-1

I have Nginx running as a reverse proxy in front of Apache Guacamole. Everything works fine when accessing via IP address with XX.XX.XX.XX:8443. However I can't access via the server_name with "www.trainingserver1.com:8443". Here is the mysite.template file:

server {
    listen      80 default_server;
    server_name _;
    return 444  "No server is currently configured for the requested host." ;
}

server {
    listen       443 ssl;
    server_name  *.trainingserver1.com;

    ssl_certificate /etc/nginx/ssl/self.cert;
    ssl_certificate_key /etc/nginx/ssl/self-ssl.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling off;
    ssl_stapling_verify off;
#        resolver 8.8.8.8 8.8.4.4 valid=300s;
#        resolver_timeout 5s;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
    proxy_pass http://guacamole:8080;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_cookie_path /guacamole/ /;
    access_log off;
    # allow large uploads (default=1m)
    # 4096m = 4GByte
    client_max_body_size 4096m;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

Here is the nginx.conf file:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

And lastly here is the docker-compose.yml that starts everything:

version: '3'

networks:
  guacnetwork:
    driver: bridge

services:
  guacamole:
    image: oznu/guacamole
    container_name: guacamole
    volumes:
      - postgres:/config
    restart: always
    networks:
      guacnetwork:
    expose:
      - 8080
    restart: always

  nginx:
   restart: always
   image: nginx
   volumes:
   - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
   - ./nginx/mysite.template:/etc/nginx/conf.d/mysite.template
   - ./nginx/ssl:/etc/nginx/ssl
   ports:
   - 8443:443
   ##   environment:
   ##   - NGINX_HOST=nginx
   ##   - NGINX_PORT=443
   links:
   - guacamole
   networks:
     guacnetwork:
   # install openssl, create self-signed certificate and run nginx
   command: /bin/bash -c "apt-get -y update && apt-get -y install openssl && openssl req -nodes -newkey rsa:2048 -new -x509 -keyout /etc/nginx/ssl/self-ssl.key -out /etc/nginx/ssl/self.cert -subj '/C=DE/ST=BY/L=Hintertupfing/O=Dorfwirt/OU=Theke/CN=www.createyourown.domain/emailAddress=docker@createyourown.domain' && cp -f -s /etc/nginx/conf.d/mysite.template /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"

volumes:
  postgres:
    driver: local

Edit:

Everything in the Nginx config turned out to be Ok. This was a simple DNS record issue. Once the DNS record was fixed then the Nginx server was accessible at www.trainingserver1.com:8443.

jrbe228
  • 101
  • 4
  • 1
    You posted all your configs, but you forgot to tell us what the problem is that you're having. Give specifics including log entries. – Michael Hampton Sep 22 '21 at 15:56
  • i think, you are running an issue like `server_name *.trainingserver1.com;` but not `server_name *.trainingserver1.com trainingsserver1.com;` which would let you use the domain itself instead only a subdomain of the domain and also remind, you want to use a reverseproxy for 8443... – djdomi Sep 22 '21 at 17:03
  • @djdomi It seems to be the same problem in either case. I tried both ways and still I can only access the server by IP address like XX.XX.XX.XX:8443 but not by name "www.trainingserver1.com:8443" – jrbe228 Sep 22 '21 at 18:20
  • @MichaelHampton Can you reproduce the issue just with these files? All 3 would be in the same directory. Then run `docker-compose up -d` to start nginx + guacamole. Lastly try to access the server by either IP address or server_name. That's where I run into the problem. – jrbe228 Sep 22 '21 at 18:25
  • What is the actual error message you receive? Is your name resolution working? – Gerald Schneider Sep 22 '21 at 18:35
  • @JeremyBeale how should NGINX know about, when you DONT set a reverse-proxy for this case? and furthermore, to use *.trainingserver1.com the dns must be set to wildcard or www.trainingserver1.com has to be set to a valid DNS entry. - since you dont tell the true domain name it isnt easy to help you - we are running here in an [X-And-Y-Problem](https://faq-database.de/doku.php?id=en:x-and-y-problem) – djdomi Sep 22 '21 at 18:36
  • @GeraldSchneider The actual message from the web browser is DNS_PROBE_FINISHED_NXDOMAIN – jrbe228 Sep 22 '21 at 18:50
  • 2
    So, you don't have a DNS record for that IP. Create one. – Gerald Schneider Sep 22 '21 at 18:51
  • @GeraldSchneider Thanks! It works now – jrbe228 Sep 22 '21 at 19:36

1 Answers1

2

The error message DNS_PROBE_FINISHED_NXDOMAIN indicates that the URL you are trying to access cannot be resolved.

You need to create the DNS record for that URL.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89