Join Log in
Score:0
Benj avatar Server

Nginx handle SSL and proxy pass to HTTP backend in docker but tries to keep serving local content

cn flag
Benj

I try to set up a docker-compose environment in which a Nginx container receives HTTPS requests, handles the SSL and reverse proxies them to a dotnet-core app which only implements HTTP.

This topic has been discussed here several times and I tried to create a minimal configuration that just serves this purpose ( Similar to this: NGINX SSL Pass-thru and Docker )

The problem is, that Nginx reponds with a 404 despite being configured to proxy_pass requests to the dotnet-core app which currently simply respons 'Hello world' to all requests.

nginx_1     | 2021/06/25 04:07:54 [error] 24#24: *1 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 210.61.91.199, server: tgdev.pillepalle1.de, request: "GET / HTTP/1.1", host: "tgdev.pillepalle1.de"

I connected with the container and extracted the setup from there

root@70e20feb4fae:/etc/nginx# ls -l

total 32
drwxr-xr-x 1 root root 4096 Jun 25 01:49 conf.d
-rw-r--r-- 1 root root 1007 May 25 12:28 fastcgi_params
-rw-r--r-- 1 root root 5290 May 25 12:28 mime.types
lrwxrwxrwx 1 root root   22 May 25 13:01 modules -> /usr/lib/nginx/modules
-rw-r--r-- 1 root root  648 May 25 13:01 nginx.conf
-rw-r--r-- 1 root root  636 May 25 12:28 scgi_params
-rw-r--r-- 1 root root  664 May 25 12:28 uwsgi_params

root@70e20feb4fae:/etc/nginx# cat nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

root@70e20feb4fae:/etc/nginx/conf.d# ls

certbot.conf  default.conf

root@70e20feb4fae:/etc/nginx/conf.d# cat default.conf

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    location / {
        # return 301 https://$host/$request_uri;
        proxy_pass http://tgwebapp:80;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name  localhost;

    ssl_certificate /etc/letsencrypt/live/this/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/this/privkey.pem;

    location / {
        proxy_pass http://tgwebapp:80;
    }
}

root@70e20feb4fae:/etc/nginx/conf.d# cat certbot.conf

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    location /.well-known/ {
        proxy_pass http://certbot;
    }
}

There is no entry that should nginx cause to serve /etc/nginx/html/index.html. What am I missing?

205
1 + 0
Score:2
avatar Server
us flag
Tero Kilkanen

You have two duplicate virtual hosts set up, one in certbot.conf and second in default.conf. Both virtual hosts operate on port 80 and server_name localhost. Therefore nginx ignores the other one and always uses the first one.

To fix this, remove certbot.conf and use the following in default.conf:

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    location /.well-known/ {
        proxy_pass http://certbot;
    }

    location / {
        # return 301 https://$host/$request_uri;
        proxy_pass http://tgwebapp:80;
    }
}
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.