0

I've looked through a few different posts, but can't seem to find the adequate config for NGINX to SSL a port, hosting a docker app (e.g. portainer, or homeassist)

As of right now I have it working so that https://internal.example.com is currently enabled with SSL for an arbitrary index.html space.

I have portainer mapped in my router from 5100:9000 and if I access http://internal.example.com:5100, I can get to my portainer.

However, when trying https://internal.example.com:5100 the result is: SSL_ERROR_RX_RECORD_TOO_LONG

server {
    listen      80;
    listen [::]:80;
    server_name internal.example.com;

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    #for certbot challenges (renewal process)
    location ~ /.well-known/acme-challenge {
        allow all;
        root /data/letsencrypt;
    }
}

#https://internal.example.com
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name internal.example.com;

    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/internal.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/internal.example.com/privkey.pem;

    ssl_buffer_size 8k;

    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    ssl_certificate /etc/letsencrypt/live/internal.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/internal.example.com/privkey.pem;

    root /usr/share/nginx/html;
    index index.html

    return 301 https://internal.example.com$request_uri;
}

What am I missing to have that configuration file address a) 1 port of a docker port or b) any future docker ports.

Update: 2018-08-20 I've added the server block:

server {
  listen 8223 ssl;
  server_name int.example.com;

  ssl_certificate /etc/letsencrypt/live/int.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/int.example.com/privkey.pem;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

location /{
        proxy_set_header Host $host:$server_port;
        proxy_pass http://192.168.1.199:8123/;
        #proxy_redirect http://192.168.1.199:8123/ $scheme://$host:9443;
    }
}

However, its almost as if it's not even listening on the port, because it simply times out.

Improve this question

1 Answer 1

Reset to default
1

You are needed another server config in your nginx which will setup ssl on a port 5100. See this post for details

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I attempted a similar config, do I just then remove this portion? root /var/www/myexample.com; index index.html index.htm; Because I have no index to refer to, it's the contents of the docker container.
you may need to replace that with what it should be for your specific case
Right, but if it's a docker container I don't necessarily have an index.html, so does that go to the container file? How would I get it to just retrieve what natively pulls from int.example.com:5100
if your app is static - package you container image with those static files, if the app is dynamic - proxy the request to the further systems. Basically, it is the same as you would do without docker

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.