I am trying to run this docker container cocalc (GitHub - sagemathinc/cocalc-docker: Docker setup for running CoCalc as downloadable software on your own computer) on my machine at home. I run multiple other web services that are behind my nginx reverse proxy, and they work well. But I can’t get the reverse proxy (which is on the host, not in a docker container) to connect to my Docker container.

Here is my current nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/sites-enabled/cocalc;
       [other includes redacted]
}

Here is my current sites-available/cocalc config:

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}

server {
    listen 57528 ssl;
    listen [::]:57528 ssl;
    server_name cocalc.[].net;
    location / {
        proxy_pass https://localhost:33333/; # The / is important!
       # this enables proxying for websockets, which cocalc uses extensively:

        # this enables proxying for websockets, which cocalc uses extensively:
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;




    }
    # You can also leave these two lines out and use certbot
        ssl_certificate     /etc/letsencrypt/live/[]/fullchain.pem ;
        ssl_certificate_key /etc/letsencrypt/live/[]/privkey.pem ;
}

Here is the Nginx error log:

2023/01/23 00:44:54 [error] 98892#98892: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: GNREDACTED HOME IP
2023/01/23 00:44:55 [error] 98892#98892: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: GNREDACTED HOME IP
2023/01/23 00:44:55 [error] 98892#98892: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: GNREDACTED HOME IP
2023/01/23 00:48:46 [info] 99041#99041: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:65
2023/01/23 00:48:50 [error] 99046#99046: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: GNREDACTED HOME IP
2023/01/23 00:48:50 [error] 99046#99046: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: GNREDACTED HOME IP
2023/01/23 00:48:51 [error] 99046#99046: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: GNREDACTED HOME IP
2023/01/23 00:48:52 [error] 99046#99046: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: GNREDACTED HOME IP

Here is the docker run command I use:

docker run --name=cocalc --expose 33333 -d -v ~/cocalc:/projects -p 33333:443 sagemathinc/cocalc

Here is information about my docker installation:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.9.1-docker)
  compose: Docker Compose (Docker Inc., v2.14.1)
  scan: Docker Scan (Docker Inc., v0.23.0)

Server:
 Containers: 10
  Running: 1
  Paused: 0
  Stopped: 9
 Images: 5
 Server Version: 20.10.22
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.0-58-generic
 Operating System: Ubuntu 22.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.51GiB
 Name: REDACTED
 ID: FLWG:VAJO:S3MK:RZ5M:ELNV:ZH2O:LZMO:TOEH:WHVN:HHMR:Z6L4:3EFW
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

I keep getting a 502 bad gateway error. Here is the result of netstat -tulpn | grep 33333:

sudo netstat -tulpn | grep 33333

tcp        0      0 0.0.0.0:33333           0.0.0.0:*               LISTEN      98575/docker-proxy  
tcp6       0      0 :::33333                :::*                    LISTEN      98581/docker-proxy  

Please let me know if you have any idea what could be wrong, thanks. Also, docker ps shows that the container is up and running fine.