Bind server running in docker to domain

Question

Background - the Web App

I've got a containerized app running in docker on an Ubuntu host on port 8090. Here's the docker compose file that ties together the backend, the Postgres server and the Vue+Nginx frontend:

version: "3.8"

services:
  # DATABASE BACKEND
  use_db:
    container_name: use_db
    image: postgres:14.2
    expose:
      - "5433"
    ports:
      - "5433:5433"
    environment:
      # POSTGRES_HOST_AUTH_METHOD: "trust"
      POSTGRES_USER: "postgres"
      POSTGRES_PASSWORD: "blabla"
      POSTGRES_DB: "use_db"
    command: "-p 5433"
    restart: always
    volumes: 
      - db:/var/lib/postgresql/data

  # FRONT END (LOOKING TO INTERNET)
  use_frontend:
    container_name: 'use_frontend'
    build: 
      context: ./admin
      dockerfile: Dockerfile
    restart: always
    depends_on:
      - use_backend
    ports:
      - 8090:80                       # port forwarding = HOST:DOCKER

  # BACKEND (FASTAPI)
  use_backend:
    container_name: 'use_backend'
    build: 
      context: ./api
      dockerfile: Dockerfile
    restart: always
    depends_on:
      - use_db
    environment:
      DATABASE_URL: "postgres://....."
      HOST_LOCATION: "http://<HOST IP>:8090"          
    command: gunicorn --bind 0.0.0.0:8000 -k uvicorn.workers.UvicornWorker main:app
volumes:
  db:
    driver: local

So when the docker containers are started with docker compose up -d , I can access the web app at <HOST>:8090 .

Inside the frontend container, the Nginx conf looks like this:

events {}

http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen 80;
        root  /usr/share/nginx/html;
        include /etc/nginx/mime.types;
        client_max_body_size 20M;

        location / {
            try_files $uri /index.html;
        }

        location /api/ {
            proxy_pass                      http://use_backend:8000/;
            proxy_http_version              1.1;
            proxy_set_header                Host             $host;
            proxy_set_header                X-Real-IP        $remote_addr;
            proxy_set_header                X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_read_timeout              1800;
            proxy_connect_timeout           1800;
        }

        location /ws/ {
            proxy_pass                      http://use_backend:8000;
            proxy_http_version              1.1;
            proxy_set_header                Upgrade          $http_upgrade;
            proxy_set_header                Connection       "Upgrade";
            proxy_set_header                Host             $host;
            proxy_set_header                X-Real-IP        $remote_addr;
            proxy_set_header                X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_read_timeout              1800;
            proxy_connect_timeout           1800;
        }

    }
}

Goal

Now my next goal is to access the web app via a normal URL. The host machine has a paid domain name tied to one of its user accounts, let's call it example.com . So there's a dummy index.html sitting in /home/example.com/ that can be replaced with a real web app to be accessed from the Inte.net as https://example.com .

There's also a Nginx server running directly on the host whose config is located in /etc/nginx/nginx.conf and is as follows:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        client_max_body_size 512M;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POOD                                                         LE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;        

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        # include /etc/nginx/sites-enabled/*;
}

When I check the open ports containing 80 ( lsof -n -i -P | grep 80 ) I get:

nginx     167921            root   11u  IPv4 1381601      0t0  TCP *:80 (LISTEN)
nginx     167922        www-data   11u  IPv4 1381601      0t0  TCP *:80 (LISTEN)
nginx     167923        www-data   11u  IPv4 1381601      0t0  TCP *:80 (LISTEN)
nginx     167924        www-data   11u  IPv4 1381601      0t0  TCP *:80 (LISTEN)
nginx     167925        www-data   11u  IPv4 1381601      0t0  TCP *:80 (LISTEN)

Which confirms that the Nginx service is running on the host listening on port 80 .

The Big Question

How do I bind my docker app (running on port 8090 ) to the host domain example.com (to run on default port HTTP 80 / HTTPS 8080 ) so I can access the app from https://example.com ?

Answer 1

You can:

• Stop nginx on your host and publish your Docker container on host port 80 and 443:

   ports: - 80:80 - 443:443

  This assumes that your Docker application already has an TLS listener on port 443 (whether it does or not is not clear from your question).

• Configure nginx to proxy requests to your container. Eg, add to your nginx configuration:

   location / { proxy_pass https://localhost:8090/; }

  In this case, you would configure nginx to listen for TLS connections on port 443 (using eg these instructions ) and have a proxy stanza for both your http and https listeners.