nginx-proxy returns 503 error over http and https
I would start with setting your nginx log to debug and then check to see where the request throws the 503
server {
#other config
error_log /var/logs/nginx/example.com.error.log debug;
#other config
}
Related videos on Youtube
Leo
I’m a Senior Site Reliability Engineer at Autonomic. I do Golang, Ruby, JS, Python, Elixir, as well as web scale devops with Terraform, Ansible, Kubernetes and Docker.
Updated on September 18, 2022Comments
-
Leo over 1 year
I'm setting up nginx-proxy as a reverse proxy in front of Docker container running an app server. They're defined in separate Docker compose definitions. For some reason I'm getting a
503
, but I don't know why and I've gone over thenginx-proxy
docs in detail.(I've also opened this as a github issue for
nginx-proxy
.)The app server originally served https over
443
with10443
exposed on the host. I switched to serving http over80
with10443
exposed on the host.I can curl from the app server directly, but curling through nginx-proxy throws up an error
I initially had nginx-proxy on
443
, but I switched it to80
for now.Until I added
default.crt
anddefault.key
, I was getting a connection refused error. After adding them, I'm getting a503
.curl http://foo.example.com:80/apidocs --verbose --insecure * Hostname was NOT found in DNS cache * Trying 10.x.x.x... * Connected to foo.example.com (10.x.x.x) port 80 (#0) > GET /apidocs HTTP/1.1 > User-Agent: curl/7.35.0 > Host: foo.example.com > Accept: */* > < HTTP/1.1 503 Service Temporarily Unavailable * Server nginx/1.9.12 is not blacklisted < Server: nginx/1.9.12 < Date: Thu, 21 Apr 2016 17:26:16 GMT < Content-Type: text/html < Content-Length: 213 < Connection: keep-alive < <html> <head><title>503 Service Temporarily Unavailable</title></head> <body bgcolor="white"> <center><h1>503 Service Temporarily Unavailable</h1></center> <hr><center>nginx/1.9.12</center> </body> </html> * Connection #0 to host foo.example.com left intact
Here's my compose definition for nginx-proxy. I'm using
network_mode: bridge
which is supposed to work even withversion: 2
.version: '2' # Not yet compatible with custom networks in v2 of Compose services: nginx: image: jwilder/nginx-proxy # Necessary until nginx-proxy fully supports Compose v2 networking network_mode: bridge ports: - "80:80" restart: always volumes: - "certs:/etc/nginx/certs:ro" - "nginx-log:/var/log/nginx" - "/var/run/docker.sock:/tmp/docker.sock:ro" volumes: certs: external: true nginx-log: external: true
Here's my app server composition:
version: '2' services: database: image: sameersbn/postgresql:9.4-13 restart: always # Necessary until nginx-proxy fully supports Compose v2 networking network_mode: bridge ports: - "55433:5432" environment: - DB_USER=foo - DB_PASS=... - DB_NAME=foo_staging - USERMAP_UID=1000 volumes: - "foo-data:/var/lib/postgresql" foo: image: private-registry.example.com/dswb/foo:1.4.3 restart: always container_name: "dswb-foo" links: - "database:database" # Necessary until nginx-proxy fully supports Compose v2 networking network_mode: bridge ports: - "10443:80" volumes: - "certs:/home/rails/webapp/certs" environment: # - "CERT_NAME=example.com" - "VIRTUAL_HOSTNAME=foo.example.com" - "VIRTUAL_PORT=80" - "VIRTUAL_PROTO=http" command: "bash -c 'rake db:migrate && thin --port 80 --address 0.0.0.0 start'" volumes: foo-data: driver: local certs: external: true
The certs are less relevant since I switched to port
80
to debug. I have a wildcard certificate for*.example.com
. I made a copy namedfoo.example.com
in case nginx-proxy couldn't find it. I tried both setting and not settingCERT_NAME
. I've now also generated thedhparam
stuff.root@8b02a7deb220:/etc/nginx/certs# ls -la total 48 drwxr-xr-x 2 root root 4096 Apr 21 18:15 . drwxr-xr-x 4 root root 4096 Apr 21 18:06 .. -rw------- 1 root root 3575 Apr 21 18:03 example.com.crt -rw-r--r-- 1 root root 769 Apr 21 18:03 example.com.dhparam.pem -rw------- 1 root root 1679 Apr 21 18:03 example.com.key -rw-r--r-- 1 root root 1838 Apr 21 18:03 default.crt -rw-r--r-- 1 root root 3268 Apr 21 18:03 default.key -rw------- 1 root root 3575 Apr 21 17:37 foo.example.com.crt -rw-r--r-- 1 root root 769 Apr 21 18:15 foo.example.com.dhparam.pem -rw------- 1 root root 1679 Apr 21 17:37 foo.example.com.key
This is the only thing that shows up in the nginx-proxy log when I curl:
nginx.1 | foo.example.com 10.x.x.x - - [21/Apr/2016:17:26:16 +0000] "GET /apidocs HTTP/1.1" 503 213 "-" "curl/7.35.0"
Nothing shows up in app server log, meaning it does not see the request.
How do I debug this? Are there better logs somewhere?