Nginx + dnsmasq = 'could not be resolved (5: Operation refused)'

I’m trying to set up a django site using docker, nginx and uwsgi:
I have a nginx docker container working as a reverse proxy (called ceca-nginx-proxy) where dnsmasq is running and another nginx (ceca-nginx) container that communicates with an uwsgi container (ceca-uwsgi), I can connect using curl (with curl --resolve http://test.ceca.com http://172.17.0.7) to the ceca-nginx container and I get the django site running in the ceca-uwsgi container, the problem is when I want to get the site via ceca-nginx-proxy: I’m getting this error in my ceca-nginx-proxy error log:

ceca-nginx could not be resolved (5: Operation refused), client: 172.17.0.1, server: *.ceca.com, request: “GET / HTTP/1.1”, host: “172.17.0.8”

  • Can't access django media from container volume
  • Somtimes docker container dns fail
  • Provisioning a docker image with chef
  • Connect from one Docker container to another
  • Running Unity3d for automated builds inside a docker container
  • Failed to connect to containerd
    • 172.17.0.1 is the docker ip assigned
    • *.ceca.com is the server_name defined in the ceca-nginx-proxy’s nginx config
    • 172.17.0.8 is the ceca-nginx-proxy ip
    • The server block of ceca-nginx-proxy reverse proxy is:

      server {
          listen 80;
          server_name *.ceca.com;
          error_log   /tmp/proxy_error_nginx.log warn;
          access_log  /tmp/proxy_access_nginx.log;
      
          location / {
              set $example ceca-nginx;
              resolver 127.0.0.1;
              proxy_pass http://$example;
          }
      } 
      

      And I’m running dnsmasq in the same machine to resolve hostnames in /etc/hosts (hostnames from docker linked containers) like this:

      dnsmasq -q -8 /tmp/dnsmasq.log --port 53 -R -u root
      

      For what I see in dnsmasq.log, the hostname is resolving ok [1] but nginx is complaining and returning a “502 Bad Gateway” page.
      If anyone can help me with this, I’ll be eternally grateful and buy lots of beer and fernet if we met.

      [1]
      
      Jun  6 21:39:47 dnsmasq[321]: query[A] ceca-nginx from 127.0.0.1
      Jun  6 21:39:48 dnsmasq[321]: /etc/hosts ceca-nginx is 172.17.0.7
      Jun  6 21:39:48 dnsmasq[321]: query[AAAA] ceca-nginx from 127.0.0.1
      

  • Running 2 services
  • Ansible docker_container gives “Error getting network id”
  • Docker container loosing network when my host machine switches network (Mac OSX)
  • Can't connect to Windows 10 Docker mysql
  • How microservices are managed using Mantl?
  • Docker unable to mount volume with node app
  • One Solution collect form web for “Nginx + dnsmasq = 'could not be resolved (5: Operation refused)'”

    Your problem seems to be related to Nginx resolver directive configuration.
    By default, Nginx will try to resolve both IPv4 and IPV6 addresses. It will pick up first response from DNS server (dnsmasq in your case), cache it and fall down with an exception Operation refused, as it couldn’t resolve DNS name to IPv6 address. The solution is add ipv6=off to your resolver directive, so it should look like this:

    ...
    resolver 127.0.0.1 ipv6=off;
    ...
    

    This will force Nginx to stop resolving DNS records to IPv6.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.