Nginx handle SSL and proxy pass to HTTP backend in docker but tries to keep serving local content
I try to set up a docker-compose environment in which a Nginx container receives HTTPS requests, handles the SSL and reverse proxies them to a dotnet-core app which only implements HTTP.
This topic has been discussed here several times and I tried to create a minimal configuration that just serves this purpose ( Similar to this: NGINX SSL Pass-thru and Docker )
The problem is, that Nginx reponds with a 404 despite being configured to proxy_pass requests to the dotnet-core app which currently simply respons 'Hello world' to all requests.
nginx_1 | 2021/06/25 04:07:54 [error] 24#24: *1 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 210.61.91.199, server: tgdev.pillepalle1.de, request: "GET / HTTP/1.1", host: "tgdev.pillepalle1.de"
I connected with the container and extracted the setup from there
root@70e20feb4fae:/etc/nginx# ls -l
total 32
drwxr-xr-x 1 root root 4096 Jun 25 01:49 conf.d
-rw-r--r-- 1 root root 1007 May 25 12:28 fastcgi_params
-rw-r--r-- 1 root root 5290 May 25 12:28 mime.types
lrwxrwxrwx 1 root root 22 May 25 13:01 modules -> /usr/lib/nginx/modules
-rw-r--r-- 1 root root 648 May 25 13:01 nginx.conf
-rw-r--r-- 1 root root 636 May 25 12:28 scgi_params
-rw-r--r-- 1 root root 664 May 25 12:28 uwsgi_params
root@70e20feb4fae:/etc/nginx# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
root@70e20feb4fae:/etc/nginx/conf.d# ls
certbot.conf default.conf
root@70e20feb4fae:/etc/nginx/conf.d# cat default.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
# return 301 https://$host/$request_uri;
proxy_pass http://tgwebapp:80;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name localhost;
ssl_certificate /etc/letsencrypt/live/this/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/this/privkey.pem;
location / {
proxy_pass http://tgwebapp:80;
}
}
root@70e20feb4fae:/etc/nginx/conf.d# cat certbot.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
location /.well-known/ {
proxy_pass http://certbot;
}
}
There is no entry that should nginx cause to serve /etc/nginx/html/index.html. What am I missing?
Solution 1:
You have two duplicate virtual hosts set up, one in certbot.conf and second in default.conf. Both virtual hosts operate on port 80 and server_name localhost. Therefore nginx ignores the other one and always uses the first one.
To fix this, remove certbot.conf and use the following in default.conf:
server {
listen 80;
listen [::]:80;
server_name localhost;
location /.well-known/ {
proxy_pass http://certbot;
}
location / {
# return 301 https://$host/$request_uri;
proxy_pass http://tgwebapp:80;
}
}