Closed STaRDoGG closed 5 years ago
That's for the heads up, we'll look into it
Can you go back to the stock proxy.conf and just replace the line proxy_set_header X-Forwarded-Host $host;
with proxy_set_header X-Forwarded-Host $host:$server_port;
and see if that solves it?
No luck changing that one to $host:$server_port;
, but keeping it as $http_host
, and leaving the other one as it originally was: proxy_set_header Host $host:$server_port;
seems ok at a quick test.
I'll keep that one that way and come back and update if that broke anything else that I'm not noticing right now, while also keeping X Forwarded Host as $http_host
. I've only tested with Tautulli so far, which had a problem with keeping the port in tact through requests.
btw, side note, I'm setting up Calibre using the LS container and noticed that the container page on docker hub says there's supposed to be some calibre sample confs included in the LE container, but I don't see any there? Only reason I mention it is because the sample on that page doesn't follow the same patterns as the samples that come with it. i.e. the include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_
stuff.
Tried a few configs like radarr, sonarr, etc. and cannot reproduce the behavior you described. The only one that exhibits it is calibre-web, which doesn't use the proxy.conf we supply. And even after making your suggested changes, it still doesn't work over a non-443 port
Maybe my setup is just a bit complicated. Here's how mine goes:
When I make the change that I mention above, it works great; when I used the original code (or the code ya gave me to test) it removed the port.
I get it, I set up the same environment for testing. I cannot reproduce the behavior you're observing. I tried radarr, sonarr, and a few others and they all resolve fine at addresses like https://domain.com:444/radarr
You need to give me more specifics on what exactly doesn't work and how they are set up
I forget offhand now, since I've gotten them all working, but I think the Tautulli container along with the original tautulli subfolder sample was one of them. Other than what I've already mentioned I can't really think of anything else configuration-wise that's out of the ordinary.
I am still having a problem getting a Sourcegraph subdomain RP working using the samples as a template, but for that I have a feeling it might be something other than just the port issue alone, though I could very easily be wrong, I'm still pretty n00bish at Nginx.
Update: I just realized something after typing out this post; I forgot to include some details that may (or may not) also help.
My port 3333 is added to the letsencrypt Docker run cmd:
docker run --restart always -p 3333:443 -d --name nginx --network=my-bridge --cap-add=NET_ADMIN -e PUID=197609 -e PGID=197121 -e "TZ=America/Chicago" -e "URL=domain.rocks" -e "SUBDOMAINS=my,sourcegraph,grafana,prometheus,resilio-sync,syncthing" -e VALIDATION=dns -e ONLY_SUBDOMAINS=true -e DNSPLUGIN=cloudflare -v "/d/Sites/MyWeb/.config/Nginx:/config" linuxserver/letsencrypt
My current (working) Tautulli Subfolder conf looks like this:
# first go into tautulli settings, under "Web Interface", click on show advanced, set the HTTP root to /tautulli and restart the tautulli container
location /tautulli {
return 301 $scheme://$http_host/tautulli/;
}
location ^~ /tautulli/ {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
#auth_request /auth;
#error_page 401 =200 /login;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_tautulli tautulli;
proxy_pass http://$upstream_tautulli:8181;
}
location ^~ /tautulli/api {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_tautulli tautulli;
proxy_pass http://$upstream_tautulli:8181;
}
My current default
file in site-confs
looks like this:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /config/www;
index index.php index.html index.htm;
# my.domain.rocks
server_name my.*;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
# enable for ldap auth
#include /config/nginx/ldap.conf;
client_max_body_size 0;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
include /config/nginx/proxy-confs/*.subdomain.conf;
proxy_cache_path cache/ keys_zone=auth_cache:10m;
And my current proxy.conf looks like this:
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
#proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $http_host;
#proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
#proxy_cookie_path / "/; HTTPOnly; Secure"; # enable at your own risk, may break certain apps
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
I think your issue is not that the port is being removed, but since nginx is only setup to listen on port 443, that is what it thinks is being accessed and the trimming is more of a browser function as https defaults to port 443. You'd probably want to add listen blocks for port 3333 and setup your container with port 3333:3333 instead of 3333:443.
I experienced a similar issue and finally figured this out as the solution. All of the headers take the server listen port into account only and nginx can only forward port information it knows about.
Can't reproduce
I was having a lot of issues getting these sample proxies to work on my docker setup (using the LS LetsEncrypt container) because I needed to have the port included in each request as well, for example, I need this:
https://my.domain.rocks:1234/someotherstuff
in every call, but the samples always removed the port, so it became this:
https://my.domain.rocks/someotherstuff
which broke a lot of things.
Editing the following 2 lines in
proxy.conf
to look like this seemed to magically make all of the .sample scripts work again.Thought I'd pass the tip along, since after a few days of Google-Fu and even a stop into the LS Discord chan came up empty. Other than that, great container!