I have set up a Dockerized environment on an Ubuntu VPS with the following components:
- A Django container serving a website (example.com).
- A Nginx container acting as a reverse proxy.
- All containers are connected to the same network named "prod_net."
- UFW (Uncomplicated Firewall) is active on the VPS.
My issue is that when I try to make a request from a container to itself via the internet using a command like:
docker exec -it django curl https://example.com/media/image.png --output img.png
I receive a "connection refused" error. However, if I disable UFW, the command succeeds.
My Docker Compose files and Nginx reverse proxy is as follows:
- Created a Docker Compose file for the reverse proxy and Let's Encrypt companion.
version: "3.7"
services:
reverse-proxy:
image: "jwilder/nginx-proxy:latest"
container_name: "reverse-proxy"
volumes:
- "html:/usr/share/nginx/html"
- "dhparam:/etc/nginx/dhparam"
- "vhost:/etc/nginx/vhost.d"
- "certs:/etc/nginx/certs"
- "/run/docker.sock:/tmp/docker.sock:ro"
- "./config/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro"
restart: "always"
networks:
- "prod_net"
ports:
- "80:80"
- "443:443"
letsencrypt:
image: "jrcs/letsencrypt-nginx-proxy-companion:latest"
container_name: "letsencrypt-helper"
volumes:
- "html:/usr/share/nginx/html"
- "dhparam:/etc/nginx/dhparam"
- "vhost:/etc/nginx/vhost.d"
- "certs:/etc/nginx/certs"
- "/run/docker.sock:/var/run/docker.sock:ro"
environment:
NGINX_PROXY_CONTAINER: "reverse-proxy"
DEFAULT_EMAIL: "[email protected]"
restart: "always"
depends_on:
- "reverse-proxy"
networks:
- "prod_net"
networks:
prod_net:
external: true
2- The following is docker-compose for django container and another nginx serving django
version: "3.9"
services:
nginx_django:
container_name: nginx_django:
build: ./docker/nginx
environment:
VIRTUAL_HOST: example.com
LETSENCRYPT_HOST: example.com
volumes:
- .:/var/www/html
- ./templates/static:/var/www/html/templates/static
working_dir: /etc/nginx
links:
- django
networks:
- "prod_net"
django:
container_name: django:
build: ./docker/python
volumes:
- .:/var/www/html
- ./templates/static:/var/www/html/templates/static
working_dir: /var/www/html
networks:
- "prod_net"
networks:
prod_net:
external: true
volumes:
certs:
html:
vhost:
dhparam:
And the following is nginx_django config file:
upstream django {
server unix:///var/www/html/catalog.sock;
}
server {
listen 80;
server_name example.com;
location /media {
alias /var/www/html/media;
client_max_body_size 1024M;
}
location /static {
alias /var/www/html/templates/static;
}
location / {
uwsgi_pass django;
include /var/www/html/uwsgi_params;
}
proxy_connect_timeout 120;
proxy_send_timeout 120;
proxy_read_timeout 120;
send_timeout 120;
client_body_timeout 120;
}
server {
listen 443;
server_name example.com;
location /media {
alias /var/www/html/media;
client_max_body_size 1024M;
}
location /static {
alias /var/www/html/templates/static;
}
location / {
uwsgi_pass django;
include /var/www/html/uwsgi_params;
}
proxy_connect_timeout 120;
proxy_send_timeout 120;
proxy_read_timeout 120;
send_timeout 120;
client_body_timeout 120;
}
With disabled ufw the problem is resolved. But I expect that, with UFW enabled, I should be able to make requests from a container to itself via the internet without encountering a "connection refused" error