Open MrMMorris opened 7 years ago
codekitchen
commented
7 years ago The proxy won't do anything with HTTPS unless you have certs loaded into the proxy container, did you do that as well? What does your proxy's nginx config look like when the containers are all running? docker exec dinghy_http_proxy cat /etc/nginx/conf.d/default.conf
yoodame
commented
7 years ago @codekitchen I work with @MrMMorris. Here what the nginx config looks like:
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server {
listen 80 default_server;
server_name _;
root /var/www/default/htdocs;
error_page 404 /index.html;
}
upstream .db.graphite.docker {
server 172.17.0.3:3306;
}
server {
server_name .db.graphite.docker;
listen 80;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://.db.graphite.docker;
}
}
upstream .memcached.graphite.docker {
server 172.17.0.4:11211;
}
server {
server_name .memcached.graphite.docker;
listen 80;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://.memcached.graphite.docker;
}
}
upstream .nginx.graphite.docker {
server 172.17.0.7:443;
}
server {
server_name .nginx.graphite.docker;
listen 80;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://.nginx.graphite.docker;
}
}
upstream .web.graphite.docker {
server 172.17.0.5:80;
}
server {
server_name .web.graphite.docker;
listen 80;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://.web.graphite.docker;
}
}Hm yeah, since you haven't added SSL certs to the proxy it's not even listening on port 443.
Oh and actually I missed before that you're hitting port 8080 with http://apache.blah.docker:8080. That is bypassing the proxy completely, the proxy only listens on port 80 (and 443 if you configure SSL). So what you're seeing doesn't have anything to do with the proxy at all, it must be something in your own application that's doing the redirect? Use docker ps to check which container is exposing port 8080 on the host, that'll tell you which container is doing this.
MrMMorris
commented
7 years ago Ah ok,
I thought it might have been dinghy, but thanks for confirming it isn't.
I will try and track down what is causing the redirect.
On May 12, 2017 2:24 AM, "Brian Palmer" notifications@github.com wrote:
Hm yeah, since you haven't added SSL certs to the proxy it's not even listening on port 443.
Oh and actually I missed before that you're hitting port 8080 with http://apache.blah.docker:8080. That is bypassing the proxy completely, the proxy only listens on port 80 (and 443 if you configure SSL). So what you're seeing doesn't have anything to do with the proxy at all, it must be something in your own application that's doing the redirect? Use docker ps to check which container is exposing port 8080 on the host, that'll tell you which container is doing this.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/codekitchen/dinghy-http-proxy/issues/33#issuecomment-300876132, or mute the thread https://github.com/notifications/unsubscribe-auth/ABbM6EQc-TXw1d2LQltgPjuhiO2cju1dks5r41J1gaJpZM4NYK5H .
hey been a while!
I have a setup that has nginx > varnish > apache.
when you hit
nginx.blah.docker, it forces HTTPS because I tell it to:However, I also had it set up (not sure when it worked last) so that if you hit
apache.blah.docker:8080then it serves non-HTTPS and bypasses varnish:Now, it seems that when I go to
http://apache.blah.docker:8080, it gets forced to HTTPS which is not what I want (and chrome throws an error).I see that with the http proxy, I should be able to set
HTTPS_METHOD=noredirecton the apache container and it shouldn't redirect to HTTPS correct? I have tried and it doesn't seem to work.Is there some way to disable the redirect to HTTPS entirely? I need to be able to hit nginx and it goes all the way through varnish and apache as HTTPS, but when hitting apache, it stays HTTP.
I don't really need the proxy handling any redirects for me.
Any ideas?