0

First, I struggled hard with the title. I've been trying back and forth, googling like mad and the resources I find are most likely way to complicated for me. But I find it so unbelievable that it's so hard to what I am trying to do which I believe should be super simple.

So; the setup.

I have a RaspberryPi "server" (henceforth 'server') with an NGINX installation. (Not a docker image) I have a cloudflare domain I bought, which have an A record (root) pointing to the IP of my server. It is also configured with their ssl/tls option with end-to-end encryption.

Everything works super fine. All configured. Browsing to my domain.tld points me to my site setup on my server, all good.

Now, the issue I have is that besides this NGINX installation, I am running docker services. Let's say..

1. music:1000
2. docker-admin:1001

Both are webGui's. I can access them fine by using myip:port over HTTP respectively. However. What I want is to access them either via domain.tld:port or better music.domain.tld, docker-admin.domain.tld that points to the docker service over HTTPS using the certs/tls I am using for my NGINX.

How on earth do I do this? (Please note that I've tried different attempts with the nginxproxymanager tool, but I am not interested in using that approach, I want it done through NGINX.)

Everything I've tried have failed with so many different errors I've lost track. Below is the current sites-available/domain.tld that is working.

Any ideas on how to approach this? Best regards! :) (note that domain.tld is not the real domain of course! )

server {
    listen 80;
    listen [::]:80;
    server_name domain.tld www.domain.tld;
    return 302 https://$server_name$request_uri;
}

server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         /etc/ssl/cert.pem;
    ssl_certificate_key     /etc/ssl/key.pem;
    ssl_client_certificate /etc/ssl/cloudflare.crt;
    ssl_verify_client on;

    server_name domain.tld www.domain.tld;

    root /var/www/domain.tld/html;
    index index.html index.htm index.nginx-debian.html;


    location / {
            try_files $uri $uri/ =404;
    }

}
Improve this question
3
  • Add those ports too, to your nginx configuration like you have added the port 80 and 443, and use reverse proxy to send request to your internal address.
    – Yanjan. Kaf.
    Commented Jan 25 at 15:27
  • Thanks for the comment! Unfortunately, it doesn't help me. I do not fully understand what you mean. If you are saying that I should add listen 1000 etc to the server block, that wont work. The address is already bound via the docker image. So nginx wont start again :)
    – Plankt0n
    Commented Jan 25 at 15:31
  • Maybe use some different internal address, like use 2000 for which you are using 1000, and in nginx using it as reverse proxy, redirect the traffic to port 2000, you can read nginx article on how to use it as reverse proxy. I understand you can't use single port for multiple services
    – Yanjan. Kaf.
    Commented Jan 25 at 15:36

1 Answer 1

Reset to default
0

If your domain name which you have got from cloudflair is pointing to your server. What you can do is first listen for your service in different ports. If you can't change that you might want to use different port for the url

But whatever service is running you have internal to your system you can expose it to outside by using nginx as reverse proxy, add following to your configuration.

server {
    listen 1000;  # External port which others will see
    server_name your_domain.com;  # Replace with your domain or server IP

    location / {
        proxy_pass http://127.0.0.1:2000;  # Internal port, must not be same as external
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
Improve this answer
2
  • Again, interesting input, but as I mentioned before, I cannot have any "listen" on ports being used by docker inside nginx config. It's already bound. Is it just me who thinks that this is is so <insert a lot of swear words> hard to do for something so simple? :(
    – Plankt0n
    Commented Jan 25 at 20:00
  • For fun I tried to add the block above, thinking I might have missunderstood something since I'm new at this. However it doesn't work. I receive a connection time out. Any other ideas? :)
    – Plankt0n
    Commented Jan 30 at 7:37

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .