SSL Nginx with HTTP Docker Container pass Data from HTTP to HTTP - docker

I'm running a Gitlab instance with Nginx and force HTTP to HTTPS. On the same server I' running a Docker container (Jetty) on Port 9000 which can only deal with HTTP. The setup ist
Server:80 (HTTP) -> Server:443 (HTTP) - Redirect by NGINX works
Server:443 (HTTPS) - direct NGINX call works
Server:9000 (HTTP) - Docker container works
Now I would like to add a HTTPS call for the Docker Container through NGINX, to get:
Server:9001 (HTTPS by NGINX) -> Server:9000 - NGINX should manage the HTTPS and pass the data to the HTTP Docker container
I have found this description but I'm not sure how to do it correctly. Gitlab can deal with a custom NGINX configuration, so how can I deal with a crrect configuration

Related

Nginx proxy pass for ingress and egress

I would like to forward traffic using (reverse) proxy for both ingress and egress while manipulating the request and response URI's.
The scenario is this:
Ingress
Request from the internet (with request uri of "/test/") enters an ec2 instance on port 8888, it then goes into a Nginx docker container that listens on this port and proxy pass it to a second docker container while 'replacing' the request uri to be "/" on port 12345 (then inside the container forward it onto port 8787 to a web application).
Egress
The response that comes back from the second docker container to the Nginx container has to be "rebuild" again to the original uri ("/test/") and sent back as a response to the original client.
I think I got the ingress part by configuring the Nginx like this:
server {
listen 8888;
server_name 172.17.0.1;
location / {
proxy_pass "http://172.17.0.1:12345";
}
}
but it seems not quite right as I thought it should be using the Nginx itself (172.17.0.3) as the "server_name" and the web application (172.17.0.2) as the upstream, but that didnt work (502 error).
I'm attaching an image for this scenario, Thanks.
You can run both NGINX and Web App docker containers on the same network by creating a docker network and specifying the network while running the containers with the --network flag. With this setup, you wouldn't have to bind the host port (12345) while running the Web App and it would be accessible from the Nginx container on <webapp_container_name>:8787. So you can specify this in proxy pass - http://<webapp_container_name>:8787

Running behind a proxy server

I want to run my GitLab runner behind a proxy server and I have already installed cntlm and config it with my proxy server
the next step I'm trying to do is configure docker HTTP/HTTPS proxy variables as above:
[Service]
Environment=“HTTP_PROXY=http://*.*.*.*:port”
Environment=“HTTPS_PROXY=https://*.*.*.*:port”
Environment=“NO_PROXY=localhost,127.0.0.1”
My first question is what should I put in port?
Should it be my proxy server port or 80/443 or 3128?
Thanks.
The solution was running above command line:
gitlab-runner run
If you are running with a local proxy, then the port should be 3128.
It is from that port the local proxy will redirect to the actual NTLM proxy.
I have been using nrwl/nx for years, with as environment variables:
HTTPS_PROXY=http://127.0.0.1:3128
HTTP_PROXY=http://127.0.0.1:3128

Docker container redirecting

Hi i have a url called :
https://wona.logs.co.za
And i need it to redirect to the speciic docker container at port 3000
( http://156.43.123.226:3000)
However when i try link https://wona.logs.co.za to 156.43.123.226:3000 i cannot enter a port number in the redirection to specify my docker container
Multiple things that do not fit.
you try to redirect https traffic to an http endpoint. That won't wortk
you are trying to directly redirect to another port (from 443, to 3000). That won't work either.
Solution
Create a proxy container. e.g. nginx that serves port 80 / 443 and redirects traffic to your application on port 3000. I recommend that you do not directly expose your application - only via the proxy.
Once you have a proxy container that listens to the same ports you can easily use the redirect as you described.
The question lacks the current setup of docker on mentioned server. From what i understood, is you already have docker running with orchestrator and a proxy server for main domain, and now you want to put up a subdomain which forwards traffic to one specific container.
For this, you need to spin an image of your application which listens on port 3000, add an entry in proxy server to forward traffic to your new container. Handle the ssl handshaking at proxy level.

2 services on same hostname but different ports

I had 2 service on a server that run on 2 different ports. One of them on port 80 and another on port 3000. I want to address them like this:
http://xxx.ttt.example : the one that run on port 3000
http://xxx.ttt.example/zzz : the one that run on port 80
what should I do?
You need to use a reverse proxy server such as nginx to achieve this. As port can be mentioned only in SRV records at DNS level, and most browser ignore this record while resolving a dns query for a http request.
The domain will point to a reverse proxy server and at proxy server you can configure where to pull response from based on the request.
Setup -
Setup nginx reverse proxy server.
point your domain xxx.ttt.example to the nginx server.
In nginx config set a rule based on request uri fetch the response from port 3000.

Traefik configuration to allow websocket and https on the same port of a container

I have a docker container (nginx) which expose only 1 port 443. This container listens to protocoles wss and https.
I need to configure my docker-compose file to push informations to my consul catalog. How can I put informations to add these 2 protocoles ?
*docker-compose.yml*:
nginx:
labels:
SERVICE_443_NAME: ws-name
SERVICE_443_TAGS: 'traefik.protocol=wss,traefik.frontend.entryPoints=wss,traefik.frontend.rule=Host:web.mydomain.com;Path=/ws'
Have you any idea to add https protocol on the same SERVICE_TAGS ?
For information, my architecture is : traefik -> consul catalog -> registrator -> container nginx
Replace traefik.protocol=wss by traefik.protocol=https.
And use the a simple https entrypoint named https.

Resources