 https://$host$request_uri;
}
server {
        server_name domain.tdl;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/domain.tdl.crt;
        ssl_certificate_key /etc/nginx/certs/domain.tdl.key;
        ssl_dhparam /etc/nginx/certs/domain.tdl.dhparam.pem;
        add_header Strict-Transport-Security "max-age=31536000";
        include /etc/nginx/vhost.d/default;
        location / {
                root   /var/www/html;
                include conf.d/fastcgi.conf;
                fastcgi_pass domain.tdl;
            }
 }

Why my nginx-proxy container can not see my website? Did I messed up something with ports?

Answer 1

Your docker compose definitions looks okay.

Check the output of

$ curl 172.18.0.2:9000 

when it is executed from the proxy container. This issue normally happens when php daemon stops working or gets overloaded by requests resulting in php requests being dropped.

If you’re still getting an error after verifying the php daemon is operating properly, then the issue is on php-fpm container. Nginx error logs is also helpful at /var/log/nginx/error.log. Check those to determine any issues with the container.

Answer 2

In your WEBSITE CONTAINER docker-compose configuration file, you have set the virtual port to VIRTUAL_PORT: 9000, which is wrong, because you have exposed only the ports 80 and 443.
You just need to make sure that you set the correct VIRTUAL_PORT (80 or 443), or in your case you can also remove the environment variable VIRTUAL_PORT, as its default is 80.

Something like this:

version: "3"
services:
   test:
     image: richarvey/nginx-php-fpm:latest
     volumes:
       - /srv/www/domain.tdl/data:/var/www/html
     expose:
       - 80
       - 443
     restart: always
     environment:
       VIRTUAL_HOST: domain.tdl
       VIRTUAL_PROTO: fastcgi
       VIRTUAL_ROOT: /var/www/html
     container_name: test
networks:
  default:
    external:
      name: nginx-proxy