0

So here's what I'm trying to do:

Nginx container linked to -> Rails container running Puma

Using docker-compose, this solution works great. I'm able to start both containers and the NGINX container has access to the service running on port 3000 in the linked container. I've been working through lots of headaches when moving this to AWS ECS, unfortunately.

First, the relevant bits of the Dockerfile for Rails:

ENV RAILS_ROOT /www/apps/myapp

RUN mkdir -p $RAILS_ROOT
WORKDIR $RAILS_ROOT

.... lots of files get put in their proper places ....

EXPOSE 3000

VOLUME [/www/apps/myapp/]

CMD puma -C config/puma.rb'

I confirmed that puma is starting as expected and appears to be serving tcp traffic on port 3000.

Relevant parts of my nginx config:

upstream puma {
fail_timeout=0;
  server myapp:3000;
}

server {
  listen 80 default deferred;

  server_name *.myapp.com;

  location ~ (\.php$|\.aspx$|wp-admin|myadmin) {
    return 403;
  }    

  root /www/apps/myapp/public;
  try_files $uri/index.html $uri @puma;

Nginx dockerfile:

ENV RAILS_ROOT /www/apps/myapp

# Set our working directory inside the image
WORKDIR $RAILS_ROOT

EXPOSE 80

Here's my ECS task definition:

{
"family": "myapp",
"containerDefinitions": [
{
    "name": "web",
    "image": "%REPOSITORY_URI%:nginx-staging",
    "cpu": 512,
    "memory": 512,
    "portMappings": [
    {
        "containerPort": 80,
        "protocol": "tcp"
    },
    {
        "containerPort": 443,
        "protocol": "tcp"
    }
],
"links": [
    "myapp"
],
"volumesFrom": [
    {
        "sourceContainer": "myapp",
        "readOnly": false
    }
],        
"essential": true,      
"logConfiguration": {
    "logDriver": "awslogs",
    "options": {
        "awslogs-group": "awslogs-myapp-staging",
        "awslogs-region": "us-west-2",
        "awslogs-stream-prefix": "awslogs-myapp-nginx"
    }
}
},
{
    "image": "%REPOSITORY_URI%:v_%BUILD_NUMBER%",
    "name": "myapp",
    "cpu": 2048,
    "memory": 2056,
    "essential": true,
    ...bunch of environment variables, etc.
}

I am able to ping the myapp container from inside my nginx container, so I don't think it's a security group issue.

mcheshier
  • 715
  • 4
  • 13
  • Does your myapp container include the portMapping for 3000 - you truncated your task definition for myapp - I assume its missing - hence you can ping myapp but not connect to 3000 – abdollar Aug 17 '17 at 05:32
  • See if this helps you ? https://stackoverflow.com/questions/34517265/linking-containers-between-task-definitions-in-aws-ecs – Tarun Lalwani Aug 17 '17 at 09:25
  • The containers are in the same task definition so I shouldn't need to map the port or do any weird service discovery. I'm trying to pattern my solution off of this: https://aws.amazon.com/blogs/compute/nginx-reverse-proxy-sidecar-container-on-amazon-ecs/ I will dig into docker networking on ECS though, maybe there's a solution there. – mcheshier Aug 17 '17 at 16:03
  • Update: thinking this was some bizarre networking issue, I tried to use unix sockets in Puma & Nginx instead of linked ports. Same situation: works great in docker-compose on my machine, fails in ECS. – mcheshier Aug 17 '17 at 21:48

1 Answers1

0

This turned out to be an AWS security group issue. I had foolishly expected the Rails app to perhaps alert me that it couldn't reach the database, but instead it just hung there forever until I manually started it with rails c. Then I got the timeout which led to speedy resolution.

mcheshier
  • 715
  • 4
  • 13