Ii'm having a hard time figuring out how to proxypass
into a nodejs
container from a nginx
container.
seems to me that http://localhost:3000
would fall inside the nginx
container...so I thought this setup would make sense:
nginx
container:
podman run -d \
--name nginx.main \
-p 0.0.0.0:8081:8080 \
-p 0.0.0.0:4431:4430 \
-p 0.0.0.0:3001:3000 \
-u root \
-v /home/_secrets/certbot/_certs:/etc/nginx/_cert \
-v /home/mee/_volumes/nginx_main:/etc/nginx \
nginx
nodjs
container:
podman run -d \
-v /home/mee/dev/abd/:/usr/src/app -w /usr/src/app \
-p 3000:3000 \
--name next.dev node:latest \
npm run dev
firewalld
, routing from 3001
to 3000
:
sudo firewall-cmd --add-port=3000/tcp --permanent
sudo firewall-cmd --add-port=3001/tcp --permanent
sudo firewall-cmd --permanent \
--zone=mee_fd \
--add-forward-port=port=3001:proto=tcp:toport=3000
sudo firewall-cmd --reload
nginx
config:
location / {
proxy_pass http://localhost:3000;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
really not sure how this should communicate... I've tried using the ipaddress
instead of 'localhost', but I get the same response.
thanks
CodePudding user response:
To allow communication between containers you need to setup a shared networks, e.g. in .yaml (this can be done as well as on ci, report in .yaml only for sake of code):
version: '2'
services:
proxy:
build: ./
networks:
- example1
- example2
ports:
- 80:80
- 443:443
networks:
example1:
external:
name: example1_default
example2:
external:
name: example2_default
Then in your nginx config:
location / {
proxy_pass http://myServiceName:3000; <-- note is not localhost but the name of node service
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
Let me know