nginx: unable to perform path based routing - docker

I am creating a docker-compose stack with prometheus, grafana and nginx.
I want to provide host-based routing so that the / location redirects to grafana and /prometheus to prometheus.
However the nginx.conf below, does perofmrm / --> grafana redirection but not /prometheus --> prometheus (the later goes to a grafana error page)
Any suggestions?
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location /prometheus {
rewrite ^/prometheus(.*) /$1 break;
proxy_pass http://11.12.12.31:9090;
}
location / {
proxy_pass http://11.12.12.31:3000;
}
(prometheus and grafana are services exposed to 9090 and 3000 respectively)
edit:
nginx_1 | 199.99.99.67 - - [17/Jan/2019:11:10:51 +0000] "GET /prometheus HTTP/1.1" 302 29 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
grafana_1 | t=2019-01-17T11:10:51+0000 lvl=info msg="Request Completed" logger=context userId=1 orgId=1 uname=admin method=GET path=/graph status=404 remote_addr=192.168.96.1 time_ms=8 size=25545 referer=
nginx_1 | 199.99.99.67 - - [17/Jan/2019:11:10:51 +0000] "GET /graph HTTP/1.1" 404 25581 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"

I believe the rewrite ^/prometheus(.*) /$1 break; clause is causing a redirection to /.
The nginx documentation suggests that the rewrite operation actually performs an regular expression against the requested url and replace it with something else.
In this case /prometheus/ is been resolved as / due to regex (.*). This expression means to match 0 or more characters after the word "prometheus" and to capture/store whatever characters found as variable $1.
So path /prometheus is been replaced as / which brings you to the Grafana server.
Removing the rewrite rule will fix your problem.
Reference:
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html
https://regex101.com/r/vjbFdN/1

Related

Debug third-party authentications in localhost with docker and nginx

We have a website where we just added third-party authentications such as Google, Twitter. I'm trying to test these authentications in localhost (MacOS).
I'm running a docker to run nginx, here is docker-compose-dev.xml
version: "3"
services:
https:
image: bitnami/nginx:latest
restart: unless-stopped
ports:
- 443:443/tcp
volumes:
- ./conf.d/dev.conf:/opt/bitnami/nginx/conf/server_blocks/default.conf:ro
extra_hosts:
- "host.docker.internal:host-gateway"
And here is conf.d/dev.conf:
upstream funfun {
server 178.62.87.72:443;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_stapling off;
ssl_stapling_verify off;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options "";
proxy_ssl_name "www.funfun.io";
proxy_ssl_server_name on;
location ~ /socialLoginSuccess {
rewrite ^ '/#/socialLoginSuccess' redirect;
}
location ~ /auth/(.*) {
proxy_pass https://funfun/10studio/auth/$1?$query_string;
proxy_set_header Host localhost;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass http://host.docker.internal:3000/;
# These three lines added as per https://github.com/socketio/socket.io/issues/1942 to remove socketio error
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
The way we launch the app is sudo PORT=8000 HTTPS=true ./node_modules/.bin/react-scripts start. Then https://localhost:8000/#/sign in a browser does open the page where the authentication buttons are.
The url of the button linking to Google authentication is https://localhost/10studio/auth/google. By clicking on it, I see first https://localhost/10studio/auth/google in the browser address bar, but the page to enter Google ID and password does not appear, then several seconds later, the url becomes https://localhost/#/socialLoginSuccess, and the page shows 502 Bad Gateway. I see the following logs in the terminal running nginx:
$ docker-compose --f docker-compose-dev.yml up
WARNING: Found orphan containers (frontend_10studio_1, frontend_frontend_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Starting frontend_https_1 ... done
Attaching to frontend_https_1
https_1 | nginx 21:24:05.37
https_1 | nginx 21:24:05.38 Welcome to the Bitnami nginx container
https_1 | nginx 21:24:05.38 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-nginx
https_1 | nginx 21:24:05.39 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-nginx/issues
https_1 | nginx 21:24:05.39
https_1 | nginx 21:24:05.39 INFO ==> ** Starting NGINX setup **
https_1 | nginx 21:24:05.42 INFO ==> Validating settings in NGINX_* env vars
https_1 | nginx 21:24:05.43 INFO ==> Initializing NGINX
https_1 | realpath: /bitnami/nginx/conf/vhosts: No such file or directory
https_1 |
https_1 | nginx 21:24:05.45 INFO ==> ** NGINX setup finished! **
https_1 | nginx 21:24:05.47 INFO ==> ** Starting NGINX **
https_1 | 172.19.0.1 - - [08/Nov/2021:21:25:06 +0000] "GET /10studio/auth/google HTTP/1.1" 302 0 "https://localhost:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" "-"
https_1 | 172.19.0.1 - - [08/Nov/2021:21:25:07 +0000] "GET /auth/google/callback?code=4%2F0AX4XfWiqleRl2StBpNOgOtzjqZlftvq9-uDmiPVLZqcgo2xjjhohu47iAV5qxoJThaQYzg&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&prompt=none HTTP/1.1" 302 82 "https://localhost:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" "-"
https_1 | 172.19.0.1 - - [08/Nov/2021:21:25:07 +0000] "GET /auth/signinSuccess HTTP/1.1" 302 82 "https://localhost:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" "-"
https_1 | 172.19.0.1 - - [08/Nov/2021:21:25:07 +0000] "GET /socialLoginSuccess HTTP/1.1" 302 138 "https://localhost:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" "-"
https_1 | 2021/11/08 21:25:39 [error] 27#27: *2 connect() failed (110: Connection timed out) while connecting to upstream, client: 172.19.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://192.168.65.1:3000/", host: "localhost", referrer: "https://localhost:8000/"
https_1 | 172.19.0.1 - - [08/Nov/2021:21:25:39 +0000] "GET / HTTP/1.1" 502 552 "https://localhost:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" "-"
Does anyone know what's wrong here?
Additionally, when I debug nginx, it is like a black box for me. I really want to be able to trace and see which url enters which location block, and changes to which url (by proxy_pass or rewrite, etc.). Does anyone have a better way to debug or log that?
Edit 1:
I tried also another slightly different docker-compose-dev.xml:
version: "3"
services:
https:
image: bitnami/nginx:latest
restart: unless-stopped
ports:
- 443:443/tcp
volumes:
- ./conf.d/dev.mac.conf:/opt/bitnami/nginx/conf/server_blocks/default.conf:ro
extra_hosts:
- "172.17.0.1:host-gateway"
And slight different dev.mac.conf:
upstream funfun {
server 178.62.87.72:443;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_stapling off;
ssl_stapling_verify off;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options "";
proxy_ssl_name "www.funfun.io";
proxy_ssl_server_name on;
location ~ /socialLoginSuccess {
rewrite ^ '/#/socialLoginSuccess' redirect;
}
location ~ /auth/(.*) {
proxy_pass https://funfun/10studio/auth/$1?$query_string;
proxy_set_header Host localhost;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass http://172.17.0.1:8000/;
# These three lines added as per https://github.com/socketio/socket.io/issues/1942 to remove socketio error
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
I still launch the app by sudo PORT=8000 HTTPS=true ./node_modules/.bin/react-scripts start. This time, https://localhost:8000/#/sign in a browser opens the page where the authentication button is. Clicking on the button linked to https://localhost/10studio/auth/google opens the Google authentication page. After successful authentication, the url becomes https://localhost/#/socialLoginSuccess, and the page shows 502 Bad Gateway. However, the correct url would be https://localhost:8000/#/socialLoginSuccess.
Here is the log:
https_1 | nginx 03:12:10.32 INFO ==> ** Starting NGINX **
https_1 | 172.19.0.1 - - [12/Nov/2021:03:12:28 +0000] "GET /10studio/auth/google HTTP/1.1" 302 0 "https://localhost:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
https_1 | 172.19.0.1 - - [12/Nov/2021:03:12:46 +0000] "GET /auth/google/callback?code=4%2F0AX4XfWgQ8g3LC6nYxBbk-BjBq0cWGFcfSwoPWZbC8Rky0IVngpAtKTTuYIbYsgbW96g6Dg&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&prompt=consent HTTP/1.1" 302 82 "https://accounts.google.fr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
https_1 | 172.19.0.1 - - [12/Nov/2021:03:12:46 +0000] "GET /auth/signinSuccess HTTP/1.1" 302 82 "https://accounts.google.fr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
https_1 | 172.19.0.1 - - [12/Nov/2021:03:12:46 +0000] "GET /socialLoginSuccess HTTP/1.1" 302 138 "https://accounts.google.fr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
https_1 | 172.19.0.1 - - [12/Nov/2021:03:12:46 +0000] "GET / HTTP/1.1" 502 150 "https://accounts.google.fr/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
https_1 | 2021/11/12 03:12:46 [error] 28#28: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.19.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://172.17.0.1:8000/", host: "localhost", referrer: "https://accounts.google.fr/"
https_1 | 172.19.0.1 - - [12/Nov/2021:03:12:46 +0000] "GET /favicon.ico HTTP/1.1" 502 150 "https://localhost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
https_1 | 2021/11/12 03:12:46 [error] 28#28: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.19.0.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: "http://172.17.0.1:8000/favicon.ico", host: "localhost", referrer: "https://localhost/"
I believe this version of the configuration files is closer to a correct solution. The only problem is that the final url should be https://localhost:8000/#/socialLoginSuccess instead of https://localhost/#/socialLoginSuccess. Does anyone know how to achieve that?
You have error in the logs (and it isn't a problem with authentication):
[error] 27#27: *2 connect() failed (110: Connection timed out) while connecting to upstream, client: 172.19.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://192.168.65.1:3000/"
Your nginx container is not able to reach configured upstream (http://host.docker.internal:3000/). There can be many causes for that error: wrong network/port configuraton, port exposing, moby itself may have a own bugs with host.docker.internal DNS configuration, ...
The OAUTH flow happens successfully.
Note that most of the flow is happening against localhost:8000 which means going AROUND nginx and direct to your app.
Your app is running on port 8000 but you have configured nginx to connect to "upstream" (your app) on port 3000 (see your nginx config).
At the end of the flow the request is not longer going direct to your app but it goes to nginx which then tries to connect to your app/upstream on port 3000 which doesn't work because your app is running on 8000.
Update your nginx config to point at port 8000 and try again.
I'd also suggest that you test the entire flow connecting against nginx rather than connecting directly to your app on port 8000 to reduce confusion.
https_1 | 172.19.0.1 - - [08/Nov/2021:21:25:07 +0000] "GET /socialLoginSuccess HTTP/1.1" 302 138 "https://localhost:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" "-"
https_1 | 2021/11/08 21:25:39 [error] 27#27: *2 connect() failed (110: Connection timed out) while connecting to upstream, client: 172.19.0.1, server: localhost, request: "GET / HTTP/1.1", upstream: "http://192.168.65.1:3000/", host: "localhost", referrer: "https://localhost:8000/"

Nginx 404 not found

I am using docker compose for running nginx with latest version, using the volumes i am copying the nginx.conf files into nginx docker container
nginx:
image: nginx:1.20
container_name: nginx
ports:
- 80:80
restart: unless-stopped
volumes:
- ./nginx/nginx.conf:/etc/nginx/default.conf
depends_on:
- strapi
- rocketchat
- keycloak
networks:
- test-network
Every applications are running on a same Network.
Here is the nginx.conf file
events {
worker_connections 4096; ## Default: 1024
}
http {
server {
listen 80;
server_name qa.xxx.com;
location / {
proxy_pass http://strapi-container:1337/;
}
location /chat {
proxy_pass http://rocketchat-container:3000;
}
location /auth {
proxy_pass http://keycloak-container:8080;
proxy_set_header Host $host;
}
}
}
My intention is to run the three backend URL /, /chat, /auth with nginx configurations. When running the application on instance, http://ip-address/chat, http://ip-address/auth doesn't seems to work
Here is the nginx log error
2021/06/02 07:46:42 [error] 31#31: *1 open() "/usr/share/nginx/html/chat" failed (2: No such file or directory), client: 115.96.103.237, server: localhost, request: "GET /chat HTTP/1.1", host: "310.28.67.222"
115.96.103.237 - - [02/Jun/2021:07:46:42 +0000] "GET /chat HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36" "-"
2021/06/02 07:46:50 [error] 31#31: *2 open() "/usr/share/nginx/html/auth" failed (2: No such file or directory), client: 115.96.103.237, server: localhost, request: "GET /auth HTTP/1.1", host: "310.28.67.222"
115.96.103.237 - - [02/Jun/2021:07:46:50 +0000] "GET /auth HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36" "-"
Try trailing slashes behind the proxy_pass, unless you want to have the folder added.
location /chat {
proxy_pass http://rocketchat-cnr:3000;
}
redirects to http://rocketchat-cnr:3000/chat, while
location /chat {
proxy_pass http://rocketchat-cnr:3000/;
}
redirects to http://rocketchat-cnr:3000/
Visit http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass for more Info

reverse proxy Nginx does not proxy

I am trying to develop an Nginx reverse proxy using docker-compose. I may not be able to state the problem correctly but I am posting the code and error. When I try to proxy to one service, the proxy works but nothing is displayed on the browser.
Here's my nginx.conf :
worker_processes 1;
events { worker_connections 1024; }
http {
sendfile on;
upstream docker-nginx {
server react-app:80;
}
server {
listen 62106;
server_name http://10.1.40.24;
location /try {
rewrite ^/try(.*)$ $1 break;
proxy_pass http://docker-nginx/;
}
}
}
Here's my docker-compose file:
version: '3.5'
services:
react-app:
build:
context: ./my-app
cache_from:
- nginx:alpine
ports:
- "62101:80"
image: app-react-uat:latest
networks:
my-network:
aliases:
- perfreview
server-app:
build:
context: ./Flask
cache_from:
- python:3-slim
environment:
- ENV = production
- PORT = 62102
ports:
- "62102:62102"
image: flask-py-app-uat:latest
nginx-reverse:
build:
context: ./nginx
cache_from:
- nginx:alpine
ports:
- "62106:62106"
depends_on:
- react-app
networks:
- my-network
networks:
my-network:
Here's the error message:
react-app_1 | 172.28.0.3 - - [03/Sep/2019:04:07:03 +0000] "GET / HTTP/1.0" 200 333 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76. 0.3809.132 Safari/537.36" "-"
nginx-reverse_1 | 10.1.20.45 - - [03/Sep/2019:04:07:03 +0000] "GET /try/ HTTP/1.1" 200 333 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome /76.0.3809.132 Safari/537.36"
nginx-reverse_1 | 2019/09/03 04:07:03 [error] 6#6: *12 open() "/etc/nginx/html/static/css/main.c0c280ad.css" failed (2: No such file or directory), client: 10.1.20.45, server: http:// 10.1.40.24, request: "GET /static/css/main.c0c280ad.css HTTP/1.1", host: "10.1.40.24:62106", referrer: "http://10.1.40.24:62106/try/"
nginx-reverse_1 | 10.1.20.45 - - [03/Sep/2019:04:07:03 +0000] "GET /static/css/main.c0c280ad.css HTTP/1.1" 404 555 "http://10.1.40.24:62106/try/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
nginx-reverse_1 | 2019/09/03 04:07:03 [error] 6#6: *13 open() "/etc/nginx/html/static/js/main.5a0e26e5.js" failed (2: No such file or directory), client: 10.1.20.45, server: http://10 .1.40.24, request: "GET /static/js/main.5a0e26e5.js HTTP/1.1", host: "10.1.40.24:62106", referrer: "http://10.1.40.24:62106/try/"
nginx-reverse_1 | 10.1.20.45 - - [03/Sep/2019:04:07:03 +0000] "GET /static/js/main.5a0e26e5.js HTTP/1.1" 404 555 "http://10.1.40.24:62106/try/" "Mozilla/5.0 (Windows NT 10.0; Win64; x 64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
nginx-reverse_1 | 10.1.20.45 - - [03/Sep/2019:04:07:30 +0000] "GET /static/css/main.c0c280ad.css HTTP/1.1" 404 555 "http://10.1.40.24:62106/try/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
nginx-reverse_1 | 2019/09/03 04:07:30 [error] 6#6: *13 open() "/etc/nginx/html/static/css/main.c0c280ad.css" failed (2: No such file or directory), client: 10.1.20.45, server: http:// 10.1.40.24, request: "GET /static/css/main.c0c280ad.css HTTP/1.1", host: "10.1.40.24:62106", referrer: "http://10.1.40.24:62106/try/"
Any help would be grateful. Thank you!
So, I found out the reason behind the error and a way to solve it. Basically, the files of react-app container were not being shared with the reverse-proxy container. Consequently, I used volumes to come around this and set alias to the location of the mounted part in the location part of the config file. Here's the new nginx.conf:
server {
listen 62106;
server_name http://10.1.40.24;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location /perfreview/ {
alias /usr/share/nginx/html/prs;
proxy_pass http://react-app:80/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Hope this helps someone someday!

Virtual host is not accessible outside container using nginx

Below is my docker-compose.yml file.
I am trying to set reverse proxy.
I tried setting VIRTUAL_HOST and VIRTUAL_PORT Environment to virtual docker containers. it is accessible using Host name and port like http://services.local:81
Please suggest how can I access these services using browser.
I want to access services like http://service1.services.local or http://services.local/service1 Here http://services.local is my default host
Note:- I am using jwilder/nginx-proxy
docker-compose.yml
version: '2'
networks:
prodnetwork:
driver: bridge
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
networks:
- prodnetwork
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./nginx.tmpl:/app/nginx.tmpl:ro"
- /etc/nginx/conf.d
environment:
- DEFAULT_HOST=services.local,localhost
dockergen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
networks:
- prodnetwork
volumes_from:
- nginx-proxy
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
service1:
build: vgw1
container_name: service1
networks:
- prodnetwork
ports:
- "81:80"
environment:
- VIRTUAL_HOST=service1.services.local
expose:
- "81"
service2:
build: vgw2
container_name: service2
networks:
- prodnetwork
ports:
- "82:80"
environment:
- VIRTUAL_HOST=service2.services.local
expose:
- "82"
Here vgw1 and vgw2 are two separate dockers which are having Node-Red installed.
Below is nginx-proxy log
WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded.
forego | starting dockergen.1 on port 5000
forego | starting nginx.1 on port 5100
dockergen.1 | 2017/09/01 13:16:59 Generated '/etc/nginx/conf.d/default.conf' from 4 containers
dockergen.1 | 2017/09/01 13:16:59 Running 'nginx -s reload'
dockergen.1 | 2017/09/01 13:17:09 Error running notify command: nginx -s reload, exit status 1
dockergen.1 | 2017/09/01 13:17:09 Watching docker events
dockergen.1 | 2017/09/01 13:17:09 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx.1 | 172.18.0.1 - - [01/Sep/2017:13:17:51 +0000] "GET /service1 HTTP/1.1" 404 571 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36" "-"
nginx.1 | 2017/09/01 13:17:51 [error] 37#37: *1 open() "/usr/share/nginx/html/service1" failed (2: No such file or directory), client: 172.18.0.1, server: localhost, request: "GET /service1 HTTP/1.1", host: "services.local"
nginx.1 | 172.18.0.1 - - [01/Sep/2017:13:18:03 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36" "-"
nginx.1 | 172.18.0.1 - - [01/Sep/2017:13:18:06 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36" "-"
nginx.1 | 2017/09/01 13:18:49 [error] 37#37: *1 "/usr/share/nginx/html/service1/index.html" is not found (2: No such file or directory), client: 172.18.0.1, server: localhost, request: "GET /service1/ HTTP/1.1", host: "services.local"
nginx.1 | 172.18.0.1 - - [01/Sep/2017:13:18:49 +0000] "GET /service1/ HTTP/1.1" 404 571 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36" "-"
2017/09/01 13:19:21 [warn] 44#44: server name "services.local/service1" has suspicious symbols in /etc/nginx/conf.d/default.conf:74
nginx: [warn] server name "services.local/service1" has suspicious symbols in /etc/nginx/conf.d/default.conf:74
2017/09/01 13:19:21 [emerg] 44#44: host not found in upstream "services.local" in /etc/nginx/conf.d/default.conf:78
nginx: [emerg] host not found in upstream "services.local" in /etc/nginx/conf.d/default.conf:78
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
dhparam generation complete, reloading nginx
nginx.1 | 2017/09/01 13:23:27 [error] 37#37: *6 "/usr/share/nginx/html/service1/index.html" is not found (2: No such file or directory), client: 172.18.0.1, server: localhost, request: "GET /service1/ HTTP/1.1", host: "services.local"
nginx.1 | 172.18.0.1 - - [01/Sep/2017:13:23:27 +0000] "GET /service1/ HTTP/1.1" 404 571 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36" "-"
Custom dhparam.pem file found, generation skipped
forego | starting dockergen.1 on port 5000
forego | starting nginx.1 on port 5100
dockergen.1 | 2017/09/04 07:18:19 Generated '/etc/nginx/conf.d/default.conf' from 4 containers
dockergen.1 | 2017/09/04 07:18:19 Running 'nginx -s reload'
dockergen.1 | 2017/09/04 07:18:19 Watching docker events
dockergen.1 | 2017/09/04 07:18:19 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx.1 | localhost 172.18.0.1 - - [04/Sep/2017:07:26:42 +0000] "GET /favicon.ico HTTP/1.1" 503 615 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36"
/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
In order to change the route that your browser maps too, you are going to have to change the configuration in your etc/hosts file. This is virtually telling your browser to look up the DNS records on your local machine for the url that you specify.
There are tools to accomplish this with including GasMask (osX) and Host File Editor (Windows)

Too many redirects error while trying to configure rails application as SSL using nginx and unicorn

I am trying to configure a Rails application with SSL, using Nginx and Unicorn.
I am trying to set it up locally. For that I first created a self-signed certificate using OpenSSL for Nginx. I followed the document for creating self-signed certificates. After that I configured my nginx.conf as below, inside the http block:
upstream unicorn_myapp {
# This is the socket we configured in unicorn.rb
server unix:root_path/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name dev.myapp.com;
rewrite ^/(.*) http://dev.myapp.com/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name dev.myapp.com;
ssl on;
ssl_certificate /etc/nginx/ssl/server.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
root root_path/public;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://unicorn_myapp;
break;
}
}
}
I tried to set it up locally, and started Unicorn locally. I mapped 127.0.0.1 to dev.myapp.com in /etc/hosts. But after starting the server, when I tried to ping the app, it gave the below error in Chrome:
This webpage has a redirect loop
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
and the following error in Firefox:
The page isn't redirecting properly
The nginix.access.log shows the following result:
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:16 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
127.0.0.1 - - [18/Feb/2013:12:56:43 +0530] "-" 400 0 "-" "-"
Can any one please help me out to find the solution?
You are missing a header:
proxy_set_header X-Forwarded-Proto https;
Let me cite a comprehensive post that explains nicely how Rails deals with HTTPS on Nginx:
force_ssl relies on the HTTP_X_FORWARDED_PROTO HTTP header to determine whether or not the request was an HTTPS request. If this setting isn't set to https then you will end up with an infinite redirect loop as force_ssl will always think the forwarded request isn't HTTPS.
Copying the answer from the comments in order to remove this question from the "Unanswered" filter:
Try changing 'rewrite ^/(.*) http://...' to 'rewrite ^/(.*) https://...' and remove listen 80 from the 2nd server block
~ answer per house9

Resources