A few weeks ago I ran into a problem when trying to route traffic from an NGINX (web server) container through a UNIX socker. I have been trying to figure out what I have done wrong ever since through forums etc, but, have had no luck. I assume its a misunderstanding I have in the routing of traffic through a container, I would be very grateful for your help.
Here’s details of the issue:
This is my (shortened) ~/docker-compose.yml file:
services:
nginx:
image: nginx:latest
container_name: my-nginx
ports:
- "127.0.0.1:80:80"
volumes:
- /var/run/nginx/:/var/run/nginx/
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./html:/usr/share/nginx/html:ro
restart: unless-stopped"
Here I have bound the HTTP port (80) the container is listening on to port 80 on the host which is bound to the loopback interface.
This is the relevant section of my ~/nginx.conf file:
server {
listen unix:/var/run/nginx/project1.sock;
server_name myrandomaddress.onion;
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ =404;
index index.html;"
Here I have set the NGINX server to listen on the unix socket in the directory /var/run/nginx/.
This is the relevant section of my /etc/for/torrc file:
HiddenServiceDir /var/lib/tor/project1/
HiddenServicePort 80 unix:/var/run/nginx/project1.sock
Which directs any incoming connections to the domian through port 80 to the unix socket file in /var/run/nginx.
So I really do not understand what is going wrong:
- torr/ → sets incoming connections on virtual port 80 to the unix socket file
- nginx.conf/ → sets the nginx container to listen through the unix socket file
- docker-compose.yml/ → binds the http port to localhost only so that the domain can only be reached from the local machine (as desired) & it directly binds the (.sock) socket made in the container to the socket tor is listening to on the host
On paper it seems to me that everything is configured correctly and I cannot spot what is going wrong; I would be grateful for any guidance you can provide.
Below is a run-through of the failure for refernce:
user@machine:~$ ls /var/run/nginx/
polarista1.sock
user@machine:~$ sudo rm -rf /var/run/nginx/*
user@machine:~$ sudo systemctl restart tor
user@machine:~$ sudo docker compose up
[+] Running 2/2
✔ Network xx_default Created 0.0s
✔ Container my-nginx Created 0.0s
Attaching to my-nginx
my-nginx | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
my-nginx | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ my-nginx | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
my-nginx | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
my-nginx | 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
my-nginx | /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
my-nginx | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
my-nginx | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
my-nginx | /docker-entrypoint.sh: Configuration complete; ready for start up
my-nginx | nginx: [emerg] bind() to unix:/var/run/nginx/project1.sock failed (98: Address already in use)
my-nginx | nginx: [emerg] bind() to unix:/var/run/nginx/project1.sock failed (98: Address already in use)
my-nginx | nginx: [emerg] bind() to unix:/var/run/nginx/project1.sock failed (98: Address already in use)
my-nginx | nginx: [emerg] bind() to unix:/var/run/nginx/project1.sock failed (98: Address already in use)
my-nginx | nginx: [emerg] bind() to unix:/var/run/nginx/project1.sock failed (98: Address already in use)
my-nginx | nginx: [emerg] still could not bind()
my-nginx exited with code 0
Here are the permissions set just to note that this is probably not a permissions issue:
./docker-compose.yml is 664 user:user
./nginx.conf is 664 user:user
./nginx.cache - all files inside this directory are 700 message bus:user
./nginx.logs - all files inside this are 750 user:user
sudo ls -ld /var/run/nginx
drwxr-xr-x 2 debian-tor debian-tor /var/run/nginx
Grateful for any help you can provide & kind regards,
tor_samurai.