Nginx redirects docker container

Question

Nginx redirects docker container

before posting my problem, I would like to know if it is even possible to achieve what I want.

I have, say, myserver.com running a docker container with nginx and letencrypt. On the same server, there are 2 more docker containers running websites.

So far, everything has been redirected perfectly, so www.myserver.com goes to docker 1, and site2.myserver.com goes to docker 2.

I would like all communication to work over HTTPS, but here the problem begins. So my question is: is it possible to docker with nginx and letencrypt to connect to another docker using certificates from letencrypt? It seems to me that this is some kind of “attack” of a person in the middle. A bit more schematic:

Go to http://site2.myserver.com → nginx redirects to https://site2.myserver.com → connect to container 2 (192.168.0.10) on port 80. Or another option: Go to http: // site2.myserver.com -> nginx redirects to https://site2.myserver.com -> connect to container 2 (192.168.0.10) on port 443, which has site2.myserver.com certificates.

If this is not possible, then what is the solution? Copying certificates to docker containers and starting https so that the HTTP request is redirected to the https port of this container?

Go to http://site2.myserver.com → nginx forward the request → connect to container 2 (192.168.0.10) on port 443, which has site2.myserver.com certificates.

Thanks Greggy

+4

docker url-redirection nginx

Gregy Dec 21 '16 at 2:41

4

Paul Trehiou · Answer 1 · 2016-12-21T15:00:16+0000

, nginx , , TLS ( ).

, , IP-. DNS ( certbot, TXT ).

Nginx http https

server {
    listen 80;

    server_name example.com;
    return 301 https://example.com/;
}
server{
    listen 443 ssl http2;

    server_name  example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

    location / {
        proxy_pass http://container:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    include tls.conf;
}

opHASnoNAME · Answer 2 · 2016-12-21T19:08:19+0000

:

JWilder Nginx + Lets Encrypt.

NGINX :

docker run -d -p 80:80 -p 443:443 \
    --name nginx-proxy \
    -v /path/to/certs:/etc/nginx/certs:ro \
    -v /etc/nginx/vhost.d \
    -v /usr/share/nginx/html \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    jwilder/nginx-proxy

Lets Encrypt:

docker run -d \
-v /path/to/certs:/etc/nginx/certs:rw \
--volumes-from nginx-proxy \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
jrcs/letsencrypt-nginx-proxy-companion

- :

docker run -d \
--name website1 \
-e "VIRTUAL_HOST=website1.com" \
-e "LETSENCRYPT_HOST=website1.com" \
-e "LETSENCRYPT_EMAIL=webmaster@website1" \
tutum/apache-php

Nginx , encrypt ( ).

: Nginx + LetsEncrypt

Leandro Melo de Sales · Answer 3 · 2018-03-04T04:29:40+0000

:

NGINX (default.conf)

https://github.com/KyleAMathews/docker-nginx, :

server {
    root /var/www;
    index index.html index.htm;

    server_name localhost MYHOST.COM;

    # Add 1 week expires header for static assets
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 1w;
    }

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to redirecting to index.html
        try_files $uri $uri/ @root;

        return 301 https://$host$request_uri;
    }

    # If nginx can't find a file, fallback to the homepage.
    location @root {
        rewrite .* / redirect;
    }

    include /etc/nginx/basic.conf;
}

Dockerfile

Docker, , html/.

COPY conf/default.conf /etc/nginx/sites-enabled/default

ADD certs/myhost.com.crt /etc/nginx/ssl/server.crt
ADD certs/myhost.com.key /etc/nginx/ssl/server.key
RUN ln -s /etc/nginx/sites-available/default-ssl /etc/nginx/sites-enabled/default-ssl

COPY html/ /var/www

CMD 'nginx'

/etc/hosts, myhost.com 127.0.0.1 :

curl -I http://www.myhost.com/

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 04 Mar 2018 04:32:04 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.myhost.com/
X-UA-Compatible: IE=Edge

Greggy · Answer 4 · 2016-12-27T13:48:51+0000

, , , opHASnoNAME Paul Trehiou. , opHASnoNAME, - nginx - letencrypt. nginx (. ).

, :

docker run --name nginx-prod --restart always -d -p 80:80 -p 443:443 -v /choose/your/dir/letsencrypt:/etc/nginx/certs:ro -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v /var/run/docker.sock:/tmp/docker.sock:ro -e DEFAULT_HOST=myserver.com jwilder/nginx-proxy

docker run --name letsencrypt --restart always -d -v /choose/your/dir/letsencrypt:/etc/nginx/certs:rw --volumes-from nginx-prod -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion

-; LETSENCRYPT. .

jwilder/nginx-proxy /etc/nginx/conf.d/default.conf. , . - .conf . https, . , , site2.conf:

server{
    listen 443 ssl http2;
    server_name  site2.myserver.com;
    ssl_certificate /etc/nginx/certs/live/myserver.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/live/myserver.com/privkey.pem;
    ssl_trusted_certificate /etc/nginx/certs/live/myserver.com/fullchain.pem;

    location / {
        proxy_pass http://192.168.0.10/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

proxy_pass - , default.conf, IP- . .conf, nginx /etc/nginx/conf.d. , - .conf.

, , -)

Nginx redirects docker container

Nginx http https

NGINX (default.conf)

Dockerfile

More articles: