Setting a port for the container leads to 502 Bad Gateway

[PCE-Consulting]

Describe your issue

Hi,

i am new to Docker and WikiDocs, and i am trying to get it all togehter since five days now. My setup looks like this:

• Hetzner Cloud Server with Docker CE
• Multiple Subdomains with an A-record to the IP of the Server

First thing i did was installing portainer. Works without any problems. Next was setting up a new network, called my-network, for my containers. Then i installed nginx proxy manager, which also was not a problem. I then used one of my subdomains (proxy.host.tld) to point to nginx - i secured it with SSL. No problems until here. Now i installed WikiDocs, and setup a subdomain with nginx to Wikidocs, which worked. But i can't access the WikiDocs site, because i get a 502 Bad Gateway error. I double checked my firewall, ports are open. If i install WikiDocs without giving any port, it launches on port 80 as default and works - but: Port 80 is in use from nginx, to get the SSL certificates from Letsencrypt. So i want WikiDocs to use port 8080, i tried 9006 and a few others too - but it always leads me to the 502 Bad Gateway error. I don't know what i am doing wrong, this is the only container i got problems with. Is that a bug in WikiDocs, or is it just me?

Thanks for help!

Device and settings

Hetzner Cloud Server with Docker CE

Steps to reproduce

1) Install Portainer 2) Install Nginx 3) Install WikiDocs as a new container, checking "Manual network port publishing" and set a port for host and container, lets say 8080 oder 9006, or whatever you like

Now the 502 Bad Gateway error appears when trying to reach the container.

Screenshots (optional)

No response

Extra fields

• [ ] I'd like to work on this issue

[Zavy86]

are you using a docker compose file? if yes can you paste it?

On Sun, 25 Aug 2024, 20:37 pce-Consulting, @.***> wrote:

Describe your issue

Hi,

i am new to Docker and WikiDocs, and i am trying to get it all togehter since five days now. My setup looks like this:

• Hetzner Cloud Server with Docker CE
• Multiple Subdomains with an A-record to the IP of the Server

First thing i did was installing portainer. Works without any problems. Next was setting up a new network, called my-network, for my containers. Then i installed nginx proxy manager, which also was not a problem. I then used one of my subdomains (proxy.host.tld) to point to nginx - i secured it with SSL. No problems until here. Now i installed WikiDocs, and setup a subdomain with nginx to Wikidocs, which worked. But i can't access the WikiDocs site, because i get a 502 Bad Gateway error. I double checked my firewall, ports are open. If i install WikiDocs without giving any port, it launches on port 80 as default and works - but: Port 80 is in use from nginx, to get the SSL certificates from Letsencrypt. So i want WikiDocs to use port 8080, i tried 9006 and a few others too - but it always leads me to the 502 Bad Gateway error. I don't know what i am doing wrong, this is the only container i got problems with. Is that a bug in WikiDocs, or is it just me?

Thanks for help! Device and settings

Hetzner Cloud Server with Docker CE Steps to reproduce

1. Install Portainer
2. Install Nginx
3. Install WikiDocs as a new container, checking "Manual network port publishing" and set a port for host and container, lets say 8080 oder 9006, or whatever you like

Now the 502 Bad Gateway error appears when trying to reach the container. Screenshots (optional)

No response Extra fields

• I'd like to work on this issue

— Reply to this email directly, view it on GitHub https://github.com/Zavy86/WikiDocs/issues/173, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPU5YYB3RMQAE3RS5E4DWTZTIP7LAVCNFSM6AAAAABNCYMQAWVHI2DSMVQWIX3LMV43ASLTON2WKOZSGQ4DKNBRGI4DEMQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[leomoon]

One other thing to watch for is, if you are using the original docker-compose which is using apache, your nginx must be a reverse proxy.

Here's a demo I made with this setup: https://demo.lmx.to

• Original docker-compose that is using apache

  ---
  services:
  wikidocs:
  image: zavy86/wikidocs
  container_name: wikidocs
  environment:
    - PUID=1000
    - PGID=1000
  ports:
    - 9090:80
  volumes:
    - ./datasets:/datasets

• Using nginx as reverse proxy, proxy_pass:

  server {
  listen               443 ssl http2;
  include              /etc/nginx/snippets/security_headers.conf;
  server_name          demo.lmx.to;
  ssl_certificate      /path/to/fullchain.pem;
  ssl_certificate_key  /path/to/privkey.pem;
  ssl_stapling         on;
  ssl_stapling_verify  on;
  ssl_protocols        TLSv1.2 TLSv1.3;
  ssl_ciphers          'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;
  add_header           X-Frame-Options "SAMEORIGIN";
  add_header           X-XSS-Protection "1; mode=block";
  add_header           X-Content-Type-Options "nosniff";
  add_header           Referrer-Policy "origin";
  add_header           Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
  add_header           Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
  # no cache
  add_header Last-Modified $date_gmt;
  add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
  if_modified_since off;
  expires off;
  etag off;
  location / {
      #return 503; #demo.lmx.to
      client_max_body_size 1m; #demo.lmx.to
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_pass http://192.168.50.25:9090; #proxyPass demo.lmx.to
      proxy_redirect off;
      proxy_buffering off;
  }
  error_page 400       /error/400.html;
  error_page 401       /error/401.html;
  error_page 403       /error/403.html;
  error_page 404       /error/404.html;
  error_page 500       /error/500.html;
  error_page 502       /error/502.html;
  error_page 503       /error/503.html;
  location ^~ /error/ {
      internal;
      root /var/www/default/;
  }
  }

[PCE-Consulting]

I am not so fit in these things, i click on add Container, and then he asks me for the image, and it is docker.io/zavy86/wikidocs - then i add the network port and add the network as mentioned and the container is being deployed and is ready. The same way i installed nginx proxy manager. So i guess that is wrong?

[leomoon]

Use this for your docker compose

---
services:
  wikidocs:
    image: zavy86/wikidocs
    container_name: wikidocs
    environment:
      - PUID=1000
      - PGID=1000
    ports:
      - 9090:80
    volumes:
      - ./datasets:/datasets

Then in nginx proxy manager use port 9090

[PCE-Consulting]

That does not work, it is unreachable, until i get the container at the same network that nginx is - but then the 502 Bad Gateway is back. I still think it is a port problem.

[PCE-Consulting]

I maybe found the problem, i guess it is "user error". While setting up my subdomain for wikidocs in nginx, i need to give the ip adress and a port. For the port, i was using 9090. I now set it to 80, and it works. I will now reboot the whole server and see, if everything launches correctly, or if i get the 502 error back.

EDIT: Nope, after a reboot it does not work, 502 bad gateway is back. So it must be a problem with the ports, and i don't know how to handle that :/

EDIT2: Time to go to bed now, but it seems like, i got it working. Ports are 9090:80 as you suggested, and in nginx it is also port 9090. I was wondering what was happening after i rebooted the server, so i double checked everything. Before i did a reboot, the containers ip was 172.19.0.4 - after the reboot, the ip was 172.19.0.2. And in nginx, .4 was set - so it could not work. I don't know why the ip changed, now it works. Next problem is, that i can't get an SSL certificate with nginx now. It just says "internal error" when i request it. This could maybe be the next port or network issue. Close to giving up to be honest, just wanted a little wiki for my company and WikiDocs was looking awesome. Since i am using Obsidian for a long time, i could copy/paste much of the content, but at the moment i am frustrated, because i don't know enough to maintain docker and containers, it's like rocket science for me.

EDIT3: Really wanted to go in bed :D But, i just looked in the logs and found the problem with SSL:

Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: kb.xxxxx.xx, retry after 2024-08-27T08:04:05Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/

So with all the testing and re-deploying, i just ran over a limit from letsencrypt. So maybe everything will work tomorrow.

[Zavy86]

omg :D it looks like a tv series :P we are eagerly awaiting the successful outcome!

[leomoon]

This should work now. You need to wait for a few days before you can get a cert. You are temporary banned. You can use another email to unban yourself.

Next steps:

• You need to make sure the container ip dosen't change
• Don't request too many certs :D

[Zavy86]

or using the container service name? (here my demo configuration)

DOCKER-COMPOSE:

version: '2'
volumes:
  wikidocs-demo-datasets:
    external: true
networks:
  reverse-proxy:
    external: true
services:
  wikidocs:
    image: zavy86/wikidocs
    container_name: wikidocs-demo
    hostname: wikidocs-demo
    restart: unless-stopped
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - wikidocs-demo-datasets:/datasets
    networks:
      - reverse-proxy

NGINXPM:

[PCE-Consulting]

Good idea, will keep that in mind. Waiting now until tomorrow to go live, all looks good now - except SSL, but i just need to wait until they clear my ban. Next things will be learning how to move files to the container, i want to change the favicon for example, and i want to be able to save the md-files for an additional backup. So...much to learn for me as a beginner with docker :)

[Zavy86]

hi, please use the last version that fix some problems.. if you want to overwrite default files like favicon you can create a directory on your machine and put on it your files with the same name of the originals like homes/you/wikidocs/favicon.ico and the map it has a volume like:

[...]
    volumes:
      - wikidocs-demo-datasets:/datasets
      - homes/you/wikidocs/favicon.ico:/favicon.ico
[...]

for backup you can locate the volume path on your machine and backup it o if you prefer you can map also this in you home like;

[...]
    volumes:
      - homes/you/wikidocs/datasets:/datasets
      - homes/you/wikidocs/favicon.ico:/favicon.ico
[...]

and create a backup of the full homes/you/wikidocs/ directory

[PCE-Consulting]

I think i will give up on this. The 502 Bad Gateway is back. I finally could get my SSL certificate, and then 502 Bad Gateway is back. When i change Port 9090 to 80 in nginx, it works, until the server restarts - because port 80 is in use from nginx itself to obtain Letsencrypt certs. So i don't know what is causing the error, and i think i will search a simple Wiki which i could put on my webhosting. Docker seems way to complicated, and i just don't want to spend more of my time with it, since it is just not logical for me, what is causing this stupid error.

[leomoon]

That's why you need to setup nginx as a reverse proxy. Nginx is using port 80. No other service can use that. So wikidocs will run on port 9090 for example and nginx will reverse proxy it. This means if anyone requested wiki.example.com to nginx, nginx will redirect requests to localhost:9090...

[PCE-Consulting]

Wikidocs is using Port 80 in his own container, but should use 9090 to the host. So for my understanding it can not be, that nginx in hs container with port 80 could conflict with Wikidocs - but it does, because for some reason Wikidocs uses port 80 to the host. You also told me do do it like this, see: https://github.com/Zavy86/WikiDocs/issues/173#issuecomment-2309026368 So why is Wikidocs launching on port 80 outside the container? Does make no sense for me, unless the setting is ignored.

[leomoon]

yes wikidocs is using port 80 internally inside docker container.

But you can map it to anything else using docker-compose! The port on the right is docker internal, and the port on the left is the new mapped port...

So in the docker-compose below we are mapping wikidocs' container port 80 to localhost 9090...

services:
  wikidocs:
    image: zavy86/wikidocs
    container_name: wikidocs
    environment:
      - PUID=1000
      - PGID=1000
    ports:
      - 9090:80
    volumes:
      - ./datasets:/datasets

Then nginx reverse proxy would listen to 9090 in this case and forward the requests out to 80...

It would be something like: Request > Nginx:80(443 for ssl) > localhost:9090 (wikidocs) > container:80 > localhost:9090 (wikidocs) > Nginx:80(443 for ssl) > request back to user...

[PCE-Consulting]

Yes but it does not - that is what i am saying. With that config, i get 502 Bad Gateway. When i change in nginx to port 80, Wikidocs is showing up - until the next restart. So something does not work with the port bindings.

[leomoon]

This setup I explained is what I'm using atm.

There's something missing in your nginx reverse proxy.

[PCE-Consulting]

I don't know what. I used the docker compose as you mentioned, then i setup my subdomain in nginx, told nginx to look at the ip of the internal network on port 9090 and saved the entry. When i click on it, i get 502 Bad Gateway. If i edit the entry again, and change port 9090 to 80, it works. So i don't know what is missing or wrong, i just can't follow some instructions or something is broken.

[ffiesta]

Wikidocs is using Port 80 in his own container, but should use 9090 to the host. So for my understanding it can not be, that nginx in hs container with port 80 could conflict with Wikidocs - but it does, because for some reason Wikidocs uses port 80 to the host. You also told me do do it like this, see: #173 (comment) So why is Wikidocs launching on port 80 outside the container? Does make no sense for me, unless the setting is ignored.

Hi, i tested some web servers and depending on server there is many modes to configure, thinking that normally 1 service to 1 port, Webservices use port 80 http and to https port 80 + 443 to send and receive (s) secure certificate from https, however this is depending of webserver and how it works.

When I go to website we don't need to know port because all website use port 80.

Because i don't know how docker works it's difficult to identify your problem but:

1. Some webservers sends all request traffic to port 80, and use domain.name to redirect to folder;
2. some webservers you need to configure 1 port to 1 domain, if you have 3 domain 1 use port 80 to 80, 2 use port 8081 to 80 and 3 use port 8082 to 80.
3. Another server you can redirect port 8081 to 8081 bit you need internali configure all services to use port 8081, this meaning o use domain.com:8081 and it redirect to folder or domain.com:8081 but you need to add this to configuration files, and this configuration you need to have mode to add this.

In case of wikidocs i think you don't need because it works like static website, you put files define port on docker on a folder and it will work.

If you can do, make some simple test create a space on docker to server a site site like html5up.net or another site, when you se site put wikidocs, adapting htacces and config file.

• Enable docker logs an read this files;
• Check proxy forward port 9090 to 80

[ffiesta]

I don't know what. I used the docker compose as you mentioned, then i setup my subdomain in nginx, told nginx to look at the ip of the internal network on port 9090 and saved the entry. When i click on it, i get 502 Bad Gateway. If i edit the entry again, and change port 9090 to 80, it works. So i don't know what is missing or wrong, i just can't follow some instructions or something is broken.

And when you write wikidocs.com:9090 (change wikidocs.com to your specific domain)!?

[Zavy86]

hi @pce-Consulting, i can't try with your provider because i don't find a free plan.. but:

tldr:

1. install docker
2. install portainer
3. install nginxpn not nginx
4. setup wikidocs
5. setup host in nginxpm

in details:

create a subdomain or a domain

configured in A to the virtual machine IP or in CNAME to virtual machine cname assigned by your provider

wikidocs.you.com A 123.123.123.123 or wikidocs.you.com CNAME yourmachine.hetzner.com

create a network for reverse proxy

docker network create --driver bridge reverse-proxy

setup portainer

create a volume for portainer data

docker volume create portainer_data

create a portainer-docker-compose.yml file for portainer

version: '3'

volumes:
  portainer_data:
    external: true

networks:
  reverse-proxy:
    external: true

services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    hostname: portainer
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - portainer_data:/data
    networks:
      - reverse-proxy
    ports:
      - 9000:9000
      - 9443:9443

and launch it

docker-compose -f portainer-docker-compose.yml -p portainer up -d

setup nginxpm

create two volumes one for data and one for certificates

docker volume create nginxpm_data docker volume create nginxpm_letsencrypt

create a nginxpm-docker-compose.yml file for nginxpm

version: '3'

volumes:
  nginxpm_data:
    external: true
  nginxpm_letsencrypt:
    external: true

networks:
  reverse-proxy:
    external: true

services:
  nginxpm:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginxpm
    hostname: nginxpm
    restart: unless-stopped
    volumes:
      - nginxpm_data:/data
      - nginxpm_letsencrypt:/etc/letsencrypt
    networks:
      - reverse-proxy
    ports:
      - 80:80
      - 81:81
      - 443:443

and launch it

docker-compose -f nginxpm-docker-compose.yml -p nginxpm up -d

open the web application on port 81 and create a new proxy host

if you want you can also enable https in the ssl tab

setup wikidocs

create a volume for datasets docker volume create wikidocs-datasets

create a wikidocs-docker-compose.yml file for nginxpm

version: '3'

volumes:
  wikidocs-datasets:
    external: true

networks:
  reverse-proxy:
    external: true

services:
  wikidocs:
    image: zavy86/wikidocs
    container_name: wikidocs
    hostname: wikidocs
    restart: unless-stopped
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - wikidocs-datasets:/datasets
    networks:
      - reverse-proxy

and launch it

docker-compose -f wikidocs-docker-compose.yml -p wikidocs up -d

you are done!

pro tips:

you can create other subdomains for portainer and nginx

portainer.you.com A 123.123.123.123 nginxpm.you.com A 123.123.123.123

in the nginxpm create two new proxy hosts

[PCE-Consulting]

Thank you for the help. I finally got it working, well, i must say, Hetzner did. Something was not right with my cloud server, they said they had some firewall issues on the host, and i could move to another host. I used a snapshot to rebuild everything, and it straight worked. I also installed ERPnext without any trouble. Since they gave me no more details, i can't tell you more - but i'm happy that it is working now. Cost me a few years of lifetime i think :D