Nginx connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.128.1, server: hello-1.local

dockernginxreverse-proxyssl

I am trying to setup ssl on my django + docker + nginx environment. However I encountered this error:

*19 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.128.1, server: hello-1.local, request: "GET / HTTP/1.1", upstream: "https://192.168.128.4:443/", host: "hello-1.local"

My Nginx config:

client_max_body_size 10M;

upstream web {  
  ip_hash;
  server web:443;
}

server {
    listen 80;
    server_name hello-1.local;
    return 301 https://$host$request_uri;
}

server {    
    
    location /static/ {    
        autoindex on;    
        alias /src/static/; 
    }

    location /media/ {
        autoindex on;
        alias /src/media/;
    }

``

    location / {
        proxy_pass https://web/;
    }
    
    listen 443 ssl;
    server_name hello-1.local;
    ssl_certificate /etc/certs/hello-1.local.crt;
    ssl_certificate_key /etc/certs/hello-1.local.key;
    
}

docker-compose.yml:

version: "3"

volumes:
  local_postgres_data: {}
  local_postgres_data_backups: {}

services:
  nginx:
    image: nginx:alpine
    container_name: nz01
    ports:
      - 443:443
      - 80:80
    volumes:
      - ./src:/src
      - ./config/nginx:/etc/nginx/conf.d
      - ./config/certs:/etc/certs
    depends_on:
      - web
    networks:
      - djangonetwork
  web:
    build:
      context: .
      dockerfile: compose/django/Dockerfile
    container_name: dz01
    depends_on:
      - db
    volumes:
      - ./src:/src
    expose:
      - 8000
    links:
      - redis
    env_file:
      - ./.envs/.django
    networks:
      - djangonetwork
  db:
    build:
      context: .
      dockerfile: compose/postgres/Dockerfile
    container_name: pz01
    env_file:
      - ./.envs/.postgres
    volumes:
      - local_postgres_data:/var/lib/postgresql/data
      - local_postgres_data_backups:/backups
    networks:
      - djangonetwork
  redis:
    image: redis:alpine
    container_name: rz01
    ports:
      - "6379:6379"
    networks:
      - djangonetwork

networks:
  djangonetwork:
    driver: bridge

In browser, I get 502 Bad Gateway error and without ssl, the website run well. What could be the problem?

Best Answer

So what is the upstream?

The upstream is defined here:

upstream web {  
  ip_hash;
  server web:443;
}

My first reading of this is, that the Nginx cannot properly connect to the upstream-server named web.

This can have multiple reasons:

  • your Nginx can't resolve web
  • the webserver running on web is not serving https/port 443
  • the webserver running on web does not use a valid and trusted certificate for the hostname web

Taking a look at your docker-compose.yml:

  • the application web is exposed to port 8000, but you want to connect to port 443 in Nginx, also using the wrong protocol (I guess)

So the solution would be to change you upstream-config in nginx.conf like this:

upstream web {  
  ip_hash;
  server web:8000;
}

and the location-block like this (https --> http):

location / {
    proxy_pass http://web/;
}

Regarding SSL/TLS with proxies/upstreams: Please take a look into Nginx-docs around this: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify

Related Topic