Working example for subpath with nginx reverse proxy

[dewijones92]

First, I need to say THANKS SO MUCH for this great repo. Just a small issue that is probably my own fault.

I am trying to put limeserver behind a nginx reverse proxy But I am getting a 500.

Can anyone PLEASE suggest corrections to my config? Thanks 😊

2023/04/22 08:09:23 [error] 12#12: *67 rewrite or internal redirection cycle while internally redirecting to "index.php", client: 127.0.0.1, server: dewijones92vultr.duckdns.org, request: "GET /111/survey/ HTTP/1.1", host: "dewijones92vultr.duckdns.org" 127.0.0.1 - - [22/Apr/2023:08:09:23 +0000] "GET /111/survey/ HTTP/1.1" 500 170 "-" "curl/7.74.0" "-"

pi@raspberrypi:~/code/dot-files/serverconfig/code/server_docker $ curl -vvv https://dewijones92vultr.duckdns.org/111/survey/
*   Trying 81.109.194.223:443...
* Connected to dewijones92vultr.duckdns.org (81.109.194.223) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=dewijones92vultr.duckdns.org
*  start date: Apr 10 08:52:50 2023 GMT
*  expire date: Jul  9 08:52:49 2023 GMT
*  subjectAltName: host "dewijones92vultr.duckdns.org" matched cert's "dewijones92vultr.duckdns.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
> GET /111/survey/ HTTP/1.1
> Host: dewijones92vultr.duckdns.org
> User-Agent: curl/7.74.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Server: nginx
< Date: Sat, 22 Apr 2023 08:01:00 GMT
< Content-Type: text/html
< Content-Length: 170
< Connection: close
<
<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
pi@raspberrypi:~/code/dot-files/serverconfig/code/server_docker $

server {
    client_max_body_size 0;
    listen 80;
    server_name dewijones92vultr.duckdns.org;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    client_max_body_size 0;
    listen 4433 ssl;
    server_name dewijones92vultr.duckdns.org;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/dewijones92vultr.duckdns.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dewijones92vultr.duckdns.org/privkey.pem;

    location /111/survey/ {
            try_files $uri /index.php?$args;
        }
        location ~ ^/(protected|application|framework|themes/\w+/views) {
            deny  all;
        }
        location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
            try_files $uri =404;
        }
        location ~ \.php$ {
            fastcgi_split_path_info  ^(.+\.php)(.*)$;
            try_files $uri index.php;
            include fastcgi_params;
            fastcgi_index index.php;
            fastcgi_pass  localhost:9762;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  SCRIPT_NAME      $fastcgi_script_name;
            # For Subdomains like https://survey.example.com
            # fastcgi_param  HTTP_HOST      survey.example.com;
        }

}

cat  docker-compose.yml
version: '3'
services:
        limesurvey:
                ports:
                        - "9762:8080"
                image: docker.io/martialblog/limesurvey:latest
                volumes:
                        - /limesurvey/upload/surveys:/var/www/html/upload/surveys
                links:
                        - lime-db
                depends_on:
                        - lime-db
                environment:
                        - "DB_TYPE=pgsql"
                        - "DB_PORT=5432"
                        - "DB_HOST=lime-db"
                        - "DB_PASSWORD=secret"
                        - "ADMIN_PASSWORD=XXXXXX"
                        - "PUBLIC_URL=https://dewijones92vultr.duckdns.org/111/survey/"  # Example, Change this
                        - "BASE_URL=https://dewijones92vultr.duckdns.org/111/survey/"  # Example, Change this
        lime-db:
                image: docker.io/postgres:10
                volumes:
                        - /limesurvey/db/data:/var/lib/postgresql/data
                environment:
                        - "POSTGRES_USER=limesurvey"
                        - "POSTGRES_DB=limesurvey"
                        - "POSTGRES_PASSWORD=secret"

root@raspberrypi:/home/pi/code/dot-files/serverconfig/code/server_docker/bin # sudo docker inspect bin-limesurvey-1
[
    {
        "Id": "7174c2178722afbcfb5123a8d6979799aa07f989ddb038c2c3388bb45fb34bc6",
        "Created": "2023-04-22T05:59:19.05095551Z",
        "Path": "/usr/local/bin/entrypoint.sh",
        "Args": [
            "apache2-foreground"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 2050642,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2023-04-22T05:59:30.147116425Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:120b8354f98b163745f1b0c2941836940bb4974c4f8285d0394bd49014c580d0",
        "ResolvConfPath": "/var/lib/docker/containers/7174c2178722afbcfb5123a8d6979799aa07f989ddb038c2c3388bb45fb34bc6/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/7174c2178722afbcfb5123a8d6979799aa07f989ddb038c2c3388bb45fb34bc6/hostname",
        "HostsPath": "/var/lib/docker/containers/7174c2178722afbcfb5123a8d6979799aa07f989ddb038c2c3388bb45fb34bc6/hosts",
        "LogPath": "/var/lib/docker/containers/7174c2178722afbcfb5123a8d6979799aa07f989ddb038c2c3388bb45fb34bc6/7174c2178722afbcfb5123a8d6979799aa07f989ddb038c2c3388bb45fb34bc6-json.log",
        "Name": "/bin-limesurvey-1",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/limesurvey/upload/surveys:/var/www/html/upload/surveys:rw"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "bin_default",
            "PortBindings": {
                "8080/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "9762"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "ConsoleSize": [
                0,
                0
            ],
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "private",
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": [],
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": null,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/365635ad1b5afbee92f8aa5bc700ed4bb68b10a604515e9124dda7ce0935f3bf-init/diff:/var/lib/docker/overlay2/39890be88db4a05836868b6e5c6d7c65f6198ee7fa7a1614faa1a6fc886edb5d/diff:/var/lib/docker/overlay2/f31cbce40e016ea801f0898a501d2f573f3c69956188c038f633ba8e1c8145a7/diff:/var/lib/docker/overlay2/ad28b75388bba6de3b3896191a18ba28c8694ebcbe6774675bba8e6e4ec3750d/diff:/var/lib/docker/overlay2/6fc9709c6099972f5161d1790bed11be9be483febd8b3063f04027fd0be77505/diff:/var/lib/docker/overlay2/65641c691330116c5273d842cae9e68ef7de7ab3850647f9f4e4fb21efd8082f/diff:/var/lib/docker/overlay2/c21f61fc8b24fe95138838bfaef336203a3979e51887bdbcc1ec11047caca56c/diff:/var/lib/docker/overlay2/af618c7ab6ed9f20a582f33da17289b5dc9c22b84be7976cacfea9d9fa6fb873/diff:/var/lib/docker/overlay2/f2191d1de7d341b5238b0f93dbb9304cccae231c8ac0eebb760a625d24bebcf7/diff:/var/lib/docker/overlay2/51e2340a4ce2ababea50fe0792824f82b4795ffa584bfcae196239cebafa7fda/diff:/var/lib/docker/overlay2/898907116ecbc2af99396b8a12b14ce533ad2ce571004aa526e6d862ca650f49/diff:/var/lib/docker/overlay2/ca5921a62da5b8d5f98f409a102278b6f8d2f7e7606b87aa674fcf8426ae6b8d/diff:/var/lib/docker/overlay2/a77e54f488d756a1a0c79dee44ee8ffdbf4a99861ff8ba5d08601707a281e2ad/diff:/var/lib/docker/overlay2/02df701c7bdabbdc1dca03121209fb9c21b555aff69f5e6488d40d2aefd7854c/diff:/var/lib/docker/overlay2/1d655889a24f92a3bf7eb6f2f271191d956e5a0dba447b8da1da48e96140b5cd/diff:/var/lib/docker/overlay2/960b6e15ac8208ef6b54c7778d7dc7d582d225a175959693b4069420500b208a/diff:/var/lib/docker/overlay2/b31ec6cc15e8f5abe844c0580858b9debb066ae992f698e7063522b7fd2bc92d/diff:/var/lib/docker/overlay2/ddac2af48b7c2dc4c405b144867e801d5f3350dc3d90ea86867e3b73725bac52/diff:/var/lib/docker/overlay2/5712a7cee559627d41b984d960b005a184bb577249f10cadad9ec4f12000763f/diff:/var/lib/docker/overlay2/3ee5d304a00d2ef5c85626abd202a2165b627be9de31bd009a0bf434f0887e03/diff:/var/lib/docker/overlay2/0affb7beaa8d1e16107e9d51fcdf1cea1c5e3c316ec3b6dce8c11cde5c83dc69/diff:/var/lib/docker/overlay2/9ff4e132a0a8398f44f191906cbe66443d45427cbc18ed0af275c6923becdb94/diff:/var/lib/docker/overlay2/ab234c65c352ce34a00cbc11f15c09b99c79122db80fa7bbaf981599fd3633b0/diff",
                "MergedDir": "/var/lib/docker/overlay2/365635ad1b5afbee92f8aa5bc700ed4bb68b10a604515e9124dda7ce0935f3bf/merged",
                "UpperDir": "/var/lib/docker/overlay2/365635ad1b5afbee92f8aa5bc700ed4bb68b10a604515e9124dda7ce0935f3bf/diff",
                "WorkDir": "/var/lib/docker/overlay2/365635ad1b5afbee92f8aa5bc700ed4bb68b10a604515e9124dda7ce0935f3bf/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/limesurvey/upload/surveys",
                "Destination": "/var/www/html/upload/surveys",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "7174c2178722",
            "Domainname": "",
            "User": "www-data",
            "AttachStdin": false,
            "AttachStdout": true,
            "AttachStderr": true,
            "ExposedPorts": {
                "80/tcp": {},
                "8080/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "DB_TYPE=pgsql",
                "DB_PORT=5432",
                "DB_HOST=lime-db",
                "DB_PASSWORD=secret",
                "PUBLIC_URL=https://dewijones92vultr.duckdns.org/111/survey/",
                "BASE_URL=https://dewijones92vultr.duckdns.org/111/survey/",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "PHPIZE_DEPS=autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c",
                "PHP_INI_DIR=/usr/local/etc/php",
                "APACHE_CONFDIR=/etc/apache2",
                "APACHE_ENVVARS=/etc/apache2/envvars",
                "PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
                "PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
                "PHP_LDFLAGS=-Wl,-O1 -pie",
                "GPG_KEYS=528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 39B641343D8C104B2B146DC3F9C39DC0B9698544 F1F692238FBC1666E5A5CCD4199F9DFEF6FFBAFD",
                "PHP_VERSION=8.1.18",
                "PHP_URL=https://www.php.net/distributions/php-8.1.18.tar.xz",
                "PHP_ASC_URL=https://www.php.net/distributions/php-8.1.18.tar.xz.asc",
                "PHP_SHA256=f3553370f8ba42729a9ce75eed17a2111d32433a43b615694f6a571b8bad0e39",
                "LIMESURVEY_VERSION=6.0.1+230411"
            ],
            "Cmd": [
                "apache2-foreground"
            ],
            "Image": "docker.io/martialblog/limesurvey:latest",
            "Volumes": {
                "/var/www/html/upload/surveys": {}
            },
            "WorkingDir": "/var/www/html",
            "Entrypoint": [
                "/usr/local/bin/entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "com.docker.compose.config-hash": "edd7353c3e8e0df87f3b7da4d5a9df4996376a401b1b630788539f9a5c6a3649",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.depends_on": "lime-db:service_started",
                "com.docker.compose.image": "sha256:120b8354f98b163745f1b0c2941836940bb4974c4f8285d0394bd49014c580d0",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "bin",
                "com.docker.compose.project.config_files": "/home/pi/code/dot-files/serverconfig/code/server_docker/bin/docker-compose.yml",
                "com.docker.compose.project.working_dir": "/home/pi/code/dot-files/serverconfig/code/server_docker/bin",
                "com.docker.compose.service": "limesurvey",
                "com.docker.compose.version": "2.14.0",
                "maintainer": "markus@martialblog.de",
                "org.opencontainers.image.created": "2023-04-18T13:13:31.821Z",
                "org.opencontainers.image.description": "A Docker Image for LimeSurvey",
                "org.opencontainers.image.licenses": "MIT",
                "org.opencontainers.image.revision": "d3c5ed4e3529e25b885d4cbb582f7ae406d53172",
                "org.opencontainers.image.source": "https://github.com/martialblog/docker-limesurvey",
                "org.opencontainers.image.title": "docker-limesurvey",
                "org.opencontainers.image.url": "https://github.com/martialblog/docker-limesurvey",
                "org.opencontainers.image.version": "6.0.1-230411-apache"
            },
            "StopSignal": "SIGWINCH"
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "79930c05884c9a6b4c55ac20bdf1df8cbbe891695c89ca3776e724587c49fe63",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "80/tcp": null,
                "8080/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "9762"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "9762"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/79930c05884c",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "bin_default": {
                    "IPAMConfig": null,
                    "Links": [
                        "bin-lime-db-1:lime-db",
                        "bin-lime-db-1:lime-db-1",
                        "bin-lime-db-1:bin-lime-db-1"
                    ],
                    "Aliases": [
                        "bin-limesurvey-1",
                        "limesurvey",
                        "7174c2178722"
                    ],
                    "NetworkID": "7a4b6e0a5c6f0e00b045b439ef960559a6ffb88cad122b8c3c38d250785308eb",
                    "EndpointID": "5278e998b50e5348c7ef08505cb9cf7e8824522dcfb6c6e6c7aea455fa8c978b",
                    "Gateway": "172.20.0.1",
                    "IPAddress": "172.20.0.10",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:14:00:0a",
                    "DriverOpts": null
                }
            }
        }
    }
]

[martialblog]

Hi, thanks for the nice feedback. I'll have a look at your config as soon as I find some time.

[dewijones92]

@martialblog many thanks. Let me know if I can help in any way

[allenwdukes]

Agreed. This is perfect for my use case, but I have a similar issue with the nginx reverse proxy approach. I'd like to have http:///limesurvey talk to the container. In my configuration, the index.php loads as html, but the css and javascript resources do not. I was hoping to use nginx in a different container to run my frontend application, then route all /limesurvey urls to the limesurvey container using the 'proxy_pass' approach. (That works for my other containers in this app.)

Bare config files are as follows:

cat docker-compose.yml

version: '3.8'

services: 
  limesurvey:
    image: docker-limesurvey-limesurvey:latest
    volumes:
      # Hint: This is just an example, change /tmp to something persistent
      - /tmp/upload/surveys:/var/www/html/upload/surveys
    links:
      - lime-db
    depends_on:
      - lime-db
    ports:
      - "48080:8080"
    container_name: limesurvey
    hostname: limesurvey
    environment:
      - BASE_URL=/limesurvey
      - PUBLIC_URL=http://localhost:9000
      - URL_FORMAT=path
      - "DB_HOST=lime-db"
      - "DB_PASSWORD=secret"
      - "ADMIN_PASSWORD=foobar"
      # If you require an empty table prefix, use a space as the DB_TABLE_PREFIX
      # - "DB_TABLE_PREFIX= "
  lime-db:
    image: docker.io/mysql:5.7
    environment:
      - "MYSQL_USER=limesurvey"
      - "MYSQL_DATABASE=limesurvey"
      - "MYSQL_PASSWORD=secret"
      - "MYSQL_ROOT_PASSWORD=secret"

  frontend:
    environment:
      - TZ=America/New_York
    build:
      dockerfile: frontend.Dockerfile
    image: frontend
    container_name: frontend
    hostname: frontend
    ports: 
      - 9000:80
    depends_on:
      - limesurvey

cat frontend.Dockerfile

FROM nginx 

ENV VERSIONNUMBER=v0.5
RUN mkdir /app
COPY index.html /app
COPY nginx.conf /etc/nginx/nginx.conf

cat nginx.conf

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
  worker_connections 1024;
}
http {
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  log_format main "$remote_addr - $remote_user [$time_local] '$request' $status $body_bytes_sent '$http_referer' '$http_user_agent' '$http_x_forwarded_for'";
  access_log /var/log/nginx/access.log main;
  sendfile on;
  keepalive_timeout 65;
  server {

    location / {
      root /app;
      index index.html;
      try_files $uri $uri/ /index.html;
    }

    location /limesurvey {
      proxy_pass http://limesurvey:8080;
      add_header 'Access-Control-Allow-Origin' "*" always;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
      root /usr/share/nginx/html;
    }
  }
}

cat index.html

<html><body style="background-color: purple"></body></html>