Since a few weeks i'm working with Docker/Docker-Compose and Linux.
I'm wondering if it's possible to tune my nginx Performance.
All the info I found online where for standard Nginx on Linux and not in a Docker Container.
Here you can see my Docker-Compose and my Nginx default conf.
Maybe you can give me a hint on what I can do better.
Thanks
Docker-Compose----------------------------------------
version: '3.7'
services:
traefik:
image: traefik:v2.4
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./apps/traefik/traefik.yml:/traefik.yml:ro
- ./apps/traefik/acme.json:/acme.json
- ./apps/traefik/configurations:/configurations
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=user-auth#file"
nginx:
image: nginx:latest
container_name: nginx
restart: always
volumes:
- ./www:/www
- ./apps/nginx/default.conf:/etc/nginx/conf.d/default.conf
networks:
- proxy
- internal
links:
- php-fpm
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.nginx.entrypoints=websecure"
- "traefik.http.routers.nginx.rule=Host(`domain.com`) || Host(`www.domain.com`)"
php-fpm:
image: bitnami/php-fpm:latest
volumes:
- ./www:/www
expose:
- 9000
networks:
- internal
mariadb:
image: mariadb:latest
container_name: mariadb
volumes:
- ./apps/mariaDB/db-data:/var/lib/mysql
networks:
db-net:
internal:
host-network:
ipv4_address: 172.22.0.100
restart: always
environment:
MYSQL_ROOT_PASSWORD: 123
MYSQL_DATABASE: db
MYSQL_USER: db-user
MYSQL_PASSWORD: 123
networks:
proxy:
driver: host
external: true
db-net:
internal: true
internal:
internal: true
host-network:
ipam:
driver: default
config:
- subnet: 172.22.0.0/16
Nginx-Conf-----------------------------------------
Server {
server_tokens off;
listen 80;
server_name www.domain.com;
error_log /www/log/error.log;
access_log /www/log/access.log;
root /www;
location / {
index index.php index.html;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
location ~* \.php$ {
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
}
According to the answer provided in this post you can increase the performance of the nginx container by running it in the Docker bridge network.
Additionally there is another answer that says that running the container in the Docker bridge network it gives better performance as it uses the host's native networking.
Related
hi everyone i'm working on deploy laravel project on docker and use shadowd as waf, laravel project work probly on docker with nginx but when i try to configure show i find this output:
nginx configuration:
server {
listen 80;
listen [::]:80;
server_name localhost;
root /var/www/html/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "auto_prepend_file=/usr/share/shadowd/shadowd.php";
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
to deploy my laravel project i create docker compose file and dockefile
docker compose:
version: "3.9" # optional since v1.27.0
networks:
laravel:
services:
nginx:
image: nginx:stable-alpine
container_name: laravel_nginx
ports:
- "8088:80"
volumes:
- "./:/var/www/html"
- "./nginx/nginx.conf:/etc/nginx/conf.d/default.conf"
# depends_on:
# - php
# - mysql
networks:
- laravel
mysql:
image: mysql:8
container_name: laravel_mysql
ports:
- "3366:3306"
volumes:
- "./mysql:/var/lib/mysql"
restart: unless-stopped
tty: true
environment:
- MYSQL_DATABASE=ttDataBase
- MYSQL_USER=root
- MYSQL_ROOT_PASSWORD=root
- SERVICE_TAGS=dev
- MYSQL_SERVICE_NAME=mysql
networks:
- laravel
php:
build:
context: .
dockerfile: Dockerfile
container_name: laravel_php
ports:
- "9000:9000"
volumes:
- "./:/var/www/html"
networks:
- laravel
dockerfile
FROM php:8.0.3-fpm-alpine3.12
RUN docker-php-ext-install pdo pdo_mysql
RUN apk add libzip-dev
RUN docker-php-ext-install zip
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
two networks are on docker :
please someone help me.
So, I have a problem with my docker setup for a project I'm working on. Using Docker and docker-compose I have set up a few containers as seen below. I can reach both php services via the browser no problem. dev.drmobile.local refers to the Magento service and dev.dronline.local refers to the Symfony service. The problem is that when the Magento service needs data from the Symfony service, I get an error stating Unable to Connect to tcp://dev.dronline.local:80. Error #111: Connection refused. I have tried merging both services in 1 container, but the problem is also present in that situation.
All other communication between containers seems to work fine.
I'm not sure on the port setup I've used, but it doesn't seem to trigger any errors.
Both php containers use the same image created from a Dockerfile, with a slightly different init script.
Any help and tips will be greatly appreciated.
docker-compose.yml
version: '3.3'
networks:
drmobile:
services:
nginx-service:
image: nginx:stable-alpine
container_name: drmobile-nginx-container
ports:
- "8080:80"
volumes:
- ./:/var/www/html
- ./.docker/nginx/:/etc/nginx/conf.d/
depends_on:
- symfony-service
- magento-service
networks:
- drmobile
magento-service:
container_name: drmobile-magento-container
build:
context: .
dockerfile: ./.docker/php/Dockerfile
ports:
- "9000:9000"
volumes:
- ./:/var/www/html
- ./.docker/php/php.ini:/usr/local/etc/php/php.ini
- ./.docker/php/magento/docker-install.sh:/var/www/html/docker-install.sh
networks:
- drmobile
symfony-service:
container_name: drmobile-symfony-container
build:
context: .
dockerfile: ./.docker/php/Dockerfile
ports:
- "9001:9000"
volumes:
- ./:/var/www/html
- ./.docker/php/php.ini:/usr/local/etc/php/php.ini
- ./.docker/php/symfony/docker-install.sh:/var/www/html/docker-install.sh
networks:
- drmobile
mysql-service:
image: mysql:5.7
container_name: drmobile-mysql-container
ports:
- "3306:3306"
volumes:
- ./.docker/data/mysql-data:/var/lib/mysql
- ./.docker/mysql/:/docker-entrypoint-initdb.d/
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_USER: dynalinq
MYSQL_PASSWORD: password
networks:
- drmobile
redis-service:
image: redis:2.8
container_name: drmobile-redis-container
ports:
- "6379:6379"
networks:
- drmobile
varnish-service:
build:
context: .docker/varnish
container_name: drmobile-varnish-container
ports:
- "80:80"
networks:
- drmobile
depends_on:
- nginx-service
elasticsearch:
image: elasticsearch:1.7.6
container_name: drmobile-elasticsearch-container
networks:
- drmobile
volumes:
- ./.docker/data/elasticsearch-data:/usr/share/elasticsearch/data
environment:
ES_JAVA_OPTS: "-Xmx512m -Xms512m"
HOSTNAME: "elasticsearch-dev"
.docker/nginx/dev.dronline.local.conf
server {
listen 80;
root /var/www/html/symfony/web;
server_name dev.dronline.local;
access_log /var/log/nginx/dronline_access.log custom_dronline;
error_log /var/log/nginx/dronline_error.log;
location / {
try_files $uri /app.php$is_args$args;
}
location ~ ^/app\.php(/|$) {
fastcgi_pass drmobile-symfony-container:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
}
}
.docker/nginx/dev.drmobile.local.conf
server {
listen 80 default_server;
server_name dev.drmobile.local;
root /var/www/html/magento;
index index.html index.php;
access_log /var/log/nginx/dev.drmobile.local_access.log custom;
error_log /var/log/nginx/dev.drmobile.local_error.log;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ #handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
}
location #handler { ## Magento uses a common front handler
rewrite / /index.php;
}
location ~ .php$ { ## Execute PHP scripts
fastcgi_pass drmobile-magento-container:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
include fastcgi_params;
}
}
The issue is: php files are downloaded instead of executing.
I know there are some other similar questions out there to this one. I read many of them but either their scenerios are different or they have no correct answers. I have spent days and tried many ways but still can't figure it out. Therefore I am asking for help. The following are the scenerio, together with the .yml .conf files.
network: nginx-proxy
nginx-proxy:
- nginx (proxy) container
- docker-gen container
- letsencrypt container
web1: (this works fine)
- mysql container
- wordpress container (from wordpress image)
web2: (this has the issue: php files downloaded instead of executing)
- mysql container
- phpfpm container
- nginx container (env: VIRTUAL_HOST, LETSENCRYPT_HOST)
As mentioned above, if I use a Wordpress image, it works successfully. No hassle at all.
However, when I try to set up one with php, nginx and mysql containers myself, those php files will be downloaded instead of executing. (html files can be executed)
create network:
docker network create nginx-proxy
nginx-proxy: docker-compose.yml
version: '3'
services:
nginx:
image: nginx:1.13.1
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- ./sites-enabled:/etc/nginx/sites-enabled
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
dockergen:
image: jwilder/docker-gen:0.7.3
container_name: nginx-proxy-gen
depends_on:
- nginx
command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
- ./sites-enabled:/etc/nginx/sites-enabled
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-le
depends_on:
- nginx
- dockergen
environment:
NGINX_PROXY_CONTAINER: nginx-proxy
NGINX_DOCKER_GEN_CONTAINER: nginx-proxy-gen
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./sites-enabled:/etc/nginx/sites-enabled
volumes:
conf:
vhost:
html:
certs:
networks:
default:
external:
name: nginx-proxy
nginx.conf
# web1.local
upstream web1.local {
## Can be connected with "nginx-proxy" network
# wordpress_web1
server 192.168.96.3:80;
}
server {
server_name web1.local;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://web1.local;
}
}
server {
server_name web1.local;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
return 500;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# web2.local
upstream web2.local {
## Can be connected with "nginx-proxy" network
# nginx_web2
server 192.168.96.7:80;
}
server {
server_name web2.local;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://web2.local;
}
}
server {
server_name web2.local;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
return 500;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
sites-enabled/web2.conf
(I also tried to put this part in default.conf but it didn't work)
server {
index index.php index.html index.htm;
root /var/www/html;
location ~ \.php$ {
try_files $uri $uri/ /index.php$is_args$args;
fastcgi_pass phpfpm_web2:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}
apps:
web1 (Wordpress): docker-compose.yml (This works fine)
version: "3"
services:
mysql_web1:
container_name: mysql_web1
image: mysql:5.7
restart: always
volumes:
- db_data_web1:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: db1
MYSQL_USER: user1
MYSQL_PASSWORD: password
wordpress_web1:
container_name: wordpress_web1
image: wordpress:latest
restart: always
expose:
- 80
depends_on:
- mysql_web1
environment:
VIRTUAL_HOST: web1.local
LETSENCRYPT_HOST: web1.local
LETSENCRYPT_EMAIL: foo#web1.local
WORDPRESS_DB_HOST: mysql_web1:3306
WORDPRESS_DB_USER: user1
WORDPRESS_DB_PASSWORD: password
volumes:
db_data_web1:
networks:
default:
external:
name: nginx-proxy
web2: docker-compose.yml
version: "3"
services:
mysql_web2:
container_name: mysql_web2
image: mysql:5.7
restart: always
ports:
- 3306
expose:
- 3306
volumes:
- db_data_web2:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: db2
MYSQL_USER: user2
MYSQL_PASSWORD: password
phpfpm_web2:
container_name: phpfpm_web2
image: php-fpm:latest
restart: always
ports:
- 9000
expose:
- 9000
links:
- mysql_web2
depends_on:
- mysql_web2
volumes:
- ./code:/var/www/html
nginx_web2:
container_name: nginx_web2
image: nginx:1.13.1
restart: always
ports:
- 80
expose:
- 80
links:
- phpfpm_web2
depends_on:
- phpfpm_web2
volumes:
- ./code:/usr/share/nginx/html
environment:
VIRTUAL_HOST: web2.local
VIRTUAL_PORT: 80
LETSENCRYPT_HOST: web2.local
LETSENCRYPT_EMAIL: foo#web2.local
volumes:
db_data_web2:
networks:
default:
external:
name: nginx-proxy
in php-fpm.d/www.conf, I tried the following ways, but none of them worked.
listen = 127.0.0.1:9000
listen = php_container_ipaddress:9000
listen = 9000
Many thanks in advance for your help!
everyone.
I have some problems with launching Docker containers.
The final task is:
nginx with 80 and 443 ports as a reverse proxy to localhost:3000 (it's ok);
node.js with 3000 port is frontend (it's ok);
php-fpm with 9000 port and domain.con/api url (it's not working);
So, the main problem is with nginx.conf:
upstream app {
server app:3000;
}
server {
listen 80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
try_files $uri #app;
}
location /api {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass api:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location #app {
proxy_pass http://app;
}
}
When I try to get to localhost — it's ok, node.js is working fine;
But when I try to get to localhost/api — it gives me an error that file not found.
docker-compose looks like:
version: '3'
services:
api:
container_name: api
build:
context: ./api
dockerfile: Dockerfile
restart: unless-stopped
volumes:
- ./api:/var/www
- ./php/local.ini:/usr/local/etc/php/conf.d/local.ini
ports:
- '9000:9000'
networks:
- app-network
app:
container_name: app
build:
context: ./app
dockerfile: Dockerfile
restart: always
ports:
- '3000'
volumes:
- ./app:/app
networks:
- app-network
nginx:
container_name: nginx
image: nginx:alpine
restart: unless-stopped
volumes:
- ./api:/var/www
- ./nginx/:/etc/nginx/conf.d
ports:
- '80:80'
depends_on:
- app
- api
networks:
- app-network
networks:
app-network:
driver: bridge
I've been setting up reverse proxies with apache and nginx on numerous occasions and I always found this activity time consuming (not easy to test and debug).
Since I started to work with docker and docker-compose, I found a much easier way to setup a reverse proxy service and now can spend my time on the apps. This easy way is to make use of a Traefik service in your docker compose file:
version: "3"
services:
reverseproxy: # see https://docs.traefik.io/#the-traefik-quickstart-using-docker
image: traefik:v2.2
command: --providers.docker
ports:
- "8082:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
backend:
image: tutum/hello-world
expose:
- 80
labels:
traefik.http.routers.back.rule: Path(`/api`)
traefik.http.routers.back.middlewares: back-stripprefix
traefik.http.middlewares.back-stripprefix.stripprefix.prefixes: /api
frontend:
image: nginx
volumes:
- ./www:/usr/share/nginx/html/:ro
expose:
- 80
labels:
traefik.http.routers.front.rule: Path(`/`)
As you can see, all reverse proxy rules are specified as labels on target containers. Traefik does the reverse proxy job quite well, handling correctly HTTP/2, websockets, forwarding headers, ... It's quite a time saver.
I'm trying to run my symfony app with docker. I have downloaded this bundle eko/docker-symfony
I have copy my symfony project inside of my docker directory.
If I refresh with localhost, I have this error: File not found.
If I put port 81 after localhost the page of Kibana will shop up.
When I run docker ps, I have noticed that the IP of all my containers is 0.0.0.0
docker-compose.yml
version: '2'
services:
db:
image: mysql
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: symfony
MYSQL_USER: symfony
MYSQL_PASSWORD: symfony
php:
build: ./php-fpm
expose:
- "9000"
volumes:
- ./symfony:/var/www/symfony
- ./logs/symfony:/var/www/symfony/app/logs
links:
- db
nginx:
build: ./nginx
ports:
- "80:80"
links:
- php
volumes_from:
- php
volumes:
- ./logs/nginx/:/var/log/nginx
elk:
image: willdurand/elk
ports:
- "81:80"
volumes:
- ./elk/logstash:/etc/logstash
- ./elk/logstash/patterns:/opt/logstash/patterns
volumes_from:
- php
- nginx
symfony.conf
server {
server_name symfony.dev;
root /var/www/symfony/web;
location / {
try_files $uri #rewriteapp;
}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
error_log /var/log/nginx/symfony_error.log;
access_log /var/log/nginx/symfony_access.log;
}
I think the problem is port 80. This probably looks on your host for a file.
You can either try to run nginx under a different port f.e. 8001
nginx:
build: ./nginx
ports:
- "8001:80"
and call
http://localhost:8001
or use a hosts name. To quote the readme of eko/docker-symfony
...and do not forget to add symfony.dev in your /etc/hosts file.
like
127.0.0.1 symfony.dev
Then you can call
http://symfony.dev