Question 98401 in Nginx Question posted in
The official documentation can be found here.

ECS multi container setup – Nginx

I need help with the following scenario. I have three containers which need to run on ECS with alb in front. I have nginx-frontend, php, nginx-backend. Both nginx containers depend on the php container. I only want to expose the frontend container. How can I tie them together without added alb’s in front of each?

I use terraform to configure all parts including (ALB,ECR, ECS, …) I wanted to know how can I connect the containers without having each with an alb in front.

Localy I run them with docker-compose.

Tags:

3

Answers


  1. 0

    This is a somewhat broad question but I’ll try to give an answer that guides you in the right direction.

    You can try using a infrastructure as code (IaC) to quickly get something working and workout what you need and what parts you don’t need. You can look at what gets deployed to see how a functional ECS infrastructure is built, it will usually involve a VPC, NAT, Security groups, Internet Gateway, ALB, ECR and more parts. Seeing all those parts getting deployed and connected can further help you understand your needs.

    Some examples of IaC running ECS:
    https://www.pulumi.com/docs/guides/crosswalk/aws/ecs/
    https://registry.terraform.io/modules/cn-terraform/ecs-fargate/aws/latest

    To answer your more specific question regarding the ALB you will only need to connect the frontend to the ALB with a target group.There is different ways of connecting your containers, service discovery is one way to create host names for each container in a private network. You can then just call your backend from your frontend similar to what you do with docker-compose.

    https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html

    Login or Signup to reply.
  2. 0

    If you have a docker compose file possibly the easiest thing to do is to create an ECS context in docker and deploy your compose file with a docker compose up. You can read more here

    Login or Signup to reply.
  3. 0

    Nginx and PHP can run side by side. A task definition in ECS can contain both of these containers with the nginx container exposing port 80 and the PHP container exposing 9000 (probably using PHP-FPM). Nginx can be used as a proxy routing requests to the PHP process.

    Example task definition (value simplified to demonstrate multi-container set up):

    {
  "containerDefinitions": [
    {
      "portMappings": [
        {
          "hostPort": 9000,
          "protocol": "tcp",
          "containerPort": 9000
        }
      ],
      "command": [
        "php-fpm"
      ],
      "image": "image-url-for-php:latest",
      "name": "php-fpm"
    },
    {
      "portMappings": [
        {
          "hostPort": 80,
          "protocol": "tcp",
          "containerPort": 80
        }
      ],
      "image": "image-url-for-nginx:latest",
      "dependsOn": [
        {
          "containerName": "php-fpm",
          "condition": "START"
        }
      ],
      "essential": true,
      "name": "nginx"
    }
  ]
}

    The nginx configuration will look something like this:

    server {
    listen 80;
    index index.php index.html;
    root /var/www/html/public; # change this to application files path
    location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass localhost:9000; # PHP container accessible via localhost:9000 if running side by side
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
    location / {
        try_files $uri $uri/ /index.php?$query_string;
        gzip_static on;
    }
}

    This task definition can then be used to create a service which the ELB can use as a target group (routing to port 80 for nginx). From there all requests will be proxied to the PHP container.

    As far as the nginx-backend the same set up can be used. However, if this service will not be exposed to public traffic, you will need to use either an Internal ELB or Service Discovery. However, the idea is that the PHP container will not need a dedicated ELB for itself.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search