Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

docker-compose.yml and client_max_body_size

See original GitHub issue

Hi, I’m having troubles setting client_max_body_size in a docker-compose.yml

This is my .yml file I have tried with global and client but it does not reflect changes in the generated configuration.

version: '2'

services:
  proxy:
    image: jwilder/nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    environment:
      CLIENT_MAX_BODY_SIZE: 30M
      GLOBAL_MAX_BODY_SIZE: 30M
    volumes:
      - "/etc/certs:/etc/nginx/certs"
      - "/var/run/docker.sock:/tmp/docker.sock"
  web:
    build: .
    command: bundle exec foreman start -p 7000
    volumes:
      - .:/app
    depends_on:
      - redis
    ports:
      - 7000
    environment:
      VIRTUAL_HOST: "beta.hecbuma.co"
      RACK_ENV: production
      RAILS_ENV: production
      VIRTUAL_PORT: 7000
      S3_FOLDER: hecbuma-stage
  redis:
    image: redis

This is the configuration that I get from the container:

docker exec -it 03f41f5e42ee bash
root@03f41f5e42ee:/app# cat /etc/nginx/conf.d/default.conf
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
    default $http_x_forwarded_proto;
''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
    default $http_x_forwarded_port;
''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
    default upgrade;
'' close;
}
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
    default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
  server_name _; # This is just an invalid value which will never trigger on a real hostname.
  listen 80;
  access_log /var/log/nginx/access.log vhost;
  return 503;
}
# beta.hecbuma.co
upstream 5fcceb3b442db6652be09ebf52b84169c65339f0 {
  ## Can be connect with "hecbuma_default" network
  # hecbuma_web_1
  server 172.19.0.4:7000;
}
server {
  server_name beta.hecbuma.co;
  listen 80 ;
  access_log /var/log/nginx/access.log vhost;
  return 301 https://$host$request_uri;
}
server {
  server_name beta.hecbuma.co;
  listen 443 ssl http2 ;
  access_log /var/log/nginx/access.log vhost;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'xxxx';
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 5m;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  ssl_certificate /etc/nginx/certs/beta.hecbuma.co.crt;
  ssl_certificate_key /etc/nginx/certs/beta.hecbuma.co.key;
  add_header Strict-Transport-Security "max-age=31536000";
  location / {
      proxy_pass http://5dsds65339f0;
}
}

And this is the version of docker

deploy@ip-172-31-13-22:~/releases/hecbuma$ docker --version
Docker version 1.12.6, build 78d1802
deploy@ip-172-31-13-22:~/releases/hecbuma$ docker-compose --version
docker-compose version 1.9.0, build 2585387

I remember I used this configuration in the past, but for some reason, I’m not able to make it work no. can someone advise?

Issue Analytics

State:
Created 7 years ago
Comments:6 (1 by maintainers)

Top GitHub Comments

50reactions

thomasleveilcommented, Jan 27, 2017

create a file named my_custom_proxy_settings.conf next to your docker-compose.yml file with the following contents:

client_max_body_size 30m;

then add a volume to your proxy service declared in your docker compose file:

proxy: image: jwilder/nginx-proxy ports: - “80:80” - “443:443” volumes: - “/etc/certs:/etc/nginx/certs” - “/var/run/docker.sock:/tmp/docker.sock” - “./my_custom_proxy_settings.conf:/etc/nginx/conf.d/my_custom_proxy_settings.conf”

as described in the README file.

3reactions

CarlesLlobetcommented, Mar 5, 2020

Had to enter in the container and fix the client_max_body_size into the vhost conf. It is not properly copying the configurations into the container.

Workaround

docker exec -it nginx-proxy bash
apt update && apt install vim
vim /etc/nginx/conf.d/default.conf

Search for your virtual host (i.e: git) and on the server{} definition add the client_max_body_size 0; (or any size you want to specify)

service nginx reload
exit

[EDIT]

Found a better workaround, without accessing inside the container and with persistance. As the only configuration of client_max_body_size attribute not working is the Per-Container (vhost.d) we can add a shared volume for the Proxy wide config, and add there our attributes:

#echo "client_max_body_size 0;" > nginx/conf.d/unrestricted_size.conf
#vim "docker-compose.yml"

And add the shared volume of Proxy wide config:

volumes:
  - ./nginx/vhost.d:/etc/nginx/vhost.d
  - ./nginx/certs:/etc/nginx/certs
  - ./nginx/conf.d:/etc/nginx/conf.d # THIS NEW LINE

Restart the container, and voilà:

docker restart nginx-proxy

Please @jwilder check why if you put a client_max_body_size at the Per-Container basis (vhost.d) as it does not properly apply after restarting the container since 9adbb2a build.

Top Results From Across the Web

Changing nginx - client_max_body_size in Docker container ...

My pull in the Docker-compose. yml file is for 'nginx:latest' to be from local or from DockerHub if the image isn't already loaded....

Store configuration data using Docker Configs

Config values can be generic strings or binary content (up to 500 kb in size). Note: Docker configs are only available to swarm...

Compose specification - Docker Documentation

The Compose file is a YAML file defining services, networks, and volumes for a ... driver_opts: size: "10GiB" configs: httpd-config: external: true secrets: ......

Manage sensitive data with Docker secrets

Generic strings or binary content (up to 500 kb in size). Note: Docker secrets are only available to swarm services, not to standalone...

Compose file version 3 reference - Docker Documentation

The Compose file is a YAML file defining services, networks and volumes. ... The example shown above would store log files until they...