nginx configuration

[sylvainbx]

Hi,

Can you provide an example of the (external) nginx configuration needed to fit the example docker-compose.yml?

Epecially, the docs says to link the config files from /etc/lemonlapd-ng... but there's no such files in my data/etc/lemonldap-ngdirectory (binded with docker-compose).

Moreover, what about the lemonldap-ng-fastcgi-server is it still required with this container?

Thanks!

[tiredofit]

Ah - the nginx configuration to run are inside the container already - I only expose a few things that are actually necessary for long term data persistence. If you look in /etc/nginc/conf.d/ while container is running you will see a handler, portal, test, and manager nginx configuration.

You'll want to use this in front of a reverse proxy - Since you are using Docker the nginx-proxy from jwilder is great, but Traefik is also great too. I presently use traefik2.

[sylvainbx]

Yes my question was about using it in behind a reverse proxy. I currently have nginx installed and running as a reverse proxy, and it is used for other apps. Since your example configuration has an external network named nginx-proxy (which is the same of me), I was wondering how to map the manager, the handler, the portal, the api, etc. in my nginx (reverse proxy), insofar as there's a single http port exposed (at least I guess: VIRTUAL_PORT=80)

[tiredofit]

The example docker-compose should just "work" provided you change the dns names from example.com to whatever your domain is - these are environment variables in question for when using Nginx Proxy. You'll see multipe entries, they are parsed correctly as seperate domains and nginx inside the container determines what site you are after and serves the correct site as a vhost.

    - VIRTUAL_HOST=sso.example.com,manager.sso.example.com,handler.sso.example.com
    - VIRTUAL_NETWORK=nginx-proxy
    - VIRTUAL_PORT=80
    - LETSENCRYPT_HOST=sso.example.com,manager.sso.example.com,handler.sso.example.com
    - LETSENCRYPT_EMAIL=dave@example.com`

[RemyFV]

Would you mind sharing your docker-compose nginx reverse-proxy setup, or the lemonldap-ng sites configuration please?

I'm having the usual reverse proxy x-forwarded-for real-ip issues, with files being 404'ed. I can usually find how the specific service needs to be proxified but in this case nothing works.

I'm terminating SSL at the proxy, pointing to 127.0.0.1:8080 which points to 80 on the lemonldap container, everything works fine without the proxy but I need SSL there... Do I need to switch the virtual hosts in llng to https too? I'm pretty sure it's not necessary. I'm usually using digitalocean's nginx config base : https://www.digitalocean.com/community/tools/nginx

thanks in advance, and thanks for the container in the first place.

edit: I'm specifically talking about a reverse proxy IN FRONT OF your container, if that was unclear. not the one included inside.

[RemyFV]

ok so for anyone looking for the answer, I figured it out.

the important part is to pass the right path to the lemonldap container (which is logical), so your location block should look like this

location ~ / {
        proxy_pass http://127.0.0.1:8080$request_uri;
        include    nginxconfig.io/proxy.conf;
    }

the ~ / is supposed to make nginx do a case sensitive match, and the $request_uri passes the correct path to the container. not sure why the case sensitive match is important but it apparently is.

proxy.conf -

proxy_http_version                 1.1;
proxy_cache_bypass                 $http_upgrade;

# Proxy headers
proxy_set_header Upgrade           $http_upgrade;
proxy_set_header Connection        $connection_upgrade;
proxy_set_header Host              $host;
proxy_set_header X-Real-IP         $remote_addr;
proxy_set_header Forwarded         $proxy_add_forwarded;
proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host  $host;
proxy_set_header X-Forwarded-Port  $server_port;

# Proxy timeouts
proxy_connect_timeout              60s;
proxy_send_timeout                 60s;
proxy_read_timeout                 60s;