Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reverse proxy with nginx #18

Closed
sebdanielsson opened this issue Dec 1, 2020 · 4 comments
Closed

Reverse proxy with nginx #18

sebdanielsson opened this issue Dec 1, 2020 · 4 comments

Comments

@sebdanielsson
Copy link

Hi!

I'm trying to run podify behind a nginx reverse proxy but I'm getting an error in Safari:

Too many redirects occurred trying to open “https://podify.hogwarts.zone”. This might occur if you open a page that is redirected to open another page, which then is redirected to open the original page.

Any idea how I should configure podify to make this work?

Here's my docker-compose.yml

version: '3.4'

x-app-defaults: &app-defaults
  restart: always
  environment: &app-env
    URL_HOST: https://podify.hogwarts.zone
    DATABASE_URL: postgres://podify:verysecurepassword@db/podify
    REDIS_URL: redis://redis
    SECRET_KEY_BASE: SECRET
    RAILS_LOG_TO_STDOUT: "yes"
    STORAGE_DIR: /storage
    INITIAL_USER_EMAIL: SECRET
    INITIAL_USER_PASSWORD: SECRET
    ENABLE_SIGNUP: "no"

  volumes:
    - storage:/storage

  depends_on:
    - db
    - redis

services:
  web:
    <<: *app-defaults
    image: maxhollmann/podify-web:latest
    #ports:
      #- 3000:3000
    environment:
      <<: *app-env

  worker:
    <<: *app-defaults
    image: maxhollmann/podify-worker:latest
    environment:
      <<: *app-env

  db:
    image: postgres:12.3
    restart: always
    environment:
      POSTGRES_USER: podify
      POSTGRES_PASSWORD: verysecurepassword
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - pgdata:/var/lib/postgresql/data/pgdata

  redis:
    image: redis:6
    restart: always

volumes:
  pgdata:
  storage:

networks:
  default:
    external:
      name: nginx-certbot_default
@maxhollmann
Copy link
Collaborator

Can you share your nginx config?

@sebdanielsson
Copy link
Author

Here is my site config for nginx:


server {
    # this is the internal Docker DNS, cache only for 30s
    resolver 127.0.0.11 valid=30s;

    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             podify.hogwarts.zone;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/podify.hogwarts.zone/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/podify.hogwarts.zone/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/podify.hogwarts.zone/chain.pem;

    # security headers
    add_header X-Frame-Options           "SAMEORIGIN" always;
    add_header X-XSS-Protection          "1; mode=block" always;
    add_header X-Content-Type-Options    "nosniff" always;
    add_header Referrer-Policy           "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    # . files
    location ~ /\.(?!well-known) {
        deny all;
    }

    # reverse proxy
    location / {
        set $upstream podify_web_1;
        proxy_pass http://$upstream:3000;
        proxy_http_version	1.1;
        proxy_cache_bypass	$http_upgrade;
        proxy_set_header Upgrade			$http_upgrade;
        proxy_set_header Connection 		"upgrade";
        proxy_set_header Host				$host;
        proxy_set_header X-Real-IP			$remote_addr;
        proxy_set_header X-Forwarded-For	$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto	$scheme;
        proxy_set_header X-Forwarded-Host	$host;
        proxy_set_header X-Forwarded-Port	$server_port;

        # Proxy timeouts
        proxy_connect_timeout              60s;
        proxy_send_timeout                 60s;
        proxy_read_timeout                 60s;

    }

    # favicon.ico
    location = /favicon.ico {
    	log_not_found off;
    	access_log off;
    }

    # robots.txt
    location = /robots.txt {
    	log_not_found off;
    	access_log off;
    }

    # gzip
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

    # brotli
    #brotli on;
    #brotli_comp_level 6;
    #brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}

# HTTP redirect
server {
    listen  80;
    listen  [::]:80;
    server_name             podify.hogwarts.zone;

    # ACME-challenge
    location ^~ /.well-known/acme-challenge/ {
    	root /var/www/certbot;
    }

    location / {
        return 301 https://podify.hogwarts.zone$request_uri;
    }
}

@sebdanielsson
Copy link
Author

See anything strange in my proxy config? :)

@maxhollmann
Copy link
Collaborator

Not really, looks good to me. Can you check what the logs of the web service say when this happens?

@madindehead madindehead mentioned this issue Sep 16, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maxhollmann @sebdanielsson