I have a very simple Docker container, running NGINX and Flask...
My NGINX instance is the front door, which then reverse proxies traffic through to the Flask app.
My issue currently is that I can access the flask app locally, through the Docker internal ip: 172.18.0.2:5000 BUT not as my NGINX instance is configured, I want to access it through localhost:5000.
My code listed is my current nginx.conf file. I have tried different variations of this...However with no luck. Any assistance will be appreciated, How I could access it through localhost, or with my host PC ip.....As mentioned, I cannot figure out why its only accessible through the Docker internal container IP
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 5000;
server_name localhost;
ssl_certificate /root/ssl/cert.pem;
ssl_certificate_key /root/ssl/key.pem;
location / {
proxy_pass "http://localhost:5000/";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
error_page 500 502 503 504 /50x.html;
}
Related
I deployed Nginx reverse proxy in docker, and it belong to the bridge network which using 172.16.10.0/24. And I have the other web app in docker which in different bridge network 172.16.20.0/24. In order to let Niginx reverse proxy to connect web app, I have set Nginx reverse proxy to join the 172.16.20.0/24 as well.
My web app is hosting in http://localhost:8899, and I have bind host:8899 --> container:80. What I want to try is: when someone visit https://mydomain, and reverse proxy should pass to http://localhost:8899.
My nginx config is as follow:
server {
listen 80;
listen [::]:80;
server_name mydomain;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mydomain;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_certificate /ssl/my_domain_cert.pem;
ssl_certificate_key /ssl/my_domain.key;
location / {
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8899;
proxy_read_timeout 90;
}
}
However, when i connect to https://mydomain, the error is SSL handshake failed (Error code 525). How should I fix the problem?
The 525 HTTP error means, there is no valid SSL certificate installed.
The nginx conf is searching for the SSL certificate files in these locations:
ssl_certificate /ssl/my_domain_cert.pem;
ssl_certificate_key /ssl/my_domain.key;
Unless you created a SSL certificate in your Dockerfile or created one before and put them in these locations, you have to MANUALLY create a SSL certificate.
How to create a key and pem file:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7
How to get .pem file from .key and .crt files?
I'm running into a frustrating issue I can't figure out. I have nginx running on an EC2 instance to receive requests and route them to a Docker container on the same EC2 instance running my Django app. Within the container, I have gunicorn and nginx (again) running to handle the web traffic.
All works well if I go to my domain name or IP over http but with https it just hangs and times out eventually. I don't see anything in the logs that might indicate what's going on. Since everything works with http I suspect it's an nginx config issue and nothing to do with my DNS configuration (but I'm not sure). For DNS, I've configured an A record that points to an Elastic IP and a CNAME for www.
Here is the nginx load balancer / reverse proxy config (running directly on the EC2 instance):
server {
server_name mysite.com www.mysite.com;
location / {
proxy_pass http://172.17.0.1:8080;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
#if ($host = www.mysite.com) {
# return 301 https://$host$request_uri;
#} # managed by Certbot
#if ($host = mysite.com) {
# return 301 https://$host$request_uri;
#} # managed by Certbot
listen 80;
server_name mysite.com www.mysite.com;
#return 404; # managed by Certbot
# to be deleted
location / {
proxy_pass http://172.17.0.1:8080;
}
}
I have temporarily enabled traffic on port just for testing but will disable it when everything is up and running.
Here is the nginx configuration within the Docker container (used for serving static files).
error_log /dev/stdout info;
server {
listen [::]:8080;
server_name _;
location /static/ {
alias /opt/www/mysite/static/;
expires 30d;
}
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:10000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_cache_bypass $http_authorization;
add_header X-Cache-Status $upstream_cache_status;
}
}
Conceptually, I don't see anything wrong with my setup, even though it's a little messy to have 2 instances of nginx running. I'm not locked into using nginx (it's just what I'm most familiar with) so open to other alternatives (thinking it might be better to use traefik on the EC2 instance itself).
Problem:
We've setup a docker container running on port 3002 and then configured port 3002 to /path/ on my domain www.example.com. There's an express rest api is running on 3002 port container which outputs the req.hostname and when I make a request from let's say www.abc.com, the consoled value of req.hostname is shown to be www.example.com instead of www.abc.com.
Nginx Conf
server {
listen 443 ssl;
ssl_certificate /etc/ssl/__abc.crt;
ssl_certificate_key /etc/ssl/abc.key;
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass http://localhost:3001/;
proxy_set_header Host $host;
}
location /path/ {
proxy_pass http://localhost:3002/;
proxy_set_header Host $http_host;
}
}
What changes do I have to make so I can get the www.abc.com in consoled value?
Nginx's location blocks should be ordered such that more specific expressions come first.
In your example, you should have:
location /path/ {
proxy_pass http://localhost:3002/;
proxy_set_header Host $http_host;
}
location / {
proxy_pass http://localhost:3001/;
proxy_set_header Host $host;
}
Make sure your changes take effect by either running nginx -s reload or restarting the container
I'm trying to host several websites on my droplet. I'm to do that, I'm using NGINX (not container) as reverse proxy to Dockerized apps. One such app I'm using is the dockerized Mediawiki set to run on 0.0.0.0:8081.
Mediawiki container is based on php7.2-apache.
Nginx configuration :
server {
listen 443 ssl;
index index.php;
server_name my.website.com;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://0.0.0.0:8081;
}
ssl_certificate /etc/letsencrypt/live/my.website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.website.com/privkey.pem; # managed by Certbot
}
I run the application on port 8081, as can be seen by through docker ps -a
CONTAINER IMAGE PORTS
e40c9815d6cc mediawiki 0.0.0.0:8081 -> 80/tcp
I can access my.website.com, but it shows the default Apache Ubuntu default page. Accessing other pages and resources (index.php, /folder/index.php, images/pic.jpg) returns 404.
Testing the container with similar setup on my machine local works. I think there maybe something up I didn't get with the NGINX config.
Help?
I am trying to use nginx on the host machine as the reverse proxy before my nextjs app which is deploy on a swarm mode. But it always shows 404 not found error with path like _next/*****/page/index.js.
When I connect to http://machine-host-name:3000 it works well, but connect to http://machine-hos-name/nextjs it shows the 404 not found error.
Here is my nginx setting
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html index.htm index.nginx-debian.html;
server_name _;
location /nextjs {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:3000/;
}
}
Not sure which part is incorrect, kindly give my some advise.
Thank you.
That method of reverse proxying is an anti-pattern.
Your proxy should be in a swarm service as well.
It should use a swarm-api-aware proxy agent that can update your proxy based on the changes swarm makes.
Two good ones are Docker Flow Proxy and Traefik.