I am trying to deploy a Symfony PHP application to AWS ECS, using Nginx as a web server. An Application Load Balancer (ALB) handles SSL termination and forwards HTTPS traffic to the ECS service. However, my Nginx container is unable to forward requests to the PHP container, resulting in errors logged in the Nginx container logs:
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: exiting, bye-bye!
php
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: Terminating ...
php
February 08, 2025 at 16:57 (UTC-8:00)2025/02/09 00:57:54 [emerg] 1#1: host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2
nginx
February 08, 2025 at 16:57 (UTC-8:00)nginx: [emerg] host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Configuration complete; ready for start up
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx
February 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx
February 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: ready to handle connections
php
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: fpm is running, pid 1
I am using this nginx default.conf file:
upstream php {
server php:9000;
}
server {
listen 8080;
server_name _;
root /var/www/html/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
}
And this docker file for nginx:
FROM nginx:1.24-alpine
WORKDIR /var/www/html
COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf
COPY ./public /var/www/html
EXPOSE 8080
CMD ["nginx", "-g", "daemon off;"]
And this is the docker file for php:
FROM php:8.2-fpm
RUN apt-get update && apt-get install -y \
unzip git curl libpng-dev libjpeg-dev libfreetype6-dev \
&& docker-php-ext-configure gd --with-freetype --with-jpeg \
&& docker-php-ext-install pdo pdo_mysql gd opcache \
&& rm -rf /var/lib/apt/lists/* # Reduce image size
WORKDIR /var/www/html
COPY . /var/www/html
COPY ./docker/php/conf.d/custom.ini /usr/local/etc/php/conf.d/custom.ini
RUN chown -R www-data:www-data /var/www/html \
&& chmod -R 755 /var/www/html
RUN sed -i 's/^user = ./user = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^group = ./group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.owner = ./listen.owner = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.group = ./listen.group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.mode = .*/listen.mode = 0660/' /usr/local/etc/php-fpm.d/www.conf
CMD ["php-fpm", "-F"]
And this is the ECS task definition:
{
"taskDefinitionArn": "arn:aws:ecs:ca-central-1:537124965615:task-definition/outlier-academy-backend:88",
"containerDefinitions": [
{
"name": "php",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/php:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 9000,
"hostPort": 9000,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "APP_DEBUG",
"value": "false"
},
{
"name": "APP_ENV",
"value": "prod"
}
],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"secrets": [
{
"name": "MYSQL_HOST",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_HOST::"
},
{
"name": "MYSQL_DATABASE",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_NAME::"
},
{
"name": "MYSQL_USER",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_USERNAME::"
},
{
"name": "MYSQL_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_PASSWORD::"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "php"
}
},
"healthCheck": {
"command": [
"CMD-SHELL",
"curl -f http://localhost/health-check || exit 1"
],
"interval": 30,
"timeout": 10,
"retries": 3
},
"systemControls": []
},
{
"name": "nginx",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/nginx:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 8080,
"hostPort": 8080,
"protocol": "tcp"
}
],
"essential": true,
"environment": [],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"dependsOn": [
{
"containerName": "php",
"condition": "START"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "nginx"
}
},
"systemControls": []
}
],
"family": "outlier-academy-backend",
"taskRoleArn": "arn:aws:iam::537124965615:role/ecsTaskRole",
"executionRoleArn": "arn:aws:iam::537124965615:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 88,
"volumes": [
{
"name": "efs-volume",
"efsVolumeConfiguration": {
"fileSystemId": "fs-0eb470888836bb681",
"rootDirectory": "/",
"transitEncryption": "ENABLED",
"authorizationConfig": {
"accessPointId": "fsap-0bb93651afb6e5a92",
"iam": "ENABLED"
}
}
}
],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.container-health-check"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
},
{
"name": "ecs.capability.efsAuth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "ecs.capability.secrets.asm.environment-variables"
},
{
"name": "ecs.capability.efs"
},
{
"name": "ecs.capability.container-ordering"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "2048",
"registeredAt": "2025-02-09T00:56:30.287Z",
"registeredBy": "arn:aws:iam::537124965615:user/ahmed-elkhouly",
"tags": []
}
And this Github actions pipeline for CICD:
on:
push:
branches:
- deploy-on-cloud
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_PHP_REPOSITORY: backend/php
ECR_NGINX_REPOSITORY: backend/nginx
IMAGE_TAG: ${{ github.sha }}
jobs:
deploy:
name: Deploy to AWS ECS
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build & Push Docker Images
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
for service in php nginx; do
docker build -t $ECR_REGISTRY/backend/$service:$IMAGE_TAG \
-t $ECR_REGISTRY/backend/$service:latest \
-f docker/$service/Dockerfile .
docker push $ECR_REGISTRY/backend/$service --all-tags
done
- name: Download ECS Task Definition
run: aws ecs describe-task-definition \
--task-definition ${{ secrets.ECS_TASK_DEFINITION }} \
--query taskDefinition > task-definition.json
- name: Update ECS Task Definition (PHP)
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: php
image: ${{ steps.login-ecr.outputs.registry }}/backend/php:${{ env.IMAGE_TAG }}
- name: Update ECS Task Definition (Nginx)
id: task-def-updated
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
container-name: nginx
image: ${{ steps.login-ecr.outputs.registry }}/backend/nginx:${{ env.IMAGE_TAG }}
- name: Deploy to ECS
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-updated.outputs.task-definition }}
service: ${{ secrets.ECS_SERVICE }}
cluster: ${{ secrets.ECS_CLUSTER }}
wait-for-service-stability: true
- name: Clean Up Old Images
if: always()
run: |
for repo in backend/php backend/nginx; do
aws ecr list-images --repository-name $repo \
--query 'imageIds[?imageTag!=`latest`]|[0].imageDigest' --output text | \
head -n -5 | while read digest; do
[ -n "$digest" ] && aws ecr batch-delete-image --repository-name $repo --image-ids imageDigest=$digest
done
done
I have created the ALB in 2 public subnets and the ECS cluster in 2 private subnets and i have a sg for ALB and sg for ECS and a sg for efs and i allowed all traffic between them for now until i fix my issue. Do i have something wrong in my config that doesn’t allow nginx container to talk to php container, i suppose they can resolve normally using container name since both are in the same ECS task?
I tried to change the nginx configurations many times but didn’t solve the issue, and i am expecting any expert here to help me with any hints to try.