search

DanielDent / docker-nginx-ssl-proxy

SSL Front-End Proxy With Automatic Free Certificate Management
https://hub.docker.com/r/danieldent/nginx-ssl-proxy/
Other
204 stars 68 forks source link

Problem with proxies #17

Closed SuperJakish closed 5 years ago

SuperJakish commented 5 years ago

Hey there! I was able to get this working with docker-compose on my ubuntu system to the point where I could reach my landing page from outside my network with SSL enabled. Super cool! I'm running into an issue with adding another config file and setting up a reverse proxy for the services running in other docker containers. I can navigate all of the other containers on my local network, so I know they are running, but I can't see them from outside the network.

Here is a grab from my docker-compose.yml file:

services:
    sslproxy:
        container_name: sslproxy
        image: danieldent/nginx-ssl-proxy
        restart: always
        depends_on:
            - organizr
        environment:
            UPSTREAM: organizr
            SERVERNAME: [myserver]
            #EXTRANAMES:
        ports:
            - "88:80"
            - "443:443"
        volumes:
            - ./letsencrypt/organizr.conf:/etc/nginx/conf.d/organizr.conf

    organizr:
        container_name: organizr
        image: lsiocommunity/organizr
        volumes:
            - ./organizr/config:/organizr/config
            - ./organizr/db-files:/db-files
            - ./organizr/images:/images
        privileged: true
        ports:
            - "8585:80"

    ombi:
        container_name: ombi
        image: linuxserver/ombi
        privileged: true
        environment:
            - TZ=America/New_York
        depends_on:
            - organizr
        ports:
            - "3579:3579"
        volumes:
            - ./ombi:/ombi/config

If I comment out the volume call for my custom config file, I land on the organizr page. Whenever I try to add proxy calls to my other containers and include the volume call, the whole things breaks and I can't see the organizr landing page.

Here is my ombi.conf file for reference:

server {
        listen 88 default_server;
        server_name [myserver];
        proxy_pass http://127.0.0.1:88;
        include /etc/nginx/proxy.conf
        }

server {
        listen 443 ssl http2 default_server;
        server_name [myserver];
        root /var/www/Organizr/;
        access_log /var/log/nginx/organizr.access.log main;
        error_log /var/log/nginx/organizr.error.log warn;
        allow all;
        log_not_found off;
        access_log off;
        }

#############################
# Block access without host #
#############################

if ($http_host != "[myserver]") {
       return 444;
       }

########################
# Organizr Error Pages #
########################

error_page 400 401 403 404 405 408 500 502 503 504 /error.php?error=status;

#########################
# Organizr server block #
#########################

client_max_body_size 1M;
location / { }
try_files $uri $uri/ =404;
index index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_index index.php;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
access_log off;
proxy_cookie_path / "/; secure; HttpOnly";
}

location ~ \.(log|db|json|check)$ {
deny all;
}

location ^~ /check.php {
deny all;
}

location ~ /\.ht {
deny all;
}

location /auth-admin {
        internal;
        #rewrite ^ /auth.php?admin&ban=someone,thisperson;
        proxy_pass http://127.0.0.1:8585/auth.php?admin;
        proxy_set_header Content-Length "";
}

location /auth-user {
        internal;
        proxy_pass http://127.0.0.1:8585/auth.php?user;
        proxy_set_header Content-Length "";
}

server {

        listen 80;
        server_name [myserver]

        ############################
        # Organizr Proxy Locations #
        ############################
        # ombi
        location /ombi {
                auth_request /auth-admin;
                proxy_pass http://127.0.0.1:3579/ombi;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                #proxy_redirect off;
                #proxy_buffering off;
                #access_log off;
        }
}

Do you have any thoughts you would be willing to share with me? Thank you kindly!

DanielDent commented 5 years ago

I'm not familiar with the apps you are referencing, and I don't really have time to look too closely at the config file you've pasted, but at a glance, it looks like its doing a lot more than simply proxying.

Usually the configurations you add to this image would only proxy back to other containers. Also make sure to refer to those containers using the names of those containers. Docker assigns them RFC1918 IP addresses which you can reference with the name of the container. 127.0.0.1 won't work.

The "proxy.conf" in this repo is a good approximation of the config you need for each vhost.

Also know that there are others who have published let's encrypt certificate management proxies which may be a better choice for you if you have multiple vhosts. It can be done with this container, but it's not as elegant as it could be.

SuperJakish commented 5 years ago

Thanks for the insite. I'll poke around some more and see what I can find.