Hello,
The YAML file is as follows:
services:
nginx:
container_name: Nginx
build:
context: /home/containers/nginx
dockerfile: Dockerfile
ports:
- '80:80'
- '443:443'
volumes:
- /home/containers/nginx/nginx.conf:/etc/nginx/nginx.conf
- "/var/run/docker.sock:/var/run/docker.sock"
links:
- user
depends_on:
- user
user:
container_name: User
hostname: User
build:
context: /home/containers/user
dockerfile: Dockerfile
expose:
- "3000"
ports:
- "3000:3000"
environment:
- PORT=3000
volumes:
- /home/containers/user:/usr/src/app
- "/var/run/docker.sock:/var/run/docker.sock"
command: npm start
The Node.js is running on port 3000 and the Nginx configuration file is as follows:
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
pid /run/nginx.pid;
pcre_jit on;
events
{
worker_connections 16384;
multi_accept on;
use epoll;
}
worker_rlimit_nofile 33268;
http {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
server {
server_name _;
listen 80;
# listen [::]:443 ssl default_server;
# listen 443 ssl default_server;
error_log /var/log/nginx/error.system-default.log;
access_log /var/log/nginx/access.system-default.log;
charset utf-8;
return 403;
# ssl_certificate /etc/ssl/certs/ssl.pem;
# ssl_certificate_key /etc/ssl/private/ssl.key;
location / {
proxy_pass http://User:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# root /var/www/empty-webroot/;
resolver 127.0.0.53;
resolver_timeout 60s;
# include /etc/nginx/conf.d/*.conf;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ecdh_curve X25519:X448:secp256r1:secp384r1:secp521r1:sect571r1;
# ssl_session_timeout 1d;
# ssl_session_cache shared:SSL:50m;
# ssl_session_tickets off;
# ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256->
# ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
server_tokens off;
proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNet-Version;
proxy_hide_header X-AspNetMvc-Version;
proxy_hide_header X-Runtime;
proxy_hide_header X-Redirect-By;
# more_set_headers "Server : ";
# more_set_headers "X-XSS-Protection : 0";
# more_set_headers "X-Content-Type-Options : nosniff"
# more_set_headers "X-Download-Options : noopen";
# more_set_headers "X-Permitted-Cross-Domain-Policies : none"
gzip on;
gzip_min_length 1499;
gzip_disable "msie6";
gzip_vary on;
gzip_static on;
gzip_proxied any;
gzip_comp_level 4;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/wasm application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml application/xml
image/bmp
image/svg+xml
image/x-icon
font/opentype
text/cache-manifest
text/css
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml
application/xml+rss;
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 130;
limit_req_zone $binary_remote_addr zone=allips:10m rate=500r/s;
limit_req zone=allips burst=400 nodelay;
limit_req_status 429;
limit_conn_status 429;
open_file_cache max=5000 inactive=240s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
client_max_body_size 20M;
client_header_buffer_size 5k;
large_client_header_buffers 2 2k;
client_body_buffer_size 32k;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
# sendfile on;
tcp_nopush on;
tcp_nodelay on;
}
I got following error:
# curl localhost:80
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
The log file is as follows:
# cat access.system-default.log
172.21.50.67 - - [01/Jun/2024:07:37:22 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:22 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
172.18.0.1 - - [01/Jun/2024:07:37:41 +0000] "GET / HTTP/1.1" 403 146 "-" "curl/7.88.1"
Where is the configuration wrong?
Thank you.
