0

I have a server that runs ssl (certbot) nginx and points all traffic to port 5555 where my nginx-proxy is running. I'm trying to get it to route all my traffic to the appropriate services.

Here is my docker-compose setup:

nginx-proxy:
    container_name: nginx-proxy
    image: jwilder/nginx-proxy
    ports:
      - '5555:80'
    networks:
      app_net:
        ipv4_address: 172.26.111.111 (from subnet 0/24)  
    environment:
      - VIRTUAL_PORT=5555 
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx/prod/proxy.conf:/etc/nginx/conf.d/proxy.conf:ro
text-rewriter-service:
    container_name: text-rewriter-service
    build: 
      context: ./text-rewriter-service
    ports:
      - '8001:8001'
    networks:
      app_net:
        ipv4_address: 172.26.111.13
    environment:
      - APP_ENV=prod
      - NODE_ENV=production
      - PORT=8001

And my nginx proxy.conf file

server {
    server_name localhost;
    listen 80;
    access_log /var/log/nginx/access.log;

  listen [::]:80;

  # text-rewriter-service
  location ~* ^/graphql(/?)(.*)$ {
    set $query $2;
    proxy_pass http://172.26.111.13:8001$1$query$is_args$args;
  }
}

nginx conf in server

server {
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    server_name example.com www.example.com;

    location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://0.0.0.0:5555;
    }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

I've tried (and failed):

  1. IP with text-rewriter-service:8001

  2. tried changing the server to example.com

  3. tried using VIRTUAL_HOST and VIRTUAL_PORT in the app

  4. tried removing VIRTUAL_PORT from nginx environment

here is nginx output www.example.com 172.26.111.1 - - [08/Dec/2018:01:18:19 +0000] "GET /graphql HTTP/1.0" 503 615 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"

possible solution i didn't fully understand how to get to work : https://github.com/jwilder/nginx-proxy/issues/582

I think it's on the server nginx proxy_header I need to change??

Kevin Danikowski
  • 4,620
  • 6
  • 41
  • 75
  • 1
    It seems to me that your `server` block in nginx config will only accept connections with the `Host` HTTP header set to `localhost`. If this is your only `server` block in nginx config, try changing `server_name localhost;` to `server_name _;`. – Ivan Shatsky Dec 08 '18 at 01:49
  • @IvanShatsky thanks for the response, i tried that and it didn't work, i think the issue may actually be in the proxy_header (i added the server nginx file). could you take a look? – Kevin Danikowski Dec 08 '18 at 16:48
  • Can you show `curl -I --header "Host: www.example.com" http://0.0.0.0:5555/graphql` output from host? `curl -I --header "Host: www.example.com" http://0.0.0.0:8001/graphql` output? Do you have `/etc/nginx/conf.d/default.conf` file in your jwilder/nginx-proxy image? If so, can you add it's content to your question? – Ivan Shatsky Dec 09 '18 at 22:32

0 Answers0