Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx return file not found with nginx-proxy #1576

Open
cod3rshotout opened this issue Mar 30, 2021 · 2 comments
Open

nginx return file not found with nginx-proxy #1576

cod3rshotout opened this issue Mar 30, 2021 · 2 comments

Comments

@cod3rshotout
Copy link

I'm using nginx-proxy to run multiple sites/app on a single nginx instance. So far, I was able to run a static site and a nodejs application without problems but I'm facing an issue with a php application created with codeigniter.

Essentially the project structure looks like this:

nginx
    nginx-proxy
       docker-compose.yml
    php-application
       docker-compose.yml

inside the nginx-proxy/docker-compose.yml I have the content suggested by the author:

version: '3.6'
services:
  nginx:
    image: nginx
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    container_name: nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro

  nginx-gen:
    image: jwilder/docker-gen
    command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    container_name: nginx-gen
    restart: unless-stopped
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    restart: unless-stopped
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
      NGINX_PROXY_CONTAINER: "nginx"
networks:
  default:
    external:
      name: nginx-proxy

this actually contains the nginx service, the nginx-gen which check if there are new configuration on the proxy network and generate the ssl certificate automatically through the nginx-letsencrypt.

Inside the php-application/docker-compose.yml I have this:

version: '3.7'

services:
  php-fpm:
    container_name: boilerplate_app
    restart: always
    build:
      context: .
      dockerfile: ./docker/php-fpm/Dockerfile
    volumes:
      - ./src:/var/www/html
    environment:
      # NGINX-PROXY ENVIRONMENT VARIABLES: UPDATE ME
      - VIRTUAL_HOST=mysite.com
      - VIRTUAL_ROOT=/var/www/html
      - VIRTUAL_PORT=9000
      - VIRTUAL_PROTO=fastcgi
      - LETSENCRYPT_HOST=mysite.com
      - LETSENCRYPT_EMAIL=info@mysite.it
      # /END NGINX-PROXY ENVIRONMENT VARIABLES
    ports:
      - '9000:80'
    expose:
      - 9000
    networks:
      - proxy

  #nginx:
  #  container_name: boilerplate_nginx
  #  build: ./docker/nginx
  #  restart: always
  #  volumes:
  #    - ./src:/var/www/html
     # - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
     # - ./docker/nginx/sites/:/etc/nginx/sites-available
     # - ./docker/nginx/conf.d/:/etc/nginx/conf.d
  #  ports:
  #    - '8880:80'
  #  depends_on:
  #    - php-fpm
  #  networks:
  #    - proxy

  database:
    container_name: boilerplate_db
    restart: always
    build:
      context: ./docker/database
    environment:
      - MYSQL_DATABASE=boilerplate
      - MYSQL_USER=user
      - MYSQL_PASSWORD=secret
      - MYSQL_ROOT_PASSWORD=secret
    volumes:
      - ./docker/database/data.sql:/docker-entrypoint-initdb.d/data.sql

  phpmyadmin:
    container_name: boilerplate_phpmyadmin
    image: phpmyadmin/phpmyadmin
    restart: always
    ports:
      - 8088:80
    environment:
      - PMA_HOST=database
      - MYSQL_USER=user
      - MYSQL_PASSWORD=secret
      - MYSQL_ROOT_PASSWORD=secret
    depends_on:
      - database

networks:
  proxy:
    external:
      name: nginx-proxy

The php application runs over php-fpm specifically on the port 9000 using fastcgi, for this I used the following directives:

  - VIRTUAL_ROOT=/var/www/html/public
  - VIRTUAL_PORT=9000
  - VIRTUAL_PROTO=fastcgi

to make it working, I also specified the VIRTUAL_ROOT that should redirect all the request on the index.php which is available in this directory /var/www/html/public. Project structure:

php-application
    src
        node_modules
        app
        public
        tests
        vendor
        writable
        .env
        composer.json
        package.json
        spark

the problem's that when I start the php-application container using docker-compose up --build -d, I get this when I visit mysite.com (hide for privacy the real domain):

File not found.

Inspecting the nginx log using sudo docker logs -f nginx I get:

[error] 30#30: *39 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 2.38.140.109, server: mysite.com, request: "GET / HTTP/2.0", upstream: "fastcgi://172.28.0.7:9000", host: "mysite.com"
mysite.com 2.38.140.109 - - [29/Mar/2021:17:52:31 +0000] "GET / HTTP/2.0" 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.63"

what I did wrong?

UPDATE:

output of /var/log/nginx/error.lg

2021/03/30 10:53:22 [notice] 98#98: signal process started
2021/03/30 10:53:32 [warn] 99#99: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/etc/nginx/certs/example.com.crt"
2021/03/30 10:53:32 [error] 99#99: *305 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 212.171.224.237, server: example.com, request: "GET / HTTP/2.0", upstream: "fastcgi://172.28.0.7:9000", host: "example.com"
2021/03/30 10:53:32 [error] 99#99: *305 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 212.171.224.237, server: example.com, request: "GET /favicon.ico HTTP/2.0", upstream: "fastcgi://172.28.0.7:9000", host: "example.com", referrer: "https://example.com/"

UPDATE 2

/etc/resolve.conf

enter image description here
@pedro2555
Copy link

Does restarting the docker daemon solve this?

@Hattshire
Copy link

In a similar setup I discovered that the template probably doesn't set the right fastcgi_params.
Here:

nginx-proxy/nginx.tmpl

Lines 63 to 67 in c4ad18f

{{ else if eq .Proto "fastcgi" }}
root {{ trim .VhostRoot }};
include fastcgi_params;
fastcgi_pass {{ trim .Upstream }};
{{ else if eq .Proto "grpc" }}

Adding the following line allows php-fpm to know which file to process:

  {{ else if eq .Proto "fastcgi" }} 
  	root   {{ trim .VhostRoot }}; 
  	include fastcgi_params; 
+       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  	fastcgi_pass {{ trim .Upstream }}; 
  {{ else if eq .Proto "grpc" }}

Also, this redirects every request to the fastcgi container, including '/', and php-fpm obviously refuses to serve them:

[16-Jun-2022 21:16:17] NOTICE: fpm is running, pid 1
[16-Jun-2022 21:16:17] NOTICE: ready to handle connections
172.20.0.2 -  16/Jun/2022:21:39:41 +0000 "GET /" 404
172.20.0.2 -  16/Jun/2022:21:39:42 +0000 "GET /favicon.ico" 404
NOTICE: Access to the script '/var/www/html/index.html' has been denied (see security.limit_extensions)
172.20.0.2 -  16/Jun/2022:21:39:48 +0000 "GET /index.html" 403
172.20.0.2 -  16/Jun/2022:21:39:53 +0000 "GET /index.php" 200

I think the template needs an additional location block on fastcgi server generation for scripts only or non-script files, with a env.var for the container like VIRTUAL_EXTS with a specification of allowed file extensions to set the right location path.

docker-compose.yml block

app:
    image: next-fpm
    volumes:
      - data:/var/www/html
    environment:
      - VIRTUAL_HOST=next.domain
      - LETSENCRYPT_HOST=next.domain
      - VIRTUAL_PROTO=fastcgi
      - VIRTUAL_ROOT=/var/www/html
      - VIRTUAL_DEST=/var/www/html

Generated server config

server {
        server_name next.domain;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/next.domain.crt;
        ssl_certificate_key /etc/nginx/certs/next.domain.key;
        ssl_dhparam /etc/nginx/certs/next.domain.dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/certs/next.domain.chain.pem;
        add_header Strict-Transport-Security "max-age=31536000" always;
        include /etc/nginx/vhost.d/default;
        location / {
                root   /var/www/html;
                include fastcgi_params;
                fastcgi_pass next.domain;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pedro2555 @Hattshire @cod3rshotout