I deployed Nginx reverse proxy in docker, and it belong to the bridge network which using 172.16.10.0/24. And I have the other web app in docker which in different bridge network 172.16.20.0/24. In order to let Niginx reverse proxy to connect web app, I have set Nginx reverse proxy to join the 172.16.20.0/24 as well.
My web app is hosting in http://localhost:8899, and I have bind host:8899 --> container:80. What I want to try is: when someone visit https://mydomain, and reverse proxy should pass to http://localhost:8899.
My nginx config is as follow:
server {
listen 80;
listen [::]:80;
server_name mydomain;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mydomain;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_certificate /ssl/my_domain_cert.pem;
ssl_certificate_key /ssl/my_domain.key;
location / {
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8899;
proxy_read_timeout 90;
}
}
However, when i connect to https://mydomain, the error is SSL handshake failed (Error code 525). How should I fix the problem?
The 525 HTTP error means, there is no valid SSL certificate installed.
The nginx conf is searching for the SSL certificate files in these locations:
ssl_certificate /ssl/my_domain_cert.pem;
ssl_certificate_key /ssl/my_domain.key;
Unless you created a SSL certificate in your Dockerfile or created one before and put them in these locations, you have to MANUALLY create a SSL certificate.
How to create a key and pem file:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7
How to get .pem file from .key and .crt files?
Related
I have a very simple Docker container, running NGINX and Flask...
My NGINX instance is the front door, which then reverse proxies traffic through to the Flask app.
My issue currently is that I can access the flask app locally, through the Docker internal ip: 172.18.0.2:5000 BUT not as my NGINX instance is configured, I want to access it through localhost:5000.
My code listed is my current nginx.conf file. I have tried different variations of this...However with no luck. Any assistance will be appreciated, How I could access it through localhost, or with my host PC ip.....As mentioned, I cannot figure out why its only accessible through the Docker internal container IP
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 5000;
server_name localhost;
ssl_certificate /root/ssl/cert.pem;
ssl_certificate_key /root/ssl/key.pem;
location / {
proxy_pass "http://localhost:5000/";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
error_page 500 502 503 504 /50x.html;
}
I'm running into a frustrating issue I can't figure out. I have nginx running on an EC2 instance to receive requests and route them to a Docker container on the same EC2 instance running my Django app. Within the container, I have gunicorn and nginx (again) running to handle the web traffic.
All works well if I go to my domain name or IP over http but with https it just hangs and times out eventually. I don't see anything in the logs that might indicate what's going on. Since everything works with http I suspect it's an nginx config issue and nothing to do with my DNS configuration (but I'm not sure). For DNS, I've configured an A record that points to an Elastic IP and a CNAME for www.
Here is the nginx load balancer / reverse proxy config (running directly on the EC2 instance):
server {
server_name mysite.com www.mysite.com;
location / {
proxy_pass http://172.17.0.1:8080;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
#if ($host = www.mysite.com) {
# return 301 https://$host$request_uri;
#} # managed by Certbot
#if ($host = mysite.com) {
# return 301 https://$host$request_uri;
#} # managed by Certbot
listen 80;
server_name mysite.com www.mysite.com;
#return 404; # managed by Certbot
# to be deleted
location / {
proxy_pass http://172.17.0.1:8080;
}
}
I have temporarily enabled traffic on port just for testing but will disable it when everything is up and running.
Here is the nginx configuration within the Docker container (used for serving static files).
error_log /dev/stdout info;
server {
listen [::]:8080;
server_name _;
location /static/ {
alias /opt/www/mysite/static/;
expires 30d;
}
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:10000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_cache_bypass $http_authorization;
add_header X-Cache-Status $upstream_cache_status;
}
}
Conceptually, I don't see anything wrong with my setup, even though it's a little messy to have 2 instances of nginx running. I'm not locked into using nginx (it's just what I'm most familiar with) so open to other alternatives (thinking it might be better to use traefik on the EC2 instance itself).
I am trying to setup Nginx Docker reverse proxy with a single container and am getting connection refused. See attachment for error.Results of browsing to https://IPAddressofServer
I am getting the following error in the logs:
2021/10/21 17:41:00 [warn] 19199#19199: conflicting server name "" on 0.0.0.0:443, ignored
Can anyone assist with this issue?
OS is Ubuntu 20 running on an Azure VM
Here is my .conf configuration within /etc/nginx/sites-enabled
`server {
listen 443 ssl;
server_name DNSNameofServer;
ssl_certificate /etc/ssl/certs/ChainedCertName.pem;
ssl_certificate_key /etc/ssl/certs/KeyFileName.key-plain.key;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://DNSNameofServer:8088;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}`
I have this configuration:
upstream frontend_upstream {
# FrontEnd part based on `frontend` container with React app.
server frontend:3000;
}
server {
...
listen 80;
server_name stage.example.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
# Define the location of the proxy server to send the request to
# Web it's a name of Docker container with a frontend.
proxy_pass https://frontend_upstream;
...
}
# Setup communication with API container.
location /api {
proxy_pass http://api:9002;
rewrite "^/api/(.*)$" /$1 break;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name stage.example.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/stage.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stage.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://frontend_upstream;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I want to be able to connect to my application via HTTP and HTTPs, but SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream raises.
What is wrong with this configuration?
There are a lot of similar issues, but none of them helps me.
location / {
# Define the location of the proxy server to send the request to
# Web it's a name of Docker container with a frontend.
proxy_pass http://frontend_upstream;
...
}
try this.
Your upstream most likely works on http, not on https.
I have hit this roadblock where I am not able get the SSL Certificates from Let's encrypt.
I am using Nginx , Certbot and trying to get SSL running for my site with a node backend.
I tried to follow this post as my knowledge is limited. Any help pointers would be highly appreciated.
https://medium.com/#pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
As the post mentions , I first try to run the script to get a dummy certificate. I have modified the script to point to my domain.
But I get this error
Failed authorization procedure. example.org (http-01):
urn:ietf:params:acme:error:connection :: The server could not connect
to the client to verify the domain :: Fetching
http://example.org/.well-known/acme-challenge/Jca_rbXSDHEmXz8-y3bKKckD8g0lsuoQJgAxeSEz5Jo:
Connection refused
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.org Type: connection Detail: Fetching
http://example.org/.well-known/acme-challenge/Jca_rbXSDHEmXz8-y3bKKckD8g0lsuoQJgAxeSEz5Jo:
Connection refused
This is my nginx configuration
upstream app {
server app:3000;
}
server {
listen 80;
server_name example.org;
location / {
proxy_pass http://app/;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# location /api/ {
# proxy_pass http://app/;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
# }
}
server {
listen 443 ssl;
server_name example.org;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://example.org; #for demo purposes
}
}