I have local docker setup with nginx as reverse proxy, self-signed SSL certs, mariadb, and wordpress.
Everything works well except when fetching resources on the local domain.
Let’s say the domain name is myapp.local. I have added this in the /etc/hosts and the site is loading on this domain over https.
Problem occurs when php functions like file_get_contents() or simplexml_load_file() are fetching local assets.
For an example: file_get_contents('https://myapp.local/icon.svg');
Then I get a warning:
Failed to open stream: Connection refused
Here is my docker-compose file:
${DOMAIN} is set to myapp.local in .env file.
version: '3.6'
services:
nginx:
container_name: myapp-nginx
image: nginx:latest
ports:
- 80:80
- 443:443
volumes:
- ./config/nginx.conf:/tmp/default.template
- ./certs:/etc/certs
- wp_data:/var/www/html:rw,cached
- ./www:/var/www/html/wp-content
depends_on:
- wordpress
restart: always
entrypoint: /bin/bash -c 'cat /tmp/default.template | sed "s/\\\$$domain/${DOMAIN}/g" > /etc/nginx/conf.d/default.conf && nginx -g "daemon off;"'
networks:
webnet:
aliases:
- myapp.local
mysql:
container_name: myapp-mysql
image: mariadb:latest
volumes:
- ./db_data:/var/lib/mysql
- ./config/db.cnf:/etc/mysql/conf.d/db.cnf
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: root
MYSQL_PASSWORD: root
MYSQL_DATABASE: myapp
restart: always
ports:
- 3306:3306
networks:
- webnet
wordpress:
container_name: myapp-wordpress
image: wordpress:php8.0-fpm
volumes:
- ./config/php.ini:/usr/local/etc/php/conf.d/php.ini
- wp_data:/var/www/html:rw,cached
- ./www:/var/www/html/wp-content
depends_on:
- mysql
restart: always
environment:
WORDPRESS_DB_NAME: myapp
WORDPRESS_TABLE_PREFIX: wp_
WORDPRESS_DB_HOST: mysql
WORDPRESS_DB_USER: root
WORDPRESS_DB_PASSWORD: root
WORDPRESS_DEBUG: 1
networks:
- webnet
extra_hosts:
- "myapp.local:127.0.0.1"
networks:
webnet:
external: true
driver: bridge
volumes:
db_data: {}
wp_data: {}
nginx conf:
server {
listen 80;
listen [::]:80;
server_name $domain;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name $domain www.$domain;
ssl_certificate /etc/certs/$domain.pem;
ssl_certificate_key /etc/certs/$domain-key.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
root /var/www/html;
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 0;
gzip_types text/plain application/javascript text/css text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype;
client_max_body_size 100M;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
I’m struggling with this for weeks. I’ve tried numerous options and I’m stuck. What am I missing here? Any help is appreciated.
p.s.: rewriting/swapping functions isn’t an option since these are coming from third-party plugins.