Join Log in
Score:2
Sajjad Hossain Sagor avatar Server

Ngnix Reverse Proxy Setup SSL For Localhost In Docker

ar flag
Sajjad Hossain Sagor

Using below docker compose.yml I am creating 2 containers and a reverse proxy container..

version: '3'

services:
  # SSGTM Tag Server Container
  tagging_server_container:
    image: gcr.io/cloud-tagging-10302018/gtm-cloud-image:stable
    ports:
      - '8080:8080'
    restart: always
    environment:
      PREVIEW_SERVER_URL: https://preview.ssgtm.dev
      CONTAINER_CONFIG: aWQ9...
    networks:
      - ssgtm
  # SSGTM Preview Server Container
  preview_server_container:
    image: gcr.io/cloud-tagging-10302018/gtm-cloud-image:stable
    ports:
      - '8081:8080'
    restart: always
    environment:
      RUN_AS_PREVIEW_SERVER: true
      CONTAINER_CONFIG: aWQ9...
    networks:
      - ssgtm
  proxy:
    image: nginx:1.19.10-alpine
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./conf/nginx.conf:/etc/nginx/nginx.conf
      - ./certs:/etc/nginx/certs
    depends_on:
      - preview_server_container
      - tagging_server_container
    networks:
      - ssgtm
networks:
  ssgtm:
    driver: bridge

And also inside conf/nginx.conf and used mkcert -cert-file ssgtm.dev.crt -key-file ssgtm.dev.key ssgtm.dev "*.ssgtm.dev" localhost 127.0.0.1 ::1 for creating SSL cert & key.

events {
  worker_connections 1024;
}

http {
  
  upstream docker-tagging-server {
    server tagging_server_container:8080;
  }

  upstream docker-preview-server {
    server preview_server_container:8080;
  }
  
  server {
    listen 443 ssl;
    server_name 127.0.0.1;

    ssl_certificate /etc/nginx/certs/cert.crt;
    ssl_certificate_key /etc/nginx/certs/cert.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
      proxy_buffering off;
      proxy_redirect  off;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Port $server_port;

      proxy_pass http://docker-preview-server;
    }
  }
  
  server {
    listen 443 ssl;
    server_name ssgtm.dev;

    ssl_certificate /etc/nginx/certs/cert.crt;
    ssl_certificate_key /etc/nginx/certs/cert.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
      proxy_buffering off;
      proxy_redirect  off;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Port $server_port;

      proxy_pass http://docker-tagging-server;
    }
  }

  server {
    listen 443 ssl;
    server_name preview.ssgtm.dev;

    ssl_certificate /etc/nginx/certs/cert.crt;
    ssl_certificate_key /etc/nginx/certs/cert.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
      proxy_buffering off;
      proxy_redirect  off;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Port $server_port;

      proxy_pass http://docker-preview-server;
    }
  }
}

Where I am proxying my VirtualHost requests to target container.

Also in hosts file I have added below to resolve locally. Which works just fine... It is resolving to 127.0.0.1 and going to Nginx and going to their target container.

127.0.0.1 preview.ssgtm.dev
::1 preview.ssgtm.dev

127.0.0.1 ssgtm.dev
::1 ssgtm.dev

The problem I am facing is... inside both of the container app does request a TCP to Domain IP with 443 port... so when it does request to ssgtm.dev:443 it becomes 127.0.0.1:443 and it returns error Message: connect ECONNREFUSED 127.0.0.1:443 And I am unable to understand this error. As far as I understand It's unable to connect to 127.0.0.1 with port 443 but I have added that! What I am doing wrong?

644
1 + 0
Score:2
Saxtheowl avatar Server
by flag
Saxtheowl

The containers are unable to reach Nginx because they are trying to connect to the localhost of their own network namespace, we could try the special DNS name host.docker.internal which resolves to the internal IP address used by the host.

Modify your nginx.conf file so that instead of making requests to ssgtm.dev:443 or 127.0.0.1:443, it should make requests to host.docker.internal:443.

server {
    listen 443 ssl;
    server_name host.docker.internal;

    ssl_certificate /etc/nginx/certs/cert.crt;
    ssl_certificate_key /etc/nginx/certs/cert.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
      proxy_buffering off;
      proxy_redirect  off;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Port $server_port;

      proxy_pass http://docker-preview-server;
    }
  }
+ 1
Sajjad Hossain Sagor avatar
ar flag
Sajjad Hossain Sagor
It's not working, how do i enable VirtualHost as along with SSL and Container connection to each other?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.