Question 176725 in Docker Question posted in
The official documentation can be found here.

How do I forward traffic from NGINX to localhost elasticsearch port 9200 and kibana port 5601 via Docker?

I have setup successfully local Elasticsearch and Kibana using docker compose. They both can be accessed via https://localhost:9200 and http://localhost:5601, respectively. Now I need to setup a Nginx on top of that which will receive requests from the outside and then forward the traffic to Elasticsearch or Kibana downstream services based on the port number. For example, if the Nginx receive requests to this url https://<my_public_ip>:9220 it will forward the traffic to https://localhost:9200, if the Nginx receive requests to this url http://<my_public_ip>:5611 it will forward the traffic to http://localhost:5601.

How do I setup/configure this Nginx to do this logic using Dockerfile or Docker compose? Many thanks.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I finally worked it out here and would like to share with anyone who is looking for the same solution.

    1. I installed Elasticsearch and Kibana using Docker compose from this link https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html.

    2. I have created another Nginx docker container using different docker compose file (not merging this into #1 as I can use this for different purposes). Below is the docker compose and nginx.conf file details:

    Docker compose:

    version: "3.9"
services:
  nginx:
    container_name: nginx-app
    image: nginx
    ports:
      - '9220:9220'
      - '5611:5611'
    restart: always
    volumes:
      - ./configs/nginx.conf:/etc/nginx/nginx.conf
      - ./certs/ssl:/etc/nginx/ssl
networks:
  mycustomnetwork_default:
    external: true

    Note: mycustomnetwork_default must be the same as the one for Elasticsearch and Kibana defined in step #1 so that Nginx container can communicate with.

    nginx.conf

    http {   

    server {
        server_name localhost;
        listen      9220 ssl;
        include     ssl/self-signed.conf;
        include     ssl/ssl-params.conf;
        include     ssl/es-cert.conf;
        location / {
            # IMPORTANT: in order to access to https://es01:9200, this nginx docker container
            # must be in the same docker network as the es01, use the following command to add:
            # docker network connect <network_name> nginx-app 
            proxy_pass https://es01:9200;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
            proxy_set_header Authorization "Basic ZWxhc3RpYzpQdDIwMThOZzBjMTFfMDA=";
            # ZWxhc3RpYzpQdDIwMThOZzBjMTFfMDA= is base64 encoded string of username:password
        }
    }

    server {
        server_name localhost;
        listen      5611;
        location / {
            # IMPORTANT: in order to access to https://kibana:5601, this nginx docker container
            # must be in the same docker network as the kibana, use the following command to add:
            # docker network connect <network_name> nginx-app 
            proxy_pass http://kibana:5601;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
            proxy_set_header Authorization "Basic ZWxhc3RpYzpQdDIwMThOZzBjMTFfMDA=";
            # ZWxhc3RpYzpQdDIwMThOZzBjMTFfMDA= is base64 encoded string of username:password
        }
    }
}

events {}

  2. 0

    You need to set nginx as a proxy

      upstream elastic {
       server  nameOfYourElasticService:9200;
       keepalive  16;
  }

    then in your server section, you need to configure the proxy

     server{
    listen 443;
    # your ssl configuration
    
    location /elastic {
         proxy_pass http://accountservice; # hosttest
    }
  }

    You may have to work on the hearders to pass via proxy and be careful if elastic/kibana does some redirect because now the redirect may need to take into consideration the nginx

    another aspect is that usually, a proxy can downgrade https to http . so your server will need some certificate

    Hope it helps to guide you in the right direction

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search