nginx reverse proxy with subdomains not working with docker containers

erwin mueller erwin12344321 at yahoo.de
Tue Mar 21 15:59:51 UTC 2017


Hello, I am quite desperate.
 
|  I am running nginx as reverse proxy directly installed on the server. For an error analysis I created two similar containers listening on port 83 and 84. These two containers should be accessed by two different subdomains.If I am accessing cops-adress it works awsome if I am doing the same with the pydio-adress it ends up in a connection failiure and URL is changes to https://localhost.I have no idea what to change to get it running.This is my site.conf
server {
        listen 80;
        server_name myserveradress.de pydio.myserveradress.de cops.myserveradress.de;

        return 301 https://$host$request_uri;

        ## Disable viewing .htaccess & .htpassword
        location ~ /\.ht {
          deny all;
        }
        root /var/www;
        access_log /var/log/nginx/access_proxy.log;
        error_log /var/log/nginx/error_proxy.log info;

      location ^~ /.well-known/acme-challenge {
      proxy_pass http://127.0.0.1:81;
      proxy_redirect off;
    }

 }
server {
        listen 443 ssl;
        server_name myserveradress.de;
        root /var/www;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/myserveradress.de/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/myserveradress.de/privkey.pem;
        ssl_protocols TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_ecdh_curve secp384r1;
        ssl_prefer_server_ciphers on;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/letsencrypt/live/myserveradress.de/fullchain.pem;
        ssl_session_timeout 24h;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
#      location = / {
            # Disable access to the web root, otherwise nginx will show the default site here.
#                deny all;
#                  }
################################################################################################
location ^~ /rpimonitor {

    proxy_connect_timeout 300;
    proxy_send_timeout 300;
    proxy_read_timeout 300;
    send_timeout 300;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:8888;
    proxy_redirect off;
}

#########################################################################
location ^~ /owncloud {
    client_max_body_size 1G;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;
    proxy_read_timeout 300;
    send_timeout 300;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://192.168.100.55:80;
    proxy_redirect off;
}

}
  ##########################################################################     

server {
        listen 443 ssl;
        server_name cops.myserveradress.de;
        root /var/www;
        access_log /var/log/nginx/cops_access.log;
        error_log /var/log/nginx/cops_error.log info;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/cops.myserveradress.de/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/cops.myserveradress.de/privkey.pem;
        ssl_protocols TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_ecdh_curve secp384r1;
        ssl_prefer_server_ciphers on;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/letsencrypt/live/cops.myserveradress.de/fullchain.pem;
        ssl_session_timeout 24h;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;

       location ^~ / {

        auth_basic "Restricted"; # Ausgabe-Meldung bei Zugriff
        auth_basic_user_file /etc/nginx/.htpasswd; # Pfad zur .htpasswd-Datei
        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        send_timeout 300;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:83;
        proxy_redirect off;
        }

}


#################################################################################################################

server {
        listen 443 ssl;
        server_name pydio.myserveradress.de;
        root /var/www;
#            access_log /var/log/nginx/cops_access.log;
#            error_log /var/log/nginx/cops_error.log info;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/pydio.myserveradress.de/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/pydio.myserveradress.de/privkey.pem;
        ssl_protocols TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_ecdh_curve secp384r1;
        ssl_prefer_server_ciphers on;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/letsencrypt/live/pydio.myserveradress.de/fullchain.pem;
        ssl_session_timeout 24h;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;


               location ^~ / {

                    auth_basic "Restricted"; # Ausgabe-Meldung bei Zugriff
                    auth_basic_user_file /etc/nginx/.htpasswd; # Pfad zur .htpasswd-Datei
                    proxy_connect_timeout 300;
                    proxy_send_timeout 300;
                    proxy_read_timeout 300;
                    send_timeout 300;
                    proxy_set_header X-Real-IP  $remote_addr;
                    proxy_set_header Host $host;
                    proxy_pass http://127.0.0.1:84;
                    proxy_redirect off;
      }

}
A strange thing I find nothing in error logs. Thanks for your help |

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170321/b91edf50/attachment-0001.html>


More information about the nginx mailing list