NginX reverse proxy (https:8443 to http:80) with multiple sites not wo - Enhance your coding expertise with RKillcrazy on @onlycoders.net

2 years ago

#67850

RKillcrazy

NginX reverse proxy (https:8443 to http:80) with multiple sites not working

Been working on this for a few nights and I can't seem to get it to work. This is on my home network where my ISP blocks incoming traffic to TCP-80 & 443 so, I have a couple of sites running on strange ports; don't be alarmed.

My current setup:

I have a Raspberry Pi that runs a couple of wikis via NginX. The sites are available to the outside world via a couple of subdomains (example: https://wiki.somedomain.com:8443/ & https://wiki2.somedomain.com:8443/) and I have a legit wildcard cert for *.somedomain.com. This was a pet project of mine and has been working in the current config for a few years.

Moving the Setup:

The Pi is getting a bit old and I've started playing around with Docker and got my sites moved to a couple of docker containers on a faster and more stable machine that run on TCP-80. Locally, I can hit those via IP and they run fine; they just don't have a cert. My goal was to set up a reverse proxy with my legit cert and have it redirect the traffic, coming in on https:8443 to http:80. As near as I can tell, this is the way of going about this type of setup where you have multiple Docker containers and don't have certs for all of them. If I'm misunderstanding something, stop me right here and tell me I'm wasting my time; the bang-head-here sign on the wall next to me will thank you.

NginX Config:

nginx -t says this config is fine but, clearly, something wrong. If it's logging an error, I don't know where; I've ran a few tail -f commands and found nothing being added. Neither Firefox nor Brave give me any meaningful errors, other than this site can't be reached, as near as I can tell. Any ideas? Am I wasting my time?

# SSL Info
ssl_certificate /etc/letsencrypt/live/cherryblossomfarmette.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cherryblossomfarmette.com/privkey.pem;

## Server Info
# IT Wiki
server {
        #listen 80;
        listen 8443 ssl;
        server_name wiki.cherryblossomfarmette.com;
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log warn;

        location / {
                proxy_pass http://192.168.100.35:8080;
        }
}

Docker

Here's one of my docker compose files. The other docker compose file is the same except it listens on 8081.

docker run \
    --detach \
    --name=dokuwiki-it \
    --env "TZ=America/New_York" \
    --publish 8080:80 \
    --volume "/home/tome/Docker/IT_Wiki/config:/config" \
    --restart unless-stopped \
    lscr.io/linuxserver/dokuwiki

Access.log - when configured for HTTP:80

When I comment out listen 8443 ssl; and hit the site across the LAN, the site loads and I see records in access.log.

192.168.20.131 - - [19/Jan/2022:19:58:59 -0500] "GET / HTTP/1.1" 200 5250 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:19:58:59 -0500] "GET /lib/exe/taskrunner.php?id=start&1642640339 HTTP/1.1" 200 42 "http://192.168.20.102/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"

Access.log - when configured for HTTPS:8443

When I comment out listen 80; and hit the site across the LAN, the site loads and I see records in access.log. Of course, I get the typical the SSL cert nag in the browser because I'm not coming through with the virtual host name like I use from outside the network.

192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET / HTTP/1.1" 200 5250 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/tpl/dokuwiki/images/logo.png HTTP/1.1" 200 3744 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/exe/css.php?t=dokuwiki&tseed=b378c07b31317225e36675986970a553 HTTP/1.1" 200 39260 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/images/license/button/cc-by-sa.png HTTP/1.1" 200 379 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/tpl/dokuwiki/images/button-donate.gif HTTP/1.1" 200 187 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/tpl/dokuwiki/images/button-css.png HTTP/1.1" 200 297 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/tpl/dokuwiki/images/button-html5.png HTTP/1.1" 200 305 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/tpl/dokuwiki/images/button-dw.png HTTP/1.1" 200 398 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/tpl/dokuwiki/images/button-php.gif HTTP/1.1" 200 207 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/images/email.png HTTP/1.1" 200 370 "https://192.168.20.102:8443/lib/exe/css.php?t=dokuwiki&tseed=b378c07b31317225e36675986970a553" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/images/external-link.png HTTP/1.1" 200 431 "https://192.168.20.102:8443/lib/exe/css.php?t=dokuwiki&tseed=b378c07b31317225e36675986970a553" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/exe/taskrunner.php?id=start&1642640673 HTTP/1.1" 200 42 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
192.168.20.131 - - [19/Jan/2022:20:04:34 -0500] "GET /lib/tpl/dokuwiki/images/favicon.ico HTTP/1.1" 200 7406 "https://192.168.20.102:8443/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"

docker

nginx

ssl-certificate

nginx-reverse-proxy

0 Answers

Your Answer

Posts

Questions

Blogs

Jobs