Issues using Nginx to reverse proxy
Hey there! I'm in the process of migrating some of my company projects to Railway but i'm having some issues setting up PHP-FPM.
PHP-FPM needs a nginx reverse proxy with Fastcgi to be able to serve files.
Ok... I did that! My PHP-FPM is live and accepting connections, I generated a domain and directed Nginx to it.
My API also is able to reach Nginx just fine.
The flow is simple:
API -> NGINX -> PHP-FPM API
But currently, all my requests time out at the PHP-FPM API.
Log from Nginx:
This is my default.conf file:
(I will regenerate domains after this get fixed so no worries)
What could it be?
279 Replies
Project ID:
de7aa210-2a7c-457e-9476-6c30744f4f10You might find these helpful:
- Railway CLI not working as expected - 409 Conflict Error
- Deploying a PHP App
- Help trying to visualize my Symfony app
ā ļø experimental feature
de7aa210-2a7c-457e-9476-6c30744f4f10
you have the fast-php server running in a different service?
Yes.
not ideal, don't even know if that variable allows specifying a domian
Wait... wdym? the PHP-FPM API is the php server
not to mention you are trying to connect to it over port 9000 when at the moment you can only connect to a railway app over 443 and web traffic only
nginx and fast-cgi or php-fpm or whatever it's called should both be running in the same service
and communication should be done over a socket
Was just testing things, I will put that var there again
railway won't proxy non web traffic anyway
besides I have never seen nginx and php be in separate services, I can't imagine that's good for latency
So the best option here is to put them in the same service
yes and communicate over a socket
of course you could do what you wanted when railway has internal networking, but they don't yet, so nginx and php should go into the same container
Is it possible to put the two together on one service in railway? With separate dockerfiles? otherwise im gonna build a linux img with the two
you are building with a dockerfile right?
Yeah, on aws it was two separated docker files.
and the nginx one:
yep you'll want to combine your two dockerfiles since railway doesn't have internal networking yet
Ok, will try that.
that's how nixpacks will run PHP stuff, they will have nginx and php in the same container
also no need for expose in the dockerfile, just have nginx listen on $PORT
Came up with this, gonna try it š
the phpfpm image contains nginx?
... I don't think so.
probably gonna need nginx lol
would server_name and fastcgi_pass be localhost?
its in the install command
In aws it worked fine between 2 different services because of internal IPs?
oh my bad missed that
yeah 127.0.0.1
or use a socket, socket > ip
gonna try without it for now
building... btw i couldn't delete the nginx-nfe service
for sure
railway L
'Failed to delete'
š
just remove the latest deployment until they fix that
Already failed on
RUN service nginx start
lmaodoes apt install register nginx as a service automatically?
It should, gonna try running it together in CMD
you could also use a pre-built php-nginx image
this my be helpful
https://github.com/TrafeX/docker-php-nginx
it uses supervisord to start both nginx and php
Gonna take a look, im struggling to start both services
gonna try one last time with a sh file 
def skill issue (jokes)
that hurts
nah, i agree with you DEFINETELY skill issues oh man im bad at docker
common php L
you should look into building your docker stuff locally
i normally do that, basic stuff
uhm
i guess it worked??
proof?
idk about nginx
script will never make it to line 3 since it waits for php-fpm to close (and it wont close)
take a look at that img u sharedadd an and symbol to the end of line 2
one or two?
one
nvm, that looks fine i think
well, another 10 mins building
test building locally
yeah..
your entry point should now be that bash script, dont run the batch script during build
ayo
i guess it cached the build
yay
didn't work, going with that php-fpm-nginx img next
no logs on the service either
prob cuz & starts the service in the background
use the github repo i linked as a starting point
you lads enjoying 
deleted it 
deleted it well i have to go, finn will take over from here
whats the current issue
op is trying to use php in 2023
that's the real issue
lmfao
(real)
are currently trying to run php-fpm and nginx on the same dockerfile
I had separate services, but the way i was doing it couldn't be possible without internal networking
So now, Brody linked me this github img https://github.com/TrafeX/docker-php-nginx/tree/master/config and im trying it out to see if it worksi wish i was of help
You can be! Im currently experiencing excruciating 
hate php but unfortunately our ancient 'government tax api' is using it
hate php but unfortunately our ancient 'government tax api' is using itif caddy is easier im willing to give it a shot
caddy definitely easier
sorry I didn't just get bored helping, I had to do something else and am no longer at my computer so I can't do any real help
np, gotta get off soon too
gonna resume it tomorrow with caddy after trying that img u linked, nginx is getting on my nerves
caddy is definitely better than nginx, but you'll still wanna use supervisord to run both services
Why are you running nginx? Do you need to serve static files?
You don't really need nginx on Railway so I'm curious why that's a dependency
It's actually not that bad! Meme aside, I've ran modern PHP workloads in k8s over tens of services and close to 300 pods, with a bunch of k8s ingress magic for nginx load-balancing.
It's actually pretty awesome compared to scaling JS/node stuff because of its stability. Performance sucks though, that's why we had to run ~300 pods. Not an issue if you can scale horizontally and have money to throw at it & it doesn't matter much for small-medium scale projects
Can you share your nginx conf? Your upstream is timing out so nginx can't reach it; it suggests an issue with the nginx conf on how you're proxying connections to it
I will post it tomorrow, im bowling atm
have fun š
Update:
I'm using this img https://github.com/TrafeX/docker-php-nginx
But theres a catch, i use
docker-php-ext-configure and docker-php-ext-install commands to install some extensions.
The image he provides isn't an official alpine-docker img, so it doesn't have these commands.
...I got a workaround that I'm going to try rn, i found some precompiled packages on alpine registry, it builded the img successfullyOptimized for 100 concurrent users
lol
that was fast
(crashed almost at the same time it got up)
fail fast bby
ok so whats the caddy alternative
I don't think the time out is the problem... Because it couldn't reach the php-fpm at all.
I don't think the time out is the problem... Because it couldn't reach the php-fpm at all.https://gitlab.com/jeffam/php-fpm-caddy
this looks like a good starting point
gonna take a look
looks good, official php-fpm image meaning i have the docker-php commands and its precompiled with some extensions i use, just gonna have to mess around the nginx config to caddy
sounds good
actually, some guy just said to me to try https://github.com/richarvey/nginx-php-fpm
so im gonna give nginx A LAST TRY
154 lines for a dockerfile
f me
...yep
jeez
you trying to increase your build times???
our php-fpm/nginx isnt something that we build frequently
so i guess i don't care that much about build 
copium
holy shit holy shit it builded
with the needed extensions
how long take?
68.5s
okay thats fast af
for what it is
on my pretty bad work computer
omg no errors!
they use supervisord like i said to yesterday
also
I think I might have to kick you
light mode??????
...does docker have dark mode?
lmao
omg it does
switch this instance
So, uhm
Got a question
yeah?
In the 'listen 8080' i get it that i will reach the nginx with this port, but what about the fastcgi pass? what that port does cause i can't see on my code where i define it lmao
well what port does the config in that repo use?
they don't, they used a socket, like I also told you to use lol
typical user not listening to conductors
(jokes)
seems like 9000 is the default fastcgi port, you can use a socket too but im too dumb to use it, really.
just look at how the repo uses the socket, and use it the same way
yeah
socket is funny word
can't reach any endpoint its not even hitting that API now
time to debug
its not even hitting that API now
time to debugis nginx set to listen on $PORT?
yep.
what status code do you get?
400
"connect EINVAL 0.0.31.144:80 - Local (0.0.0.0:0)"
bad request
hmmm
are you sure nginx is connecting to php?
idk... i cant even acess nginx
it doesnt log anything, testing on local
odd
caddy when?
nginx is mid anyways
was so close...
so close......yet so far
Config Adapters - Caddy Documentation
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
ohh
i guess i can just convert my conf
I forgot about that
but im still bothered by how im unable to hit even the nginx endpoint
š
nvm
well you must be hitting something since some type of web server is returning the 400
hey sorry I missed the ping here, will check back in 30mins!
dw
@Brody the img u linked didn't work, could pull/build from that repo (idk why lol) so i found this one
https://hub.docker.com/r/skiychan/caddy-php
already ran it, just trying to figure how can i convert my conf and run with that conf
@Medim why do you need a reverse proxy? The nixpacks build should work if you're hosting an fpm application
not if you use php extensions
gotcha, taking a look now!
PHP extensions have some lib dependencies, idk how nixpacks will handle that lol
Dockerfile:
supervisord.conf (place this in your root directory/same as Dockerfile):
Nginx conf (default.conf):
Nginx is configured to listen on 8080 and proxies to fpm running on port 9000.
You'll need to set the PORT service variable in Railway to 8080 so it can reach your Nginx.
Example: https://ruddy-wing-production.up.railway.app/public/index.php
š..holy shit
it uses supervisor to run fpm and nginx in the same container
building it, one sec
I'll take a look at that
id stay away from nixpacks with a config like this anyway
...deploying
nixpacks is scary
dockerfile is warm and comfy
soo many trouble for building an api that is rebuilt every 1-2 year lol
rewrite it in COBOL
so to make sure im not screwing anything over
after its deployed, i get its domain and put on my API vars
gerenciei-api-nfe-production.up.railway.app:8080
right?
with or without the ports? since railway uses it
without
but if you use a port other than $PORT you will have to define PORT in the service variables
kk
basically it redirects the default port to the one defined in $PORT
right?
443 goes to 8080
yeah
as long as you set the service variable PORT to 8080
it confuses me this port
like EXPOSE and ports in docker are different things
render and heroku have auto detection systems that will detect the port the app is running on and redeploy with the correct port set for you, I wonder when railway will have something like this
you don't need expose in a dockerfile
at least the ones you run on railway
railway already does this? no? to front end apps
or something like that
rc's dockerfile doesn't have expose
connect ECONNREFUSED 127.0.0.1:80
F
not at all, that's why there's so many questions "I'm getting server error"
i guess thats from the default conf
what is giving that error
none of the provided config files from rc use a port 80?
comes from default.conf
there's no PORT 80?
no lol
so where that error coming from
rc's demo worked, so what are you changing from his config files?
absolutely nothing
I'm tempted to deploy his config files and show you they work, but I'm on mobile
no ports
where is that 80 coming from....
can you access that url from the browser?
domain*
where are you getting the
80? Do you have a service variable set for PORT to 8080?yeah, it goes to the 403 forbidden
I don't think you need to expose the port in docker at all when running them through supervisor. The processes will expose themselves
definitely an nginx conf issue, then š
try browsing to
/public/index.php? I didn't modify your nginx conf besides the host/portHTTP ERROR 500
getting some weird php errors on the logs
gonna try something, one sec.
Actually, when i get to that domain, it tries to serve the index.php file but errors out
DIR in my code is somehow pointing to the wrong folder
... but it doesnt happen locally
locally with nginx+fpm too?
it still errors out as 405 on my local docker and on railway it throws an error 500
yep, same img
oh yeah, composer is missing in the img
ah yeah, looks like you're not building your app dependencies in the image
added this to the dockerfile, gonna try it
composer install will install the dependencies into a vendor directory - you'll likely need to copy that into your app's directorywdym? It justs needs the composer.json to function
nvm, composer got its own img so im gonna multi stage it
you're definitely over thinking this
yeah
you said you modified rc's nginx config file? why? his demo worked fine
I didnt modify it
everything was the same, now im modifying his dockerfile cause it wasnt installing the packages
composer packages š
still 405 tho
same thing... how can it be this weird port...
well, gonna continue tomorrow. I've been 8+ hours on this today
really appreciate you guys help
are you hardcoding the connection in your frontend by any chance?
have a good rest š
I can take a deeper look if you share your code/repo
This request is made on my expressjs api to this second php api, its all on env vars so it shouldnāt be hardcoded but i guess i will need to debug it tomorrow
skill issue
https://test-service2.up.railway.app/
logged that apiNfeUrl before using it
I literally have no clue where that 127.0.0.1 come from
okay slow tf down
get a simple info php script running first, like in mine or rc's examples
https://gerenciei-api-nfe-production.up.railway.app/public/index.php
strange, cause https://gerenciei-api-nfe-production.up.railway.app/ is hitting that index.php too but it gives a 403 on the frond end but a 200 on the log š
that works but this doesnt
https://gerenciei-api-nfe-production.up.railway.app/
I can fix that by adjusting the defautl conf root param from
/var/www/html to /var/www/html/public/index.phpMedim, I will pay good hard Railway credits if you PR a PHP section to the Railway docs with common workarounds for PHP projects.
Hi Angelo! Honestly, you're asking the wrong guy for this.
I hate PHP
lmfao x400
by hating PHP, that only makes you a better writer
4 days already trying to fix this issue im having
PHP > lambo doesn't happen without a little bit of pain
But sure, when i get this thing to work i can compile a little bit of my knowledge in php to the railway docs
i cant stop laughing
brody... i was thinking
fast-cgi, uses this combination of file (index.php) + args
paraphrasing
A: i will pay you for expanding the php docs
m: i hate php
what if i change my baseUrl to .../public/index.php since im not hiting it at the root level
this is what i did
maybe
but u mean at root level?
cause u arent doing it in the url
.
this is mine
... gonna try that
hold on
holding
i have a folder in my project named
src and in that folder i have my index.php
then in my dockerfile i have
i dont have a src folder, everything is at root level except index.php that is served in a public/index.php dir
will try something again
btw, the error now changed
https://gerenciei-api-nfe-production.up.railway.app/public/index.php
a method error
the only thing thats in my src folder is index.php
all config files are in project root
Mine too, it just serves from another folder, i will try something
building...
https://gerenciei-api-nfe-production.up.railway.app/
yeah that didnt work
why not
cause that isnt my index.php file...
i dont know where that hello world is coming
THATS THE DEFAULT ROUTE
THATS THE DEFAULT ROUTElmfao
the 405 errors im getting are actually from the PHP-SLIM framework im using
and now my frontend is hitting the api as it should
now i need to know why is it erroring like that
what even is this error dialog
just a debug one, normally here we translate errors to the user
like: 'Tax information from product 1 is incorrect' or something like that
are you able to access index.php from the root yet?
yep
yay
it redirects me to the routes, that what it is supposed to do
and it hits this default rote
just need to know why other routes are giving me 405
supervisord isnt forwarding error prints to stderr
whenever you got a 403 in the browser, would you see a 403 in the deploy logs?
im using a static route here that we have
it gives a 200 followed by a 405
Im able to see its content, but it throws a 405 at the log right 
you need some verbose logs or something lol
i think thats the best slim-php can do really lmao
common php L
https://gerenciei-api-production.up.railway.app/companies/20/certificate-validations
no token provided š
did you provide a token?
...yes
in what form
query param, header, body?
url: 'https://gerenciei-api-nfe-production.up.railway.app//certificate-validations/valid-from';,
uhm
that double // could be an issue right?
very possible, i know some frameworks wont clean the url
i guess this one doesnt, thats why its giving 405 all over
..oh
i got it
ideally the framework would return 404 on a malformed path, but slim wants to return 405 ig
this one was my bad, left the api var with a / at the end
needed to use the https url for some reason, without it wasnt hitting the api
its always user error (joke)
def need https scheme
well.. redeploying
it worked
flawlessly
I'm so smort
(he lied)
all i needed to do was change the try_files url on the default.conf
Well, thank you guys
bro wouldn't listen to me
lmao
tsk tsk tsk
thanks @Brody and @rc you two were of great help
and thanks @Finn - uses centos for the emotional support lmfao
what so everything works?
hope this 300+ msgs thread can help someone else
so far, yes.
I will post some workarounds for php on the railway docs too
just wanted to delete this ghost service but seems i'm unable to
what errors do you get?
I think the core issue here is you shouldn't need to add a reverse proxy.. It should just work with nixpacks on Railway (so Railway's proxy talks to fpm directly, instead of nginx), but it doesn't with some PHP extensions (?), so I'd like to dig into it and make it work. I'll replicate this on nixpacks and see if I can get it working with the extensions that OP needs, so in the future there's no need for anyone to run a reverse proxy along with php.
"Failed to delete"
have you refreshed the page?
many times
rip
wait it out
{
"message": "Not Authorized",
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"serviceDelete"
],
"extensions": {
"code": "INTERNAL_SERVER_ERROR",
"exception": {
"status": 400
}
}
}
funky
don't really know what to tell you
its triggering my ocd
fix
I do not have such power
two other people just reported issues with the API, you're not alone
I get that, but its dependable on the framework/packages the php project is using, isn't it? Idk how to manage that since some packages also needs specific libs been trying to delete that for 2 days now
been trying to delete that for 2 days nowthat's not good
yeah that's why I wanna figure it out š
usually with php extensions, you just need to
pecl install it into the runtime. It'd be nice to have nixpacks work with a bunch of common php extensions. https://github.com/railwayapp/nixpacks/pull/829 seems relevant to this.
@Medim can I have your composer.json?Sure, one sec.
thanks!
np
railway up works for me using the composer.json with ext-json removed from requireext-json is an essential extension for our api to run pin it to a specific version?
ext-json is included in >php8, there's no need to install it
but at lower versions of php? for example we use 7.4
can't it be added as a NXPKG or something like that
I don't think nixpacks support that specific php version š your composer requires
php^7.2, so nixpacks will build using >8Yeah, but if it works at php8 thats perfect. We will upgrade to it soon.
and then you can get rid of the Dockerfile+supervisor/nginx conf š„³
Hello, I have 2 services: fastAPI backend and nginx frontend serving as reverse proxy. It works fine when backend starts first and then the frontend, however in the opposite case (for example after a git push backend takes longer to start) Nginx keeps failing with
any idea why it could be happening?
Here's my nginx config:
Ok this is real nice
hey, I'd be happy to help, and I may even have the perfect template for you, but do you think you could open your own help thread?
sure, thanks, will do now