Reverse proxy to two separate nginx instances

Question

I have several repositories that I need to be able to run individually, or together on the same host. In this case, I have two applications: A and B. Both are run using docker compose.

Each one has:

• API (Django): API for application A runs on port 5000; API for application B runs on port 5001 (through channels socket)
• its own database: Database A runs on 5432; Database B runs on 5433
• its own nginx reverse proxy: Application A listens on port 8001; Application B listens on port 8002

Both are meant to be reached through a reverse proxy listening on port 80 and 443. This is the config for the "main" nginx instance:

ssl_password_file /etc/nginx/certificates/global.pass;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.1;

server {
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/certificates/certificate.crt;
    ssl_certificate_key /etc/nginx/certificates/privatekey.key;

    proxy_set_header X-Forwarded-Proto $scheme;

    server_name a.my.domain.com;
    location / {
        proxy_redirect off;
        proxy_pass http://a.my.domain.com:8001;
    }
}

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/certificates/certificate.crt;
    ssl_certificate_key /etc/nginx/certificates/privatekey.key;

    proxy_set_header X-Forwarded-Proto $scheme;

    server_name b.my.domain.com;
    location / {
        proxy_redirect off;
        proxy_pass http://b.my.domain.com:8002;
    }
}

This is the config for Application A:

upstream channels-backend {
    server api:5000;
}

server {
    listen 8001 default_server;
    server_name a.my.domain.com [local IP address];

    access_log /var/log/nginx/access.log;
    underscores_in_headers on;

    location /static {
        alias /home/docker/code/static;
    }

    location / {
        try_files $uri @proxy_to_app;
    }

    location @proxy_to_app {
        proxy_read_timeout 30;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_redirect off;
        proxy_pass http://channels-backend;
    }
}

This is the pretty much identical config for Application B:

upstream channels-backend {
    server api:5001;
}

server {
    listen 8002 default_server;
    server_name b.my.domain.com [same local IP address];

    keepalive_timeout 70;
    access_log /var/log/nginx/access.log;
    underscores_in_headers on;

    location /static {
        alias /home/docker/code/static;
    }

    location / {
        try_files $uri @proxy_to_app;
    }

    location @proxy_to_app {
        proxy_read_timeout 30;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_redirect off;
        proxy_pass http://channels-backend;
    }
}

When I run all three application using docker-compose up --build , starting with Application A, then Application B, then the "main" reverse proxy, I can open a web browser, go to b.my.domain.com and use Application B just fine. If I try a.my.domain.com , however, I get 502 Bad Gateway . Nginx shows:

[error] 27#27: *10 connect() failed (111: Connection refused) while connecting to upstream, client: [my IP address], server: a.my.domain.com, request: "GET / HTTP/1.1", upstream: "http://[local IP address]:8001/", host: "a.my.domain.com"

So I'm assuming there's some sort of conflict. Because if I run Application A in isolation and access it directly through http://a.my.domain.com:8001 , it works fine.

Any ideas? Suggestions on a better setup are also welcome, though I vastly prefer ease of maintenance over performance. I don't want to keep both applications in the same repository. I don't want to rely on the third ("main") reverse proxy, I just want to be able to quickly add more applications on the same server if need be and proxy to one or the other depending on the subdomain of the request.

Edit: If I switch the order in which the applications are built and run, Application B will return 502 Bad Gateway instead of Application A, so the issue is not with either of the applications.

Answer 1

There were a couple of problems: Container names were the same, the configuration for channels was outdated. This was a very specific case, so I doubt this will be helpful to anyone, but I gave each service of each compose file a unique name and made sure that there were no port conflicts. I also changed the compose files so that port 8001 maps to port 80, for example, so the nginx configuration doesn't need to be aware of any unusual port numbers. I updated the channels configuration to reflect the new container names, and now it's working.