I have two containers inside a Rancher stack. One is php-fpm container which is serving an application. The second one is Nginx acting as a reverse proxy.
The nginx has following configurations mounted:
/etc/nginx/nginx.conf
user nginx;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
open_file_cache max=100;
}
/etc/nginx/conf.d/default.conf
server {
...
location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_param HTTP_PROXY "";
fastcgi_pass php:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
}
Everything works well until the php container is upgraded. From that moment on the reverse proxy returns 502 Bad Gateway. Following message is logged in the error log:
*5 connect() failed (113: Host is unreachable) while connecting to upstream,
client: 10.42.154.177, server: [hidden url],
request: "GET / HTTP/1.1", upstream: "fastcgi://10.42.241.63:9000",
host: "[hidden-url]"
So instead of using the hostname, nginx uses IP directly which obviously gets changed during container upgrade. How to make this work, always?
I could create health checks so nginx container would get recreated however my error logs get flooded with messages.
Best Answer
As it turned out, only the plus version has functionality to resolve upstream's IP through a DNS server.
I ended creating blank php file called
healthcheck.phpwhich is used by Rancher to perform regular health checks. If thephpcontainer responds with non 200/300 http code nginx container gets recreated. I also can exclude that file from the access log in the nginx configuration.That has to do I guess.