'Docker Volumes in ECS -- how to connect nginx with php-fpm using unix socket

I tried to make the construction like figure1.

figure1

In the local environment, I can access http://127.0.0.1 after running docker-compose up -d --build.

And I pushed these images to ECR and used for ECS tasks.

But the tasks doesn't run because Task failed ELB health checks in (target-group arn:aws:elasticloadbalancing:ap-northeast-1:xxxxxxxxxxxx:targetgroup/test-http/xxxxxxxxxxxxxxxx) .

figure2

So I deleted

health_check {
  interval = 30
  port = 80
  timeout = 10
  healthy_threshold = 3
  unhealthy_threshold = 3
}

from aws_lb_target_group.tf.

And now, task runs but browser shows File not found. when I access ALB DNS name.

Do you have any idea to construct nginx and php-fpm with unix socket in ECS?

In the local environment, I checked volumes.

It shows like this.

% docker-compose exec php-fpm ls -al /var/run/php-fpm
total 8
drwxr-xr-x 2 root     root     4096 Nov 21 01:45 .
drwxr-xr-x 1 root     root     4096 Nov 21 01:41 ..
srw-rw-rw- 1 www-data www-data    0 Nov 21 01:45 php-fpm.sock

% docker-compose exec nginx ls -al /var/run/php-fpm
total 8
drwxr-xr-x    2 root     root          4096 Nov 21 01:45 .
drwxr-xr-x    1 root     root          4096 Nov 21 01:45 ..
srw-rw-rw-    1 xfs      xfs              0 Nov 21 01:45 php-fpm.sock

% docker volume ls
DRIVER              VOLUME NAME
local               test_db-store
local               sock

I wonder if Docker volumes settings are correct or not.

I'll show show some files below.

Thank you for any help you can provide.


Files

docker-compose.yml

version: "3.8"
volumes:
  php-fpm-socket:
    name: sock
  db-store:
services:
  nginx:
    container_name: ${APP_NAME}-nginx
    build:
      context: .
      dockerfile: ./docker/nginx/Dockerfile
    ports:
      - "${WEB_PORT:-80}:80"
      - "3000:3000"
      - "3001:3001"
    volumes:
      - php-fpm-socket:/var/run/php-fpm
      - ./src/:/app
  php-fpm:
    container_name: ${APP_NAME}-php-fpm
    build:
      context: .
      dockerfile: ./docker/php-fpm/Dockerfile
    volumes:
      - php-fpm-socket:/var/run/php-fpm
      - ./src/:/app
    environment:
      - DB_CONNECTION=mysql
      - DB_HOST=${DB_HOST:-mysql}
      - DB_PORT=3306
      - DB_DATABASE=${DB_NAME:-test}
      - DB_USERNAME=$DB_USER
      - DB_PASSWORD=$DB_PASSWORD
  mysql:
    container_name: ${APP_NAME}-mysql
    build:
      context: .
      dockerfile: ./docker/mysql/Dockerfile
    volumes:
      - db-store:/var/lib/mysql
    environment:
      - MYSQL_DATABASE=$DB_NAME
      - MYSQL_USER=$DB_USER
      - MYSQL_PASSWORD=$DB_PASSWORD
      - MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
      - TZ=$TZ

docker/nginx/Dockerfile

FROM node:14.15-alpine as node
FROM nginx:1.19-alpine
SHELL [ "/bin/ash", "-oeux", "pipefail", "-c" ]
ENV TZ=UTC
RUN apk update && \
  apk add --update --no-cache --virtual=.build-dependencies g++
COPY --from=node /usr/local/bin /usr/local/bin
COPY --from=node /usr/local/lib /usr/local/lib
COPY --from=node /opt /opt
COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf
WORKDIR /app

docker/nginx/default.conf

access_log /dev/stdout main;
error_log /dev/stderr warn;

server {
  listen 80;
  root /app/public;
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";
  index index.html index.php;
  charset utf-8;
  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }
  location = /favicon.ico { access_log off; log_not_found off; }
  location = /robots.txt { access_log off; log_not_found off; }
  error_page 404 /index.php;
  location ~ \.php$ {
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
  }
  location ~ /\.(?!well-known).* {
    deny all;
  }
}

docker/php-fpm/Dockerfile

FROM php:7.4-fpm-buster
SHELL ["/bin/bash", "-oeux", "pipefail", "-c"]

ENV TZ=UTC \
  LANG=en_US:UTF-8 \
  LANGUAGE=en_US:en \
  LC_ALL=en_US.UTF-8 \
  COMPOSER_ALLOW_SUPERUSER=1 \
  COMPOSER_HOME=/composer

COPY --from=composer:2.0 /usr/bin/composer /usr/bin/composer

RUN apt-get update && \
  apt-get -y install git libicu-dev libonig-dev libzip-dev unzip locales && \
  apt-get clean && \
  rm -rf /var/lib/apt/lists/* && \
  locale-gen en_US.UTF-8 && \
  localedef -f UTF-8 -i en_US en_US.UTF-8 && \
  mkdir /var/run/php-fpm && \
  docker-php-ext-install intl pdo_mysql zip bcmath && \
  composer config -g process-timeout 3600 && \
  composer config -g repos.packagist composer https://packagist.org

COPY ./docker/php-fpm/php-fpm.d/zzz-www.conf /usr/local/etc/php-fpm.d/zzz-www.conf
COPY ./docker/php-fpm/php.ini /usr/local/etc/php/php.ini

WORKDIR /app

docker/php-fpm/php-fpm.d/zzz-www.conf

[www]
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666

task definition

{
  "ipcMode": null,
  "executionRoleArn": null,
  "containerDefinitions": [
    {
      "dnsSearchDomains": null,
      "environmentFiles": null,
      "logConfiguration": {
        "logDriver": "awslogs",
        "secretOptions": null,
        "options": {
          "awslogs-group": "test",
          "awslogs-region": "ap-northeast-1",
          "awslogs-stream-prefix": "php-fpm"
        }
      },
      "entryPoint": null,
      "portMappings": [],
      "command": null,
      "linuxParameters": null,
      "cpu": 300,
      "environment": [],
      "resourceRequirements": null,
      "ulimits": null,
      "dnsServers": null,
      "mountPoints": [
        {
          "readOnly": null,
          "containerPath": "/var/run/php-fpm",
          "sourceVolume": "sock"
        }
      ],
      "workingDirectory": null,
      "secrets": null,
      "dockerSecurityOptions": null,
      "memory": null,
      "memoryReservation": 600,
      "volumesFrom": [],
      "stopTimeout": null,
      "image": "xxxxxxxxxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/php-fpm:latest",
      "startTimeout": null,
      "firelensConfiguration": null,
      "dependsOn": null,
      "disableNetworking": null,
      "interactive": null,
      "healthCheck": null,
      "essential": true,
      "links": null,
      "hostname": null,
      "extraHosts": null,
      "pseudoTerminal": null,
      "user": null,
      "readonlyRootFilesystem": null,
      "dockerLabels": null,
      "systemControls": null,
      "privileged": null,
      "name": "php-fpm"
    },
    {
      "dnsSearchDomains": null,
      "environmentFiles": null,
      "logConfiguration": {
        "logDriver": "awslogs",
        "secretOptions": null,
        "options": {
          "awslogs-group": "test",
          "awslogs-region": "ap-northeast-1",
          "awslogs-stream-prefix": "nginx"
        }
      },
      "entryPoint": null,
      "portMappings": [
        {
          "hostPort": 80,
          "protocol": "tcp",
          "containerPort": 80
        }
      ],
      "command": null,
      "linuxParameters": null,
      "cpu": 200,
      "environment": [],
      "resourceRequirements": null,
      "ulimits": null,
      "dnsServers": null,
      "mountPoints": [
        {
          "readOnly": null,
          "containerPath": "/var/run/php-fpm",
          "sourceVolume": "sock"
        }
      ],
      "workingDirectory": null,
      "secrets": null,
      "dockerSecurityOptions": null,
      "memory": null,
      "memoryReservation": 128,
      "volumesFrom": [],
      "stopTimeout": null,
      "image": "xxxxxxxxxxxx.dkr.ecr.ap-northeast-1.amazonaws.com/nginx:latest",
      "startTimeout": null,
      "firelensConfiguration": null,
      "dependsOn": null,
      "disableNetworking": null,
      "interactive": null,
      "healthCheck": null,
      "essential": true,
      "links": null,
      "hostname": null,
      "extraHosts": null,
      "pseudoTerminal": null,
      "user": null,
      "readonlyRootFilesystem": null,
      "dockerLabels": null,
      "systemControls": null,
      "privileged": null,
      "name": "nginx"
    }
  ],
  "placementConstraints": [],
  "memory": null,
  "taskRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/test-ecs-task-role",
  "compatibilities": [
    "EC2"
  ],
  "taskDefinitionArn": "arn:aws:ecs:ap-northeast-1:xxxxxxxxxxxx:task-definition/test:52",
  "family": "test",
  "requiresAttributes": [
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.ecr-auth"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.docker-plugin.local"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.task-iam-role"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
    }
  ],
  "pidMode": null,
  "requiresCompatibilities": [],
  "networkMode": "bridge",
  "cpu": null,
  "revision": 52,
  "status": "ACTIVE",
  "inferenceAccelerators": null,
  "proxyConfiguration": null,
  "volumes": [
    {
      "fsxWindowsFileServerVolumeConfiguration": null,
      "efsVolumeConfiguration": null,
      "name": "sock",
      "host": null,
      "dockerVolumeConfiguration": {
        "autoprovision": null,
        "labels": null,
        "scope": "task",
        "driver": "local",
        "driverOpts": null
      }
    }
  ]
}


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source