Can't set up nginx reverse proxy with install instructions (ERR_CONNECTION_REFUSED)

[gabbah123]

Tried following the INSTALL.md instructions to set up my nginx.config file and .env file for proxy pass to use szurubooru on a production environment and removing the port from the domain to access, can't get past ERR_CONNECTION_REFUSED errors every time I try to access the domain name/IP with the updated settings.

.env

# Port to expose HTTP service
# Set to 127.0.0.1:8080 if you wish to reverse-proxy the docker's port,
# otherwise the port specified here will be publicly accessible
PORT=127.0.0.1:8080

client/nginx.conf.docker (using the default one, just added the proxy_pass settings)

worker_processes 1;
user nginx;

error_log /dev/stderr warn;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr -> $request [$status] - '
                    'referer: $http_referer $http_x_forwarded_for';
    access_log /dev/stdout main;

    server_tokens off;
    keepalive_timeout 65;

    upstream backend {
        server __BACKEND__:6666;
    }

    server {
        listen 80 default_server;

        location ~ ^/api$ {
            return 302 /api/;
        }

        location ~ ^/api/(.*)$ {
            tcp_nodelay on;

            add_header 'Access-Control-Allow-Origin' '*';
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Methods'
                    'GET, POST, PUT, DELETE, OPTIONS';
                add_header 'Access-Control-Allow-Headers'
                    'Authorization, Content-Type';
                return 200;
            }

            client_max_body_size 1073741824;

            gzip on;
            gzip_comp_level 3;
            gzip_min_length 20;
            gzip_proxied expired no-cache no-store private auth;
            gzip_types text/plain application/json;

            if ($request_uri ~* "/api/(.*)") {
                proxy_pass http://backend/$1;
            }

            error_page 500 502 503 504 @badproxy;
        }

        location /data/ {
            rewrite ^/data/(.*) /$1 break;
            root /data;

            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;

            error_page 403 @unauthorized;
            error_page 404 @notfound;
        }

        location / {
            root /var/www;
            try_files $uri /index.htm;

            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;

            gzip_static on;
            gzip_proxied expired no-cache no-store private auth;

            proxy_http_version 1.1;
            proxy_pass http://127.0.0.1:8080;
            proxy_set_header Host              $http_host;
            proxy_set_header Upgrade           $http_upgrade;
            proxy_set_header Connection        "upgrade";
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Scheme          $scheme;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Script-Name     /szuru;

        }

        location @unauthorized {
            return 403 "Unauthorized";
            default_type text/plain;
        }

        location @notfound {
            return 404 "Not Found";
            default_type text/plain;
        }

        location @badproxy {
            return 502 "Failed to connect to szurubooru REST API";
            default_type text/plain;
        }
    }
}

daemon off;

[TiredSysOp]

I don't know why you're modifying the szurubooru frontend nginx config, leave it be and create a new nginx config file on your operating system. I've a feeling you've mixed the two up.

Expose szurubooru to a non 80 port (and firewall it if you want) then set up your own nginx instance as a reverse proxy to point a subdomain or folder to szurubooru. If you aren't hosting other services or websites then expose it on port 80 directly.