No. I can confirm that both containers can access each others. because I already exposed port 9000 and 12900
# in nginx container root@nginx:/# telnet 172.17.0.1 9000 Trying 172.17.0.1... Connected to 172.17.0.1. Escape character is '^]'. ^] telnet> quit Connection closed. root@nginx:/# telnet 172.17.0.1 12900 Trying 172.17.0.1... Connected to 172.17.0.1. Escape character is '^]'. ^] telnet> quit Connection closed. root@nginx:/# Jirayut On Thursday, May 26, 2016 at 5:49:53 PM UTC+7, Martin René Mortensen wrote: > > 2 separate containers dont have access to eachothers resrouces unless they > are linked. This would explain the connection refused. > > Read all about it: https://docs.docker.com/compose/link-env-deprecated/ > (this is the old method, for pre docker 1.10) > > Brgds. > Martin > > On Thursday, 26 May 2016 11:03:37 UTC+2, Jirayut Nimsaeng wrote: >> >> Nginx is a completely separate container from the graylog. So no linked >> container and nginx need to access to graylog with the graylog exposed >> ports 9000 and 12900. >> >> Jirayut >> >> On Thursday, May 26, 2016 at 3:58:00 PM UTC+7, Martin René Mortensen >> wrote: >>> >>> I think your rest and web listen uri has to have port number configured. >>> Thats also the problem, there is no listener on the port you proxy to. >>> >>> Is the nginx in a separate linked docker container? on the docker host? >>> in the graylog container? You have to expose the ports correctly if the >>> nginx is not in the same docker container as the graylog server. >>> >>> Brgds. >>> Martin >>> >>> On Thursday, 26 May 2016 09:13:32 UTC+2, Jirayut Nimsaeng wrote: >>>> >>>> I'm using graylog2/server:2.0.1-2 docker image from here >>>> https://hub.docker.com/r/graylog2/server/. So I'm going to do >>>> everything behind the nginx reverse proxy with https to secure >>>> communication both web interface and rest api. This is my nginx >>>> configuration >>>> >>>> server { >>>> listen 80; >>>> server_name graylog.example.com; >>>> ## redirect http to https ## >>>> rewrite ^ https://graylog.example.com$request_uri? permanent; >>>> } >>>> >>>> server { >>>> >>>> listen 443 ssl; >>>> >>>> ssl on; >>>> ssl_certificate_key /etc/nginx/certs/graylog.example.com.key; >>>> ssl_certificate /etc/nginx/certs/graylog.example.com.crt; >>>> >>>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; >>>> ssl_prefer_server_ciphers on; >>>> ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; >>>> ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 >>>> ssl_session_cache shared:SSL:10m; >>>> ssl_session_tickets off; # Requires nginx >= 1.5.9 >>>> ssl_stapling on; # Requires nginx >= 1.3.7 >>>> ssl_stapling_verify on; # Requires nginx => 1.3.7 >>>> resolver 8.8.4.4 8.8.8.8 valid=300s; >>>> resolver_timeout 5s; >>>> #add_header Strict-Transport-Security "max-age=63072000; >>>> includeSubdomains; preload"; >>>> #add_header X-Frame-Options DENY; >>>> #add_header X-Content-Type-Options nosniff; >>>> >>>> ssl_dhparam /etc/nginx/certs/dhparam.pem; >>>> >>>> chunked_transfer_encoding on; >>>> >>>> server_name graylog.example.com; >>>> server_tokens off; ## Don't show the nginx version number, a >>>> security best practice >>>> >>>> ## Increase this if you want to upload large attachments >>>> client_max_body_size 0; >>>> >>>> ## Individual nginx logs for this vhost >>>> access_log /var/log/nginx/graylog.example.com_access.log; >>>> error_log /var/log/nginx/graylog.example.com_error.log; >>>> >>>> location / { >>>> include proxy_params; >>>> proxy_pass http://graylog_web_backend; >>>> } >>>> location /api { >>>> rewrite ^/api(.*)$ $1 break; >>>> include proxy_params; >>>> proxy_pass http://graylog_api_backend; >>>> } >>>> } >>>> >>>> upstream graylog_web_backend { >>>> server 172.17.0.1:9000; >>>> } >>>> upstream graylog_api_backend { >>>> server 172.17.0.1:12900; >>>> } >>>> >>>> This is environment that I used to config graylog container >>>> >>>> GRAYLOG_PASSWORD_SECRET: CHANGEME >>>> GRAYLOG_REST_TRANSPORT_URI: https://graylog.example.com/ >>>> GRAYLOG_WEB_ENDPOINT_URI: https://graylog.example.com/api/ >>>> >>>> I can access to web interface and logged in to graylog. But if I access >>>> to System / Overview page. I got this message log from docker logs -f >>>> graylog command >>>> >>>> 2016-05-26 06:00:51,111 WARN : org.graylog2.shared.rest.resources. >>>> ProxiedResource - Unable to call https:// >>>> graylog.example.com:12900/system/metrics/multiple on node >>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>> (class java.net.SocketTimeoutException) >>>> 2016-05-26 06:00:52,934 WARN : org.graylog2.shared.rest.resources. >>>> ProxiedResource - Unable to call https:// >>>> graylog.example.com:12900/system/jobs on node >>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>> (class java.net.SocketTimeoutException) >>>> 2016-05-26 06:00:52,975 WARN : org.graylog2.shared.rest.resources. >>>> ProxiedResource - Unable to call https:// >>>> graylog.example.com:12900/system/metrics/multiple on node >>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>> (class java.net.SocketTimeoutException) >>>> 2016-05-26 06:00:54,897 WARN : org.graylog2.shared.rest.resources. >>>> ProxiedResource - Unable to call https:// >>>> graylog.example.com:12900/system/metrics/multiple on node >>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>> (class java.net.SocketTimeoutException) >>>> 2016-05-26 06:00:56,912 WARN : org.graylog2.shared.rest.resources. >>>> ProxiedResource - Unable to call https:// >>>> graylog.example.com:12900/system/metrics/multiple on node >>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>> (class java.net.SocketTimeoutException) >>>> >>>> So I assume that the system still think that rest api still at port >>>> 12900. Anyone try this before? any work around? Or any proper way to do >>>> this? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fde3928c-4fcc-49b1-aec2-b918f1662ef3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
