Can't connect to a supevisor-socket in Nginx

I have a Docker-setup with nginx and my Flask-application (app-container). The nginx-container doesn’t have anything special in it. The app-container holds my Flask-application, uWSGI and Supervisor. This container shares the volume that the uWSIG-socket is in so the nginx-container can use the socket. This works as intended, however, I can’t access the web interface for Supervisor through nginx. I can’t find anything relative to this on Google so I was hoping you guys could help me.

Here’s my config files:

  • How to search images from private 1.0 registry in docker?
  • AWS opswork docker: Missing Cookbooks:No such cookbook: docker
  • Docker push re-sends layers to private repository
  • Controlling where Docker starts incremental builds (use case: git clone inside Dockerfile)
  • Why does Docker run so many processes to map ports though to my application?
  • docker run container happens error when mapped the container's port with machine
  • docker-compose

    app:
      restart: always
      build: ./app
      command: supervisord -c /www-botillsammans-conf/supervisord.ini
      volumes:
        - '/www-botillsammans-conf'
    
    nginx:
      restart: always
      build: ./nginx
      command: nginx -c /www-botillsammans-nginx/nginx.conf
      ports:
        - '80:80'
        - '443:443'
      volumes_from:
        - 'app'
    

    nginx

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
    
    upstream flask {
        server unix:/www-botillsammans-conf/www.uwsgi.sock;
    }
    
    upstream supervisor {
        server unix:/tmp/supervisor.sock;
    }
    
    server {
        listen 443 ssl;
        server_name botillsammans.nu www.botillsammans.nu;
    
        access_log /var/log/nginx/ssl_botillsammans.access.log;
        error_log /var/log/nginx/ssl_botillsammans.error.log;
    
        server_tokens off;
    
        ssl_certificate fullchain.pem;
        ssl_certificate_key privkey.pem;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
    
        # Disable SSLv3
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        ssl_prefer_server_ciphers on;
    
        # Fix Diffie-Hellman for TLS
        # More info: https://weakdh.org/sysadmin.html
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_dhparam /www-botillsammans-nginx/ssl/dhparams.pem;
    
        add_header Strict-Transport-Security max-age=15768000;
    
        ssl_stapling on;
        ssl_stapling_verify on;
    
        ## verify chain of trust of OCSP response using Root CA and Intermediate certs
        ssl_trusted_certificate chain1.pem;
        resolver 8.8.8.8 8.8.4.4 valid=86400;
        resolver_timeout 10;
    
        location / {
            uwsgi_pass flask;
            include uwsgi_params;
            proxy_set_header X-Prerender-Token xADstXQmfnMxFZn6SXTq;
        }
    
        location /supervisor {
            proxy_pass https://supervisor;
        }
    
        location /supervisor2 {
            proxy_pass http://supervisor;
        }
    }
    

    supervisors conf
    [unix_http_server]
    file = /tmp/supervisor.sock
    chmod = 0777
    chown = 1001:500

    [supervisord]
    nodaemon = true
    pidfile = /tmp/supervisord.pid
    logfile = /var/log/supervisor/supervisor.log
    logfile_maxbytes = 10MB
    
    [supervisorctl]
    serverurl = unix:///tmp/supervisor.sock
    username = supervisor
    password = pass
    
    [program:www]
    user = supervisor
    command = uwsgi --thunder-lock --ini /www-botillsammans-conf/www.uwsgi.ini
    autostart = true
    autorestart = true
    stdout_logfile = /var/log/supervisor/www.out.log
    stderr_logfile = /var/log/supervisor/www.err.log
    stdout_logfile_maxbytes = 10MB
    stderr_logfile_maxbytes = 10MB
    exitcodes = 0
    stopsignal = HUP
    

    I think that’s all the relative configurations. So, my question is really how to make supervisor work with nginx via a UNIX-socket?

  • How to enable code running in a docker container access files on the host on which the container is running?
  • Docker- How to use syslog to record logs on host machine?
  • Docker - Mac OSX Ubuntu fails on apt-get update
  • docker swarm in aws is unreachable after reboot
  • How to make communication between two docker containers running on two different hosts?
  • Docker: reattach to `docker exec` process
  • One Solution collect form web for “Can't connect to a supevisor-socket in Nginx”

    I solved it!

    I ended up doing a subdomain for supervisor, read somewhere that supervisor and nginx didn’t work very well together if supervisor didn’t its own subdomain. So here’s my config-files now:

    nginx (the supervisor subdomain)

    map $http_upgrade $connection_upgrade {
      default upgrade;
      '' close;
    }
    
    upstream supervisor {
      server unix:/conf/supervisor.sock;
    }
    
    # HTTP redirect
    server {
      listen 80;
      return 301 https://$host$request_uri;
    }
    
    server {
      listen 443;
      server_name supervisor.example.com;
    
      access_log /var/log/nginx/supervisor.access.log;
      error_log /var/log/nginx/supervisor.error.log;
    
      server_tokens off;
    
      ssl_certificate /etc/ssl/supervisor/fullchain1.pem;
      ssl_certificate_key /etc/ssl/supervisor/privkey1.pem;
    
      ssl_session_timeout 1d;
      ssl_session_cache shared:SSL:10m;
      ssl_session_tickets off;
    
      # Disable SSLv3
      ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
      ssl_prefer_server_ciphers on;
    
      # Fix Diffie-Hellman for TLS
      # More info: https://weakdh.org/sysadmin.html
      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
      ssl_dhparam /etc/ssl/dhparams.pem;
    
      add_header Strict-Transport-Security max-age=15768000;
    
      ssl_stapling on;
      ssl_stapling_verify on;
    
      ## verify chain of trust of OCSP response using Root CA and Intermediate certs
      ssl_trusted_certificate /etc/ssl/supervisor/chain1.pem;
      resolver 8.8.8.8 8.8.4.4 valid=86400;
      resolver_timeout 10;
    
      location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # hack the host https://github.com/Supervisor/supervisor/issues/251
        proxy_set_header Host $http_host/supervisor/index.html;
        proxy_redirect off;
        rewrite ^/supervisor(.*)$ /$1 break;
        proxy_pass http://supervisor;
      }
    }
    

    supervisord.ini

    [unix_http_server]
    file = /conf/supervisor.sock
    chmod = 0770
    chown = 1001:500
    username = user
    password = password
    
    [supervisord]
    nodaemon = true
    pidfile = /conf/supervisor.pid
    logfile = /var/log/supervisor/supervisor.log
    childlogdir = /var/log/supervisor/
    loglevel = debug
    logfile_maxbytes = 10MB
    
    ; the below section must remain in the config file for RPC
    ; (supervisorctl/web interface) to work, additional interfaces may be
    ; added by defining them in separate rpcinterface: sections
    [rpcinterface:supervisor]
    supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
    
    [supervisorctl]
    serverurl = unix:///conf/supervisor.sock
    historyfile = /var/log/supervisor/historyfile
    
    [program:www]
    user = supervisor
    command = uwsgi --thunder-lock --ini /conf/www.uwsgi.ini
    autostart = true
    autorestart = true
    stdout_logfile = /var/log/supervisor/www.out.log
    stderr_logfile = /var/log/supervisor/www.err.log
    stdout_logfile_maxbytes = 10MB
    stderr_logfile_maxbytes = 10MB
    exitcodes = 0
    stopsignal = HUP
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.