18

I have a service (docker registry) that runs on port 5000, I have installed nginx to redirect http request from 8080 to 5000. If I make a curl to localhost:5000 it works, but when I make a curl to localhost:8080 I get a Bad gateway error.

nginx config file:

upstream docker-registry {
 server localhost:5000;
}

server {
 listen 8080;
 server_name registry.mydomain.com;

 proxy_set_header Host       $http_host; 
 proxy_set_header X-Real-IP  $remote_addr; 
 client_max_body_size 0; 
 chunked_transfer_encoding on;

 location / {

     proxy_pass http://docker-registry;
 }
 location /_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }
 location /v1/_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }

}

In /var/log/nginx/error.log I have:

[crit] 15595#0: *1 connect() to [::1]:5000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: registry.mydomain.com, request: "GET / HTTP/1.1", upstream: "http://[::1]:5000/", host: "localhost:8080"

Any idea?

Badr Oyd
  • 335
  • 1
  • 2
  • 16
stecog
  • 2,221
  • 10
  • 29
  • 39
  • In my case, my service that I was proxying died (and I didn't realize it) in the middle of me using it. One second I was accessing it, the next second I got bad gateway. I had to restart the service. – Michael Plautz Feb 18 '17 at 04:17

2 Answers2

59

I assume its a Linux box, so most likely SELinux is preventing the connection as there is no policy allowing the connection.

You should be able to just run

# setsebool -P httpd_can_network_connect true

and then restart nginx.

Warren
  • 691
  • 4
  • 2
5

Based on the error message, it makes me wonder if localhost:5000 is being resolved as an ipv6 address, which you may not want. You could try changing that to 127.0.0.1:5000

EDIT: In your proxy_pass line, it is possible you are missing part of the URL? Try adding $request_uri so it could be:

proxy_pass http://docker-registry/$request_uri;

or probably:

proxy_pass http://docker-registry$request_uri;

Not sure which one is most correct.

Another thing to consider. Your config indicates:

server_name registry.mydomain.com;

So, localhost:8080 may not be matched. For testing, you could change this to:

server_name registry.mydomain.com localhost;

Then the localhost:8080 would be matched, as well as your domain. I assume registry.mydomain.com is just an example and you would put your real server FQDN in there.

Gregor
  • 1,219
  • 10
  • 16
  • Not work, set `127.0.0.1:5000`and i have tried with only `server_name localhost` and `server_name registry.mydomain.com` (trying from another server in the same lan with hostname `registry.mydomain.com` in /etc/hosts), and both, but nothing...same error – stecog Apr 18 '15 at 07:21
  • Whit registry.mydomain.com `[crit] 16839#0: *5 connect() to 127.0.0.1:5000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: registry.mydomain,com request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "localhost:8080"`, with localhost: `[crit] 16839#0: *5 connect() to 127.0.0.1:5000 failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "localhost:8080"` – stecog Apr 18 '15 at 07:30