yeah, thats what linking is, exposing ports and pointing to the ip. But here you can hit the tcp ports, but the nginx logs show connection refused... something is not right.
On Thursday, 26 May 2016 13:06:23 UTC+2, Jirayut Nimsaeng wrote: > > No. I can confirm that both containers can access each others. because I > already exposed port 9000 and 12900 > > # in nginx container > root@nginx:/# telnet 172.17.0.1 9000 > Trying 172.17.0.1... > Connected to 172.17.0.1. > Escape character is '^]'. > ^] > telnet> quit > Connection closed. > root@nginx:/# telnet 172.17.0.1 12900 > Trying 172.17.0.1... > Connected to 172.17.0.1. > Escape character is '^]'. > ^] > telnet> quit > Connection closed. > root@nginx:/# > > Jirayut > > > On Thursday, May 26, 2016 at 5:49:53 PM UTC+7, Martin René Mortensen wrote: >> >> 2 separate containers dont have access to eachothers resrouces unless >> they are linked. This would explain the connection refused. >> >> Read all about it: https://docs.docker.com/compose/link-env-deprecated/ >> (this is the old method, for pre docker 1.10) >> >> Brgds. >> Martin >> >> On Thursday, 26 May 2016 11:03:37 UTC+2, Jirayut Nimsaeng wrote: >>> >>> Nginx is a completely separate container from the graylog. So no linked >>> container and nginx need to access to graylog with the graylog exposed >>> ports 9000 and 12900. >>> >>> Jirayut >>> >>> On Thursday, May 26, 2016 at 3:58:00 PM UTC+7, Martin René Mortensen >>> wrote: >>>> >>>> I think your rest and web listen uri has to have port number >>>> configured. Thats also the problem, there is no listener on the port you >>>> proxy to. >>>> >>>> Is the nginx in a separate linked docker container? on the docker host? >>>> in the graylog container? You have to expose the ports correctly if the >>>> nginx is not in the same docker container as the graylog server. >>>> >>>> Brgds. >>>> Martin >>>> >>>> On Thursday, 26 May 2016 09:13:32 UTC+2, Jirayut Nimsaeng wrote: >>>>> >>>>> I'm using graylog2/server:2.0.1-2 docker image from here >>>>> https://hub.docker.com/r/graylog2/server/. So I'm going to do >>>>> everything behind the nginx reverse proxy with https to secure >>>>> communication both web interface and rest api. This is my nginx >>>>> configuration >>>>> >>>>> server { >>>>> listen 80; >>>>> server_name graylog.example.com; >>>>> ## redirect http to https ## >>>>> rewrite ^ https://graylog.example.com$request_uri? permanent; >>>>> } >>>>> >>>>> server { >>>>> >>>>> listen 443 ssl; >>>>> >>>>> ssl on; >>>>> ssl_certificate_key /etc/nginx/certs/graylog.example.com.key; >>>>> ssl_certificate /etc/nginx/certs/graylog.example.com.crt; >>>>> >>>>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; >>>>> ssl_prefer_server_ciphers on; >>>>> ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; >>>>> ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 >>>>> ssl_session_cache shared:SSL:10m; >>>>> ssl_session_tickets off; # Requires nginx >= 1.5.9 >>>>> ssl_stapling on; # Requires nginx >= 1.3.7 >>>>> ssl_stapling_verify on; # Requires nginx => 1.3.7 >>>>> resolver 8.8.4.4 8.8.8.8 valid=300s; >>>>> resolver_timeout 5s; >>>>> #add_header Strict-Transport-Security "max-age=63072000; >>>>> includeSubdomains; preload"; >>>>> #add_header X-Frame-Options DENY; >>>>> #add_header X-Content-Type-Options nosniff; >>>>> >>>>> ssl_dhparam /etc/nginx/certs/dhparam.pem; >>>>> >>>>> chunked_transfer_encoding on; >>>>> >>>>> server_name graylog.example.com; >>>>> server_tokens off; ## Don't show the nginx version number, a >>>>> security best practice >>>>> >>>>> ## Increase this if you want to upload large attachments >>>>> client_max_body_size 0; >>>>> >>>>> ## Individual nginx logs for this vhost >>>>> access_log /var/log/nginx/graylog.example.com_access.log; >>>>> error_log /var/log/nginx/graylog.example.com_error.log; >>>>> >>>>> location / { >>>>> include proxy_params; >>>>> proxy_pass http://graylog_web_backend; >>>>> } >>>>> location /api { >>>>> rewrite ^/api(.*)$ $1 break; >>>>> include proxy_params; >>>>> proxy_pass http://graylog_api_backend; >>>>> } >>>>> } >>>>> >>>>> upstream graylog_web_backend { >>>>> server 172.17.0.1:9000; >>>>> } >>>>> upstream graylog_api_backend { >>>>> server 172.17.0.1:12900; >>>>> } >>>>> >>>>> This is environment that I used to config graylog container >>>>> >>>>> GRAYLOG_PASSWORD_SECRET: CHANGEME >>>>> GRAYLOG_REST_TRANSPORT_URI: https://graylog.example.com/ >>>>> GRAYLOG_WEB_ENDPOINT_URI: https://graylog.example.com/api/ >>>>> >>>>> I can access to web interface and logged in to graylog. But if I >>>>> access to System / Overview page. I got this message log from docker logs >>>>> -f graylog command >>>>> >>>>> 2016-05-26 06:00:51,111 WARN : org.graylog2.shared.rest.resources. >>>>> ProxiedResource - Unable to call https:// >>>>> graylog.example.com:12900/system/metrics/multiple on node >>>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>>> (class java.net.SocketTimeoutException) >>>>> 2016-05-26 06:00:52,934 WARN : org.graylog2.shared.rest.resources. >>>>> ProxiedResource - Unable to call https:// >>>>> graylog.example.com:12900/system/jobs on node >>>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>>> (class java.net.SocketTimeoutException) >>>>> 2016-05-26 06:00:52,975 WARN : org.graylog2.shared.rest.resources. >>>>> ProxiedResource - Unable to call https:// >>>>> graylog.example.com:12900/system/metrics/multiple on node >>>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>>> (class java.net.SocketTimeoutException) >>>>> 2016-05-26 06:00:54,897 WARN : org.graylog2.shared.rest.resources. >>>>> ProxiedResource - Unable to call https:// >>>>> graylog.example.com:12900/system/metrics/multiple on node >>>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>>> (class java.net.SocketTimeoutException) >>>>> 2016-05-26 06:00:56,912 WARN : org.graylog2.shared.rest.resources. >>>>> ProxiedResource - Unable to call https:// >>>>> graylog.example.com:12900/system/metrics/multiple on node >>>>> <e5b8ba1e-94e6-4af1-93c5-5cafb8a44800>, caught exception: Read timed out >>>>> (class java.net.SocketTimeoutException) >>>>> >>>>> So I assume that the system still think that rest api still at port >>>>> 12900. Anyone try this before? any work around? Or any proper way to do >>>>> this? >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2933b956-d10c-42b7-8453-d1263dd89f59%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
