Score:0

Nginx does not open specified listen port

cn flag

I am trying to proxy SSH traffic from nginx (listening on port 7999) to a bitbucket server (listening on port 7998) on the back-end. Both nginx and bitbucket are running inside Docker containers. If I login to the nginx container and do telnet bitbucket.domain-name.com 7998 it connects. On the host machine if I do netstat -pnlt I get:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::2377                 :::*                    LISTEN      24477/dockerd       
tcp6       0      0 :::7946                 :::*                    LISTEN      24477/dockerd       
tcp6       0      0 :::80                   :::*                    LISTEN      24477/dockerd       
tcp6       0      0 :::443                  :::*                    LISTEN      24477/dockerd       
tcp6       0      0 :::7999                 :::*                    LISTEN      24477/dockerd   

But, I when I do this on my computer: git clone ssh://[email protected]:7999/project_key/repo_name.git I get

Cloning into 'repo_name'...
ssh: connect to host domain-name.com port 7999: Connection refused
fatal: Could not read from remote repository.

And when I do telnet domain-name.com 7999 I get telnet: Unable to connect to remote host: Connection refused.

It seems the problem is nginx is not listening on port 7999 inside the docker container. But, on the host I can see dockerd is listening on port 7999. I imagine I might not have the nginx config correct, but am not sure. Here are the relevant bits from the config files.

docker-compose.yaml (nginx)

services:
    nginx:
        ports:
            - "80:8080"
            - "443:8443"
            - "7999:7997"

nginx.conf (inside the nginx container)

stream {
    server {
        listen 7997;
        proxy_pass bitbucket1.cybertron.ninja:7998;
    }
}

And here's some output executed inside the nginx container:

root@6d123f454eef:/# netstat -pnlt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name                                                                        
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      10/nginx: master pr                                                                     
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      10/nginx: master pr                                                                     
tcp        0      0 127.0.0.11:44703        0.0.0.0:*               LISTEN      -            

Any ideas how to fix this issue? I'm stumped.

tilleyc avatar
us flag
Do you have iptables, firewalld, or any other firewall running?
in flag
Looks like nginx is not reading your config file. Where did you put it? Is it included in the main config?
cn flag
@tilleyc iptables is running, but no custom rules are defined, only the ones automatically defined by dockerd.
cn flag
@GeraldSchneider here is an excerpt from `docker-compose.yaml`: volumes: - ./configs/nginx:/etc/nginx/conf.d:ro. I can confirm that nginx is indeed reading its config files. If it wasn't it would not proxy ports 80->8080 or 443->8443.
in flag
Your netstat output from inside the container does not show the port 7997 from your config. If you added that config later, did you restart the container?
sur.la.route avatar
lb flag
In my case I had forgotten to allow the port w/ ufw... :|
Score:1
in flag

I just set up a testing environment for your case with the little information you provide. Assuming what you provided is everything you changed, this can't work.

The default nginx.conf inside the official nginx container has the include directive inside a http block:

http {
    # ...
    include /etc/nginx/conf.d/*.conf;
}

If you just place your .conf file into the conf.d directory nginx will fail with the following error message:

2021/09/23 05:58:30 [emerg] 1#1: "stream" directive is not allowed here in /etc/nginx/conf.d/blah.conf:1

Since your nginx is running I can only assume you placed the config into the directory after it started and didn't restart or reload nginx.

The stream directive must be in the root of the configuration, you need to provide a modified nginx.conf as well.

Copy the nginx.conf from your container:

docker cp test_nginx_1:/etc/nginx/nginx.conf .

Add your config there, or add a second include directive with a separate directory and mount it as a volume as well:

For example, add outside of the http {} block:

include /etc/nginx/conf.stream.d/*.conf;

Add this into your docker-compose.yml

services:
nginx:
    image: nginx
    volumes:
        - ./config/nginx.conf:/etc/nginx/nginx.conf:ro
        - ./config/nginx:/etc/nginx/conf.d:ro
        - ./config/nginx_stream:/etc/nginx/conf.stream.d:ro

run docker-compose up -d, and it works.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.