Hi guys,
Issue Type:
Nginx as reverse proxy over ssl:
My app succesfully are working when I browse using just http and the port but for the live of me I can’t get this working using nginx as a reverse proxy over ssl. I am using asp.net core.
OS build: Ubuntu 16.04
App version: ASP.Net Core 2.1.2
Steps to reproduce:
docker ps:
docker-compose.yml
version: '3.4' services: mylifeline.monitor: image: mylifelineio/monitor container_name: mylifeline.monitor restart: always environment: DB_CONNECTION_STRING: "host=postgres_image;port=5432;database=user;username=user;password=mypassword" ports: - "5000:80" - "5001:443" depends_on: - postgres_image postgres_image: image: postgres:alpine restart: always volumes: - data:/var/lib/postgresql/data - ./postgres/init.sql:/docker-entrypoint-initdb.d/init.sql ports: - "5432" environment: POSTGRES_USER: "user" POSTGRES_PASSWORD: "mypassword" POSTGRES_DB: "user" proxy: image: nginx container_name: nginx restart: always ports: - "80:80" - "443:443" links: - mylifeline.monitor volumes: - /etc/nginx-docker/:/etc/nginx/ volumes: data: {}
nginx.conf
worker_processes 4; ## Default: 1 events { worker_connections 4096; ## Default: 1024 } http { limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s; server_tokens off; sendfile on; keepalive_timeout 29; # Adjust to the lowest possible value that makes sense for your use case. client_body_timeout 10; client_header_timeout 10; send_timeout 10; upstream app_servers{ server mylifeline.monitor:5001; } server { listen 80 default_server; listen [::]:80 default_server; add_header Strict-Transport-Security max-age=15768000; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name *.mylifeline.io; ssl_certificate /etc/nginx/certs/ssl-bundle.crt; ssl_certificate_key /etc/nginx/certs/mylifeline.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling off; #ensure your cert is capable ssl_stapling_verify off; #ensure your cert is capable add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; #Redirects all traffic location / { proxy_pass http://app_servers; limit_req zone=one burst=10 nodelay; } } }
Browser error:
502 bad Gateway, certificate is however showing green
Logs
mylifeline.monitor | Hosting environment: Development mylifeline.monitor | Content root path: /app mylifeline.monitor | Now listening on: http://[::]:80 mylifeline.monitor | Application started. Press Ctrl+C to shut down. nginx | 2018/08/16 11:54:20 [error] 8#8: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 105.226.197.228, server: *.mylifeline.io, request: "GET / HTTP/2.0", upstream: "ht"test.mylifeline.io" nginx | 105.226.197.228 - - [16/Aug/2018:11:54:20 +0000] "GET / HTTP/2.0" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" nginx | 2018/08/16 11:54:20 [error] 8#8: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 105.226.197.228, server: *.mylifeline.io, request: "GET /favicon.ico HTTP/2.0", up1/favicon.ico", host: "test.mylifeline.io", referrer: "https://test.mylifeline.io/" nginx | 105.226.197.228 - - [16/Aug/2018:11:54:20 +0000] "GET /favicon.ico HTTP/2.0" 502 568 "https://test.mylifeline.io/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Ch36" nginx | 51.68.227.88 - - [16/Aug/2018:11:55:07 +0000] "GET /xmlrpc.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6" nginx | 2018/08/16 11:56:40 [error] 7#7: *6 connect() failed (111: Connection refused) while connecting to upstream, client: 67.21.36.3, server: *.mylifeline.io, request: "GET /robots.txt HTTP/1.1", upstream: "http://172.18.0.3:5001/robots.txt", host: "46.101.187.31" nginx | 67.21.36.3 - - [16/Aug/2018:11:56:40 +0000] "GET /robots.txt HTTP/1.1" 502 166 "-" "Mozilla/5.0 zgrab/0.x"