stackoom
  简体   繁体   中英

How to proxy_pass to a node docker container on port 80 with nginx container

 原文  2019-06-02 02:40:06       docker/ nginx/ proxy/ reverse-proxy

Question

In short, I'm trying to set up an nginx container to proxy_pass to other containers on port 80.

I was following along with this tutorial: https://dev.to/domysee/setting-up-a-reverse-proxy-with-nginx-and-docker-compose-29jg

They describe having a docker compose file that looks something like: 

version: '3'
services:
  nginx: 
    image: nginx:latest
    container_name: production_nginx
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/error.log:/etc/nginx/error_log.log
      - ./nginx/cache/:/etc/nginx/cache
      - /etc/letsencrypt/:/etc/letsencrypt/
    ports:
      - 80:80
      - 443:443

  your_app_1:
    image: your_app_1_image:latest
    container_name: your_app_1
    expose:
      - "80"

  your_app_2:
    image: your_app_2_image:latest
    container_name: your_app_2
    expose:
      - "80"

  your_app_3:
    image: your_app_3_image:latest
    container_name: your_app_3
    expose:
      - "80"

Then in the nginx config they do a proxy_pass based on the path like this: 

proxy_pass http://your_app_1:80;

This all makes sense to me, however when I was making a test node server to listen on port 80, I'm getting the error: Error: listen EACCES: permission denied 0.0.0.0:80. In my Dockerfile for the node server, I'm using a different user: 

USER node

I know I'm getting this error because non root users are not supposed to be able to bind below port 1024 or something. And I know it's bad practice to run as root in a container... so how in the world is something like this possible? I feel like I'm missing something here. It would be nice to not have to remember some custom high port your server is running on every time you do a proxy_pass in nginx... or is that just a fact of life?

1 answers

solution1
 0 ACCPTED  2019-06-02 06:20:02

I see zero issues in doing an expose on the port,as long as we dont publish the port.

EXPOSE will not allow communication via the defined ports to containers outside of the same network or to the host machine. To allow this to happen you need to publish the ports.

But its doable at the cost of adding security holes by granting kernel capabilities using --add-cap flag on the Docker client or the Docker-Compose cap_add . NET_BIND_SERVICE is the capability that we should be adding.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question nginx proxy_pass to a linked docker container nginx container proxy_pass to another docker container nginx proxy_pass and docker errors when container not up Docker: proxy_pass to another container - nginx: host not found in upstream Nginx proxy_pass to docker container doesn't work Nginx docker container proxy pass to another port Nginx Reverse proxy for a docker container running at port 80 Docker: Multiple container on port 80 without NGinx Not able to map Nginx Port 80 with docker container port 80 Nginx proxy_pass in docker container doesn't process static files
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM