0

I made my personal server SSL encrypted, so that only port 443 is accessible to the outside world. However, in doing so, I locked my web apps from seeing the outside world.

The gist of it is that I have two Docker chains such that <domain>:2019 and <domain>:2020 are two separate web applications that are each served with Nginx containers, and output correctly on my local machine. I want to have <domain>:2019 output to example1.com and <domain>:2020 output to example2.com from using the host machine's Nginx service. How would I go about doing this?

[edit]

The Docker chains have respective Nginx containers that look like:

  nginx:
    container_name: domain_nginx
    build: 
      context: ./nginx
    volumes:
      - static_volume:/usr/src/domain_django/static
    ports:
      - "2019:80"
    depends_on:
      - django

Where the Nginx container outputs to 127.0.0.1:2019. I want a user going to example1.com to see the 127.0.0.1:2019

Improve this question
2
  • Your nginx is a container too?
    – Roid
    Commented Jun 3, 2019 at 22:41
  • @RoidRamirez I updated the issue to explain it better. There is an Nginx container serving with gunicorn, but I want the output port to be read by the Nginx instance running on the host
    – Judson James
    Commented Jun 3, 2019 at 22:57

1 Answer 1

Reset to default
0

just need to use the name of the container name / services since you are using docker-compose. Try adding this configuration to your container with nginx:

http {
    include /etc/nginx/mime.types;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    server {
        listen 80 default_server;
    listen [::]:80;
        server_name www.example1.com example1.com www.example2.com example2.com;
        return 301 https://$server_name$request_uri;
    }
    server {

         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;


        server_name www.example1.com example1.com;

        ssl_certificate ssl/fullchain1.pem;
        ssl_certificate_key ssl/privkey1.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

        keepalive_timeout   70;

        location / {
                proxy_pass http://<container_name>:2021; ###<-------HERE you can use webapp
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }


        server {

         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;


        server_name www.example2.com example2.com;

        ssl_certificate ssl/fullchain2.pem;
        ssl_certificate_key ssl/privkey2.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

        keepalive_timeout   70;

        location / {
                proxy_pass http://<container_name>:2022; ###<-------HERE you can use webapp
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

}

Example of old docker-compose

version: '2'
services:
    # webapp is the name that you can use inside the nginx configuration
    webapp:
        build: build
        volumes:
            - .:/home/noc/app
        ports:
            - 8000:8000
        environment:
            - RECAPTCHA_SECRET_KEY=****
            - RECAPTCHA_SITE_KEY=****
            - DB_HOST=******

    nginx:
        image: nginx:1.10.2
        volumes:
            - ./static:/var/www/static
            - ./config/nginx.conf:/etc/nginx/nginx.conf
            - /etc/letsencrypt/archive/:/etc/nginx/ssl
        links:
            - webapp
        depends_on:
            - webapp
        ports:
            - 80:80
            - 443:443
        command: /bin/bash -c "nginx -g 'daemon off;'"

More information: Docker documentation

Improve this answer
6
  • Would this live on the server-side Nginx configuration? And would the container name be readable to the host in the marked line?
    – Judson James
    Commented Jun 4, 2019 at 0:16
  • You can COPY the nginx configuration inside your container(nginx) or link a volume to access the files.
    – Roid
    Commented Jun 4, 2019 at 0:25
  • That makes sense, and works now. Thanks!
    – Judson James
    Commented Jun 4, 2019 at 0:37
  • I'm sorry to reopen the issue, but I modified my nginx.conf for the nginx container and it didn't fix the issue. I think what I'm trying to do isn't an issue with the docker container, but it's with the host itself. On localhost (not the server) it corresponds to the correct ports, but on the server, there's a separate Nginx instance (the server is SSL encrypted but not the containers) that only lets in things display on port 443. Does this mean I can redirect the content shown?
    – Judson James
    Commented Jun 4, 2019 at 2:33
  • The encryption between your client and the nginx is encrypted, but the traffic between the nginx and the container is not encrypted so you don't need handle the encryption inside your app. Remember each site use their own certificate for ssl
    – Roid
    Commented Jun 4, 2019 at 13:07

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .