0

So my current setup is the following: I am using docker (rootless install) and want to use Cryptpad (which uses Node.js) with Nginx as a reverse Proxy (disclaimer: I never worked with Nginx before). Cryptpad and Nginx both are running in separate containers. To serve the static files, I created a volume where all static files from Cryptpad resides in and which is mounted in the Nginx-Container (read only). The problem is, that some contents can not be served in this way: the large blob-files will be saved on an external directory which is only accessible from the Cryptpad-Container (I have my reasons for this). So I tried to tell Nginx to proxy_pass the request for this files to the Node-Server of Cryptpad, but I am not able to figure out how to define this redirection.

My configuration:

  • name of Nginx-Container: nginx
  • name of Cryptpad-Container: cryptpad
  • port of Node-Server: 3000
  • both container are connected to the same (custom) bridge-network (and so are accessible by their container-names)

The Nginx-Config for the server (shorted to relevant section; full code adapted from here)

[...]
location ^~ /block/ {# modified block location to test proxy (is accessed more easily than blob)
    add_header Cache-Control max-age=0;

    #try_files $uri =404;# original code
    try_files http://cryptpad:3000/$request_uri =409;# arbitrary error code to differentiate from normal errors
}
[...]
location @node {# used to proxy all unhandled locations to node
    proxy_pass http://cryptpad:3000;
}

try_files /www/$uri /www/$uri/index.html /customize/$uri @node;

But whenever /block/ is accessed the server returns 409 so the redirect did not work. I also tried it with proxy_pass http://cryptpad:3000/$request_uri/; or proxy_pass http://cryptpad:3000; (which resulted in a 404) and try_files @node =409;.

So does anyone knows how to make this internal redirection work or at least a way to monitor traffic between the two containers?

Max.-F.
  • 101
  • You should start over with the example configuration. You are very far away from it now. – Michael Hampton Jul 25 '21 at 18:51
  • @MichaelHampton I did not change that much, the biggest change is the described additional proxies to enable cross-container communication – Max.-F. Jul 26 '21 at 15:35

1 Answers1

0

After some more trying I found a configuration that worked: I simply copied the other lines from proxy_passes from the example and so the resulting definition for /block/ looks like

location ^~ /block/ {
    add_header Cache-Control max-age=0;

    proxy_pass http://cryptpad:3000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_hide_header Cross-Origin-Resource-Policy;
    #add_header Cross-Origin-Resource-Policy cross-origin;
    proxy_hide_header Cross-Origin-Embedder-Policy;
    #add_header Cross-Origin-Embedder-Policy require-corp;
}
Max.-F.
  • 101