[Question] Example for independent nginx deployment

[lonix1]

I already run dockerised nginx. I want to run dockerised shaarli, and proxy requests from nginx to shaarli.

All examples I've seen are for nginx running inside the shaarli container (which as an aside, is non-standard and was confusing to debug... that said I suppose it's convenient for beginners).

So:

• Is there a "normal" / stand-alone shaarli image - just the app and php-fpm, nothing else?
• If not, is there a working example of proxying requests from an existing nginx to shaarli? All nginx examples are for the server inside the container, and rely on fastcgi_pass, whereas in the normal setup where the proxy is independent, we would use proxy_pass.

Any advice appreciated!

[lonix1]

Okay after some tinkering, below is my solution.

My shaarli and nginx containers are on a shared network, that's why I can use the shaarli address.

server {

  listen           443 ssl http2;
  listen           [::]:443 ssl http2;
  server_name      foo.example.com;    # populate this
  include          foo.conf;           # populate this, if necessary

  access_log       /var/log/nginx/shaarli-access.log;
  error_log        /var/log/nginx/shaarli-error.log error;

  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Host  $host;
  proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
  proxy_set_header X-Real-IP         $remote_addr;

  location / {
    proxy_pass     http://shaarli:80;
  }

}

This should be added to the docs.

[nodiscc]

The nginx reverseproxy configuration should be fixed in #1389 - https://shaarli.readthedocs.io/en/doc-rework-setup/Reverse-proxy/. @lonix1 Is something else missing?

Is there a "normal" / stand-alone shaarli image - just the app and php-fpm, nothing else?

The shaarli image is just that, Alpine + nginx + php-fpm https://github.com/shaarli/Shaarli/blob/master/Dockerfile

[lonix1]

Hey @nodiscc / @ArthurHoaro, sorry for late response only upgraded today to latest version.

Is there a "normal" / stand-alone shaarli image - just the app and php-fpm, nothing else?

The shaarli image is just that, Alpine + nginx + php-fpm https://github.com/shaarli/Shaarli/blob/master/Dockerfile

No what I meant was - and still applicable - is there an image without nginx? It's unnecessary if one is already using a reverse proxy.

Usual setup:

user  --->  nginx  --->  php-fpm  --->  app

Shaarli docker image:

user  --->  nginx  --->  nginx  --->  php-fpm  --->  app

Although nginx is fast, running one after the other is incredibly wasteful. It also creates config headaches (as I showed above).

A workaround is to create a custom Dockerfile and remove all the nginx stuff. I'm working on that, I'll post something here if I get it to work.

A better solution is an image that doesn't bundle nginx. e.g. shaarli/shaarli:1.2.3 (normal) and shaarli/shaarli:1.2.3-nginx (includes nginx).

Since this issue is still relevant, maybe someone could reopen?

[virtadpt]

I think I see what you're getting at.

• Shaarli is installed in a container that only has php-fpm running in it.
• php-fpm has a network socket exposed for nginx to relay requests to.
• nginx is running in another container that
  • Connects to the Shaarli container at its php-fpm network socket.
  • Listens on another IP address for HTTP requests.
  • Forwards those requests to the php-fpm/Shaarli container.
  • Forwards responses from the php-fpm/Shaarli container back to the user.
• nginx -> nginx does seem kind of baroque, and we know it causes problems already.

[lonix1]

@virtadpt That's a very detailed explanation of the issue... thanks and yes!

In my (and most) setups, different containers are used for different services. Example:

• nginx container
• foo stack: app container, database container, redis container
• bar stack: app container, database container, redis container, admin container
• shaarli stack: app container <---
• etc.

All of them are on the same network as nginx, which serves them all. Of course this is just one network design, but the most common.

Bundling nginx into the container (as done by shaarli) is really helpful to new docker users - so I don't think it's a bad thing. But there should also be a "normal" shaarli image that does not include nginx.

To make this work:

• a new Dockerfile without /.docker/services.d/nginx/
• tag it as shaarli/shaarli:1.2.3
• tag original image as shaarli/shaarli:1.2.3-nginx or shaarli/shaarli:1.2.3-bundle
• users should use my .conf file for nginx, as I posted above, it works

I hope someone reopens this, and considers it! Thanks!!

[ArthurHoaro]

I agree with everything that has been said. Embedding nginx is usefull if you want the Docker image to work out of the box, but in a lot of cases it can be an unnecessary layer.

tag original image as shaarli/shaarli:1.2.3-nginx or shaarli/shaarli:1.2.3-bundle

I would rather tag the new image with something like shaarli/shaarli:1.2.3-fpm to avoid breaking existing installations.

EDIT: moving back the milestone to 1.0.0 as it makes sense to me to have that possibility for that version.
EDIT2: BTW if you want to work on it that would be appreciated :)