Develop Reference

certbot challenge fails with jellyfin as it returns 404

jellyfin container runs behind nginx reverse proxy.
When I try to get an ssl certificate, jellyfin unfortunately returns a 404 error. Anyone know what I need to change in the configuration to make it work?
my docker-compose.yml
services:
nginx:
container_name: nginx
image: nginx:1.23.3-alpine
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./nginx/conf.d/:/etc/nginx/conf.d/
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/certs/:/etc/nginx/certs/
networks:
- jellyfin
jellyfin:
container_name: jellyfin
image: jellyfin/jellyfin
restart: unless-stopped
user: 1000:1000
volumes:
- ./jellyfin/config:/config
- ./jellyfin/cache:/cache
- ./jellyfin/media/:/media
networks:
- jellyfin
networks:
jellyfin:
driver: bridge
my nginx .conf file
upstream jellyfin {
server jellyfin:8096;
}
server {
listen 80;
server_name jellyfin.mydomain.com;
location / {
proxy_pass http://jellyfin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#upgrade to WebSocket protocol when requested
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
certbot response
Type: unauthorized
Detail: Invalid response from
http://jellyfin.mydomain.com/.well-known/acme-challenge/C8YTfjbIku65D_Hb2BCTkWEzdcwBqk4g8Wks0umq4Hw:
404

Does accessing a remote server IP address via the browser default resolve to port 80?

I have a containerized app that uses nginx as a reverse proxy. If I map nginx ports as 1337:80 I am only able to reach my website at <MY_INSTANCE_IP>:1337. If I instead map nginx ports as 80:80 I am able to reach my website at <MY_INSTANCE_IP>. Changing the ports in my docker-compose file worked but I'd like to know why.
My docker-compose config:
version: '3.7'
services:
web:
build:
context: .
dockerfile: ./compose/production/flask/Dockerfile
image: flask_web
command: /start
volumes:
- .:/app
expose:
- 5000
env_file:
- .env/.prod
environment:
- FLASK_APP=app
nginx:
build: ./compose/production/nginx
ports:
- 80:80
depends_on:
- web
My nginx config:
upstream flask-app {
server web:5000;
}
server {
listen 80;
server_name <MY_INSTANCE_IP>;
location / {
proxy_pass http://flask-app;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
# client_max_body_size 20M;
}
}

So, you have nginx set to listen on port 80 (default http). When you set the port for your nginx service in docker-compose the first number is the port that docker will "publish" the service on the host and the second number, after the colon (:), is the port the server is listening on "inside" the container. See:
https://docs.docker.com/config/containers/container-networking/#published-ports for more detail.

Nginx Reverse proxy for a docker container running at port 80

My docker compose looks like this:
version: '3.2'
services:
mediawiki:
image: mediawiki:lts
nginx:
image: nginx:stable-alpine
depends_on:
- mediawiki
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
ports:
- 80:80
#...
Where mediawiki is a docker container that runs on port 80 in docker and does not appear to have a way to change the port number.
I'm trying to expose mediwiki through ngninx and the nginx config looks like this:
events {
}
http {
server {
listen 80;
location / {
client_max_body_size 2M;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_pass http://mediawiki:80;
}
}
}
Since both nginx and mediawiki is running at port 80, I can't set portmap mediwiki 80:80.
I've tried mapping it to another port under mediawiki such as 7001:80 and in nginx config replace http://mediawiki:80 with http://mediawiki:7001 but this produces bad gateway error when loading the site url at port 80.
How might I fix this?

Let's have a look at reverse proxy in which case I use.
version: '3.2'
services:
mediawiki:
image: mediawiki:lts
nginx:
build: .
image: A_NEW_NAME:VERSION_TAG
depends_on:
- mediawiki
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./wiki.conf:/etc/sites-available/wiki.conf
ports:
- 80:80
This should be your wiki.conf contents:
server {
listen 80;
server_name THE_DOMAIN_NAME_OF_YOUR_MEDIAWIKI;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://mediawiki:80;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
And add a Dockerfile in the directory where your docker-compose file is:
FROM nginx:stable-alpine
COPY wiki.conf /etc/sites-available/
RUN cd /etc/sites-enabled/ && ln -s /etc/sites-available/wiki.conf
And keep your nginx.conf as default values, or change some values on your own but do not add any directives to serve wiki.
You can replace THE_DOMAIN_NAME_OF_YOUR_MEDIAWIKI wit the actual domain name. Like if you have media.com and your wiki wants to be accessible at wiki.media.com.
Now you can run docker-compose up -d --build and see the result.

Change the service port for media wiki to 8080, like
8080:80
and
Change the nginx port to 7001 inside the local nginx.conf and
proxy_pass http://mediawiki:8080;
./nginx.conf:/etc/nginx/nginx.conf
So, nginx will run on port 7001 and mediawiki on 80.
version: '3.2'
services:
mediawiki:
image: mediawiki:lts
nginx:
image: nginx:stable-alpine
depends_on:
- mediawiki
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
ports:
- 80:7001
#...
Then access the app at http://mediawiki:80

Nginx: 502 Bad Gateway within docker stack

I have docker stack running 2 containers, first is Nginx, second - application.
The problem is that nginx shows Bad Gateway error:
Here is nginx conf:
upstream example {
server mystack_app1;
# Also tried with just 'app1'
# server mystack_app2;
keepalive 32;
}
server {
listen 80;
server_name example;
location / {
proxy_pass http://example;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
Here is docker-compose.yml
version: "3"
services:
app1:
image: my-app:latest
ports:
- "9000:9000"
networks:
- webnet
web:
image: my-web:latest
ports:
- "81:80"
networks:
- webnet
deploy:
restart_policy:
condition: on-failure
networks:
webnet:
I use following command to deploy docker stack:
docker stack deploy -c docker-compose.yml mystack
So I can access application from host's browser by localhost:9000 - it works ok.
Also, from the nginx container, I can ping mystack_app1.
But when accessing localhost:81, nginx shows 502 Bad Gateway
Please help.

It looks like your upstream definition is not correct. It's trying to connect to port 80 instead of port 9000.
Try
upstream example {
server mystack_app1:9000;
# Also tried with just 'app1'
# server mystack_app2;
keepalive 32;
}
Btw, I suggest you to use the container_name in your docker-compose file.

acces docker containers by ip vs port expose

I do have a DOCKER_HOST specified by :
DOCKER_HOST=tcp://g3-docker-1:2375
secured by TLS. On this host I could have quite a view "jboss/wildfly" containers in different configurations and loaded with different apps. They can be started on request by some people for software testing purposes. The following docker-compose is used :
version: '2'
services:
wildfly:
build:
dockerfile: Dockerfile.wildfly
context: .
ports:
- "8080:8080"
depends_on:
- logvolume
- mariadb
volumes_from:
- logvolume
mariadb:
image: mariadb:latest
ports:
- "3307:3307"
environment:
- MYSQL_ROOT_PASSWORD=secret
logvolume:
build:
dockerfile: Dockerfile.logvolume
context: .
volumes:
- /opt/jboss/wildfly/standalone/log:/opt/jboss/wildfly/standalone/log
I am planning to build quite a view containers each one with different preloaded data and different webapps inside "wildfly"
When I start these containers each one is assigned a IP addres inside the _dirname_default network (bridged). Jboss is reachable by the outside world with $DOCKER_HOST:8080 and maria_db is reachable so fine so good ...
But what if I have a couple of this. Do I have to map different ports to the different wildflys or is there another way to access the dockerized wildflys by the outside eg. via the containerid or so ?

I am now using nginx as reverse proxy in order to decide based on the url which wildfly to talk to
This needs an addtional service in docker-compose.yml like this :
reverseproxy:
build:
dockerfile: Dockerfile.nginx
context: .
ports:
- 80:80
depends_on:
- wildfly
and the following nginx.conf:
worker_processes 1;
events { worker_connections 1024; }
http {
sendfile on;
upstream docker-wildfly {
server wildfly:8080;
}
server {
listen 80;
location /wildfly/ {
proxy_pass http://docker-wildfly/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
Each wildfly will get its own location