A friend and I are currently trying to setup a reverse proxy for his project. He has 3 domains with different names that we attached to his distant server.
We are using nginx as the reverse proxy, and 3 dockers running "Express" web servers. We used certbot to generate an ssl certification.
I configured the nginx "custom-server" configuration file to the best of my capacities and all domains are running ssl.
The issue is that only one of those domains is displaying something when looked up on a browser (julian-kilner.com). The other two are gving us the error "502 - Bad Gateway". When checking the error.log, It gives us the error "connect() failed (111: Unknown error) while connecting to upstream".
I googled it to no avail and we are currently very stuck...
We tried tinkering with the configuration, changing syntax thinking that it had to be it (since one server is actually "working" and the others are not).
I have to add that it worked just fine before we tried ssl.
Here is the reverse-proxy config file:
ssl_certificate /etc/letsencrypt/live/cyber-potato.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cyber-potato.com/privkey.pem;
server {
listen 80;
listen 443 ssl;
server_name cyber-potato.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
location / {
proxy_pass http://172.17.0.2:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
} }
server {
listen 80;
listen 443 ssl;
server_name julian-kilner.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://172.17.0.3:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
} }
server {
listen 80;
listen 443 ssl;
server_name rawcru.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://172.17.0.5:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
} }
And here is the nginx config file (that we did not change much actually):
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
We are assuming that we configured something not the way it was intended... I would be really grateful to anyone willing to help us out. Thank you
