Hi,
I got a server which is running multiple projects. One is smarthome, one is nextcloud, in future I maybe add git or something. I want all services exposed with https on port 443 and they should be distinguished over the hostname. They are on different subdomains. I am using nginx as a proxy.
I thought of how to encapsulate all projects and ended up with giving each project a different network so they can internally use the same ports. We have a network called cloud and one for smarthome…
If I would add an own nginx container for each project they would all use port 443 on the host and this would not work so I created one ‘god container’ with the whole nginx configuration (sure you could put all configs into a folder and link the configurations from the project folders; maybe later).
When I add one network it works: Port 80 will be redirected to 443; If it was accessed from a different hostname it gets rejected; If everything is fine, it opens the projects website.
When I add a network from another project it doesn’t work anymore and the websites just time out.
This is my conpose with two added networks, which doesnt work for me:
version: '3'
services:
nginx:
container_name: nginx
image: nginx:stable
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./public.cer:/etc/ssl/public.cer
- ./private.key:/etc/ssl/private.key
environment:
- TZ=Europe/Berlin
restart: always
networks:
- smarthome
- cloud
ports:
- "443:443"
- "80:80"
networks:
smarthome:
external: true
cloud:
external: true
And this is my nginx config for one project. For more projects would copy the last part and change the server_name and proxy_pass accordingly:
events {
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
ssl_certificate /etc/ssl/public.cer;
ssl_certificate_key /etc/ssl/private.key;
server_name _;
return 404;
}
server {
listen 443 ssl;
server_name subdomain.domain.de;
ssl_certificate /etc/ssl/public.cer;
ssl_certificate_key /etc/ssl/private.key;
location / {
proxy_pass http://containername:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
Does somebody know how I can solve that problem?