Search code examples
dockernginxamazon-ecs

Unable to connect to linked docker container in ECS

So here's what I'm trying to do:

Nginx container linked to -> Rails container running Puma

Using docker-compose, this solution works great. I'm able to start both containers and the NGINX container has access to the service running on port 3000 in the linked container. I've been working through lots of headaches when moving this to AWS ECS, unfortunately.

First, the relevant bits of the Dockerfile for Rails:

ENV RAILS_ROOT /www/apps/myapp

RUN mkdir -p $RAILS_ROOT
WORKDIR $RAILS_ROOT

.... lots of files get put in their proper places ....

EXPOSE 3000

VOLUME [/www/apps/myapp/]

CMD puma -C config/puma.rb'

I confirmed that puma is starting as expected and appears to be serving tcp traffic on port 3000.

Relevant parts of my nginx config:

upstream puma {
fail_timeout=0;
  server myapp:3000;
}

server {
  listen 80 default deferred;

  server_name *.myapp.com;

  location ~ (\.php$|\.aspx$|wp-admin|myadmin) {
    return 403;
  }    

  root /www/apps/myapp/public;
  try_files $uri/index.html $uri @puma;

Nginx dockerfile:

ENV RAILS_ROOT /www/apps/myapp

# Set our working directory inside the image
WORKDIR $RAILS_ROOT

EXPOSE 80

Here's my ECS task definition:

{
"family": "myapp",
"containerDefinitions": [
{
    "name": "web",
    "image": "%REPOSITORY_URI%:nginx-staging",
    "cpu": 512,
    "memory": 512,
    "portMappings": [
    {
        "containerPort": 80,
        "protocol": "tcp"
    },
    {
        "containerPort": 443,
        "protocol": "tcp"
    }
],
"links": [
    "myapp"
],
"volumesFrom": [
    {
        "sourceContainer": "myapp",
        "readOnly": false
    }
],        
"essential": true,      
"logConfiguration": {
    "logDriver": "awslogs",
    "options": {
        "awslogs-group": "awslogs-myapp-staging",
        "awslogs-region": "us-west-2",
        "awslogs-stream-prefix": "awslogs-myapp-nginx"
    }
}
},
{
    "image": "%REPOSITORY_URI%:v_%BUILD_NUMBER%",
    "name": "myapp",
    "cpu": 2048,
    "memory": 2056,
    "essential": true,
    ...bunch of environment variables, etc.
}

I am able to ping the myapp container from inside my nginx container, so I don't think it's a security group issue.

Solution

  • This turned out to be an AWS security group issue. I had foolishly expected the Rails app to perhaps alert me that it couldn't reach the database, but instead it just hung there forever until I manually started it with rails c. Then I got the timeout which led to speedy resolution.