nginx reverse proxy with subdomains not working with docker containers
erwin mueller
erwin12344321 at yahoo.de
Tue Mar 21 15:59:51 UTC 2017
Hello, I am quite desperate.
| I am running nginx as reverse proxy directly installed on the server. For an error analysis I created two similar containers listening on port 83 and 84. These two containers should be accessed by two different subdomains.If I am accessing cops-adress it works awsome if I am doing the same with the pydio-adress it ends up in a connection failiure and URL is changes to https://localhost.I have no idea what to change to get it running.This is my site.conf
server {
listen 80;
server_name myserveradress.de pydio.myserveradress.de cops.myserveradress.de;
return 301 https://$host$request_uri;
## Disable viewing .htaccess & .htpassword
location ~ /\.ht {
deny all;
}
root /var/www;
access_log /var/log/nginx/access_proxy.log;
error_log /var/log/nginx/error_proxy.log info;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_redirect off;
}
}
server {
listen 443 ssl;
server_name myserveradress.de;
root /var/www;
ssl on;
ssl_certificate /etc/letsencrypt/live/myserveradress.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myserveradress.de/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/myserveradress.de/fullchain.pem;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# location = / {
# Disable access to the web root, otherwise nginx will show the default site here.
# deny all;
# }
################################################################################################
location ^~ /rpimonitor {
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;
proxy_redirect off;
}
#########################################################################
location ^~ /owncloud {
client_max_body_size 1G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://192.168.100.55:80;
proxy_redirect off;
}
}
##########################################################################
server {
listen 443 ssl;
server_name cops.myserveradress.de;
root /var/www;
access_log /var/log/nginx/cops_access.log;
error_log /var/log/nginx/cops_error.log info;
ssl on;
ssl_certificate /etc/letsencrypt/live/cops.myserveradress.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cops.myserveradress.de/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/cops.myserveradress.de/fullchain.pem;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
location ^~ / {
auth_basic "Restricted"; # Ausgabe-Meldung bei Zugriff
auth_basic_user_file /etc/nginx/.htpasswd; # Pfad zur .htpasswd-Datei
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:83;
proxy_redirect off;
}
}
#################################################################################################################
server {
listen 443 ssl;
server_name pydio.myserveradress.de;
root /var/www;
# access_log /var/log/nginx/cops_access.log;
# error_log /var/log/nginx/cops_error.log info;
ssl on;
ssl_certificate /etc/letsencrypt/live/pydio.myserveradress.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pydio.myserveradress.de/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/pydio.myserveradress.de/fullchain.pem;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
location ^~ / {
auth_basic "Restricted"; # Ausgabe-Meldung bei Zugriff
auth_basic_user_file /etc/nginx/.htpasswd; # Pfad zur .htpasswd-Datei
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:84;
proxy_redirect off;
}
}
A strange thing I find nothing in error logs. Thanks for your help |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170321/b91edf50/attachment-0001.html>
More information about the nginx
mailing list