I have an nginx inside a docker container which I want to force SSL on all request. Because I need to expose the webserver port in a different port outside the container, I'm not using standar ports when accesing the server.
I mapped the SSL port 443 inside my container to 8888 outside, so when I write the URL https://myserver:8888 the HTTPS works fine.
What happens when I don't use the https prefix? The port 443 is still listening but since I'm not using https schema I get the following error:
400 Bad Request
The plain HTTP request was sent to HTTPS port
If I redirect request to port 80 to 443 it is not enough, since because I'm accesign by the port 8888 the all requests are incoming by port 443, but I can not guarantee the schema used is HTTP.
I mean, the following block has not effect because I'm not exposing port 80 outside, only 8888 which maps direcly to 443
server {
server_name myserver;
listen 80;
return 301 https://$host:$server_port$request_uri;
}
How can I force it to work even when the user puts http on the URL?
Thank you
You have to use two different ports : for example 8888 and 8889.
Bind the first port to the container's 80, and the second to 443.
If a client want to contact your container on http it will have to use 8888 (-> 80). If the vhost is well configured nginx will serve a 301 or 302 HTTP return code (a redirect) to the https port (8889 -> 443).
So your return might look like
return 301 https://$host:8889$request_uri;
And the client will start a TLS connection on the right port.
Due to technical limitation it's pretty hard to use the same port for both clear traffic and TLS-encrypted one, so most of the webservers will listen on two distinct ports : 80 for plain-text and 443 for TLS.
Related
I use docker/docker-compose and nginx on my own server.
I was able to access to my container via external port
like my_adress:8080
then i made a redirect via nginx
{
listen 80
servername my_adress.8080
return 301 https://my_adress.8080
}
and then i removed the nginx conf.
I restarted nginx services
but now i can't access to http://my_adress:8080 anymore
there is an automatic redirect 301 to https://my_adress without port 8080
I search online how to remove nginx cache or something similar by didn't find it
i searched in https://serverfault.com/questions/825331/nginx-still-redirects-even-though-i-removed-the-rule-from-the-conf
but diden't find solution
when i do service docker status
i get in CGroup: /system.slice/docker.service
/usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 8080 -container-ip 172.19.0.3 -container-port 80
Any ideas why i doesn't work anymore?
I found where the problem was.
I was using the image https://hub.docker.com/r/onlyoffice/documentserver
and i set up the https config
see "Running ONLYOFFICE Docs using HTTPS" in this page :
https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx
And on this image they were an automatic proxy to redirect https to https, so i was not linked to the nginx conf on my server it was only inside the docker-proxy
So the 2 solutions that i found:
remove the https configuration so it would be available in http
or binding host server port 443 (https) to the 443 port of the ONLYOFFICE
container, so the redirection works
I want my nginx listen to port 80 and redirect to my website in Tomcat Docker on port 80 as well.
I tried change port of Tomcat to other and when user visits my website, it shows the port number in URL bar. So I want to use the default port 80.
The problem is that I cannot run nginx and Tomcat Docker on port 80 at the same time.
Correct, you should run
-- nginx in port 80
-- set Tomcat to run with another port (e.g. 8080)
-- use proxy_pass option in nginx, setting http://localhost:8080
I am trying to set up a Docker Nginx Proxy server to forward incoming requests to their corresponding Docker Container on 192.168.1.120 or to the Router's Web-Admin at 192.168.1.1
So right now I am in a bit of a pickle, but I need to set this up regardless. I have this setup right now
Router 192.168.1.1 (Web Admin + Port Forwarding)
Server1 LAMP - (Router Forwards -> port 80 for LAMP Server)
Server2 Docker - (Router Forwards -> 20 SSH, 8080, 9000 Docker Admin)
So I have to configure the port forwarding through my Router's web interface, which is accessible on port 8080. But the issue is that right now I moved to Florida, and I had stupidly added a port-forwarding rule on 8080 to forward to Shipyard Docker Manager, which I eventually planned to install an Nginx-Proxy Forwarding Docker container. I never got the forwarding Docker container working, and I eventually switched to Portainer on port 9000 which I had to configure because it was the only other port I had already set forwarded before I lost access to my Router's web interface, and thus lost the ability to forward ports.
The downside is that I cannot access my Router's web interface. The upside is that - I still have to implement an Nginx-Proxy port forwarding Container anyways, to set up dynamic port 80 forwarding to different Docker containers based on the URL.
So I want to mvoe my LAMP server on as a new Docker Container, and then I will also have a few other Rails Docker containers - but I need to configure a Docker Container to forward the app to differnt servers based on the port. I assume I need to have 2 dockers running - one for port 80 forwarding, and then one for port 8080 forwarding - this is not a problem.
I have not been able to correctly configure my Nginx config to forwarding an incoming request from my domain-name that I have point to my server (my.domain.com below), needs to get forwarded to my router 192.168.1.1. Any help / suggestions on how to configure my Nginx-Proxy Docker Container to forward this correctly, or what I should setup here to forward incoming requests to a web-server dynamically based on the URL. I can install any Docker containers I need for this.
My current Config /etc/nginx/nginx.conf, running on a Nginx-Proxy Docker Container on port 8080 (Google to find the Docker Image for nginx-proxy)
# My Nginx Config to forward my.domain.com
http {
resolver 127.0.0.1;
access_log /var/logs/nginx/access.log;
server {
listen 8080;
server_name my.domain.com;
return 301 http://192.168.1.1:8080/$request_uri;
}
}
I get these errors:
[error] 55#55: *2274 datacenter.URL.com could not be resolved (110: Operation timed out), client: 166.172.189.185, server: datacenter.URL.com, request: "GET / HTTP/1.1", host: "datacenter.URL.com:8080"
[error] 55#55: recv() failed (111: Connection refused) while resolving, resolver: 192.168.1.1:8080
EDIT: I just noticed that I can only have one Docker Container running at-a-time for each port. So I need to figure out how to forward requests to different servers's + ports based on the Domain Name. So each URL forwarding rule entry needs to be able to go to different servers all running on all different ports.
I need to redirect http port 80 to port with specific page, which running on port 9090/somepage.
So in short:
Need redirect x.x.x.x:80 -> x.x.x.x:9090/page
I tried to do by command iptable, but I not be able to redirect port to specific port and page (only port to another port).
Please how I can realize this?
You probably need an proxypass in the virtualhost to redirect it. For Apache:
https://httpd.apache.org/docs/current/mod/mod_proxy.html
In IIS, I noticed when you use the default ports (80 for http and 443 for https) the port number doesn't display at the end of the URL in your browser. However, if you use a different port it will display.
Example:
Default port generates link: http://www.example.com
Custom port generates link: http://www.example.com:8301
Is there a setting you can change to make the port (in this case, :8301) not display without using the defaults?
80 is a default port for HTTP connections.
http://example.com = http://example.com:80
443 is a default port for HTTPS connections.
https://example.com = https://example.com:443
If you are hosting on an other port, you have to include it in the URL.
It's not a IIS rule - it's about HTTP in general. You cannot configure the server in such way that http://example.com will work with port 8301 and I can't imagine any situation when it can be useful. I strongly believe that 80 port is chosen by default on a browser-side but not assigned on a server-side.
If you want users to reach this website by http://example.com URL and it must be a main page then swap your 8301 and 80 ports WebSites' bindings.