NGINX SSL Pass-thru and Docker

docker nginx ssl proxypass passthrough

Solution 1:

You cannot have multiple application layer protocols on the same combination of IP address and port. This means that you cannot have both HTTP and HTTPS at the same port but also that you cannot have HTTP and stream (i.e. unspecified application layer protocol) on the same ip:port.

But given that you actually use stream to forward HTTP and HTTPS you might just use normal reverse proxies (proxy_pass) instead of stream, i.e. have virtual hosts for foo.com and bar.com as you currently have and then have another virtual host for mail.foo.com which is a reverse proxy to your mailcow instance. Since this will be a real HTTP/HTTPS reverse proxy and not a TCP level pass-thru the certificate for mailcow need to be installed on nginx. You also can simply forward both the external HTTPS and HTTP to the HTTP interface of mailcow and let only nginx deal with HTTPS. The setup would look something like this:

server {
    listen 80;
    servername mail.foo.com;
    location / {
        proxy_pass http://127.0.0.1:3333;
    }
}
server {
    listen 443 ssl;
    servername mail.foo.com;
    ssl_certificate ...
    ssl_certificate_key ...
    location / {
        proxy_pass http://127.0.0.1:3333;
    }
}

Related

Will a NVMe<>PCIe gen3 x4 (physical x16) Adapter use x8 of PCIe gen2?
What should be the MTU Size for Windows Servers on the same Network
PCIe gen3 x4 card in PCIe gen2 x8 slot - full performance possible?
How can one fix the Pesky windows of "Windows installer" which pops up every time
Why can't systemd find service files within a BTRFS subvolume within a BTRFS root file system?
Outgoing email not encrypted
Group Policy Exemptions using filters
Cron Daemon Error Related To ionCube
How can you see clearly process data from ps -u $user?
DSADD users via CSV on Server 2008
NFS to NFS mount
Linode / Nanode - Out of memory, when running yum update