I am having problems getting bookstack to work behind my nginx reverse proxy. Following are my config files:
letsencrypt configuration: /config/nginx/site-confs/default
# On letsencrypt proxy
server {
listen 443 ssl;
server_name bookstack.mydomain.com;
root /config/www;
index index.html index.htm index.php;
###SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
###Diffie-Hellman key exchange ###
ssl_dhparam /config/nginx/dhparams.pem;
###SSL Ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES1'; #this line is much longer and copied from other configs, so it should not be the problem
###Extra Settings###
ssl_prefer_server_ciphers on;
#ssl_session_cache shared:SSL:1m;
### Add HTTP Strict Transport Security ###
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;
client_max_body_size 0;
location / {
proxy_pass http://192.168.0.15:6875/;
#proxy_redirect http://192.168.0.15:6875/ https://bookstack.mydomain.com/login;
proxy_max_temp_file_size 2048m;
include /config/nginx/proxy.conf;
}
}
Bookstack Configuration: /config/www/.env
# Application key
# Used for encryption where needed.
# Run `php artisan key:generate` to generate a valid key.
APP_KEY=base64:Z0Rsbv/9gHq8Nezl7gT1jtYClYmTyNRPUILFRt6+Sw8=
# Application URL
# Remove the hash below and set a URL if using BookStack behind
# a proxy, if using a third-party authentication option.
# This must be the root URL that you want to host BookStack on.
# All URL's in BookStack will be generated using this value.
APP_URL=http://bookstack.mydomain.com
# Database details
DB_HOST=172.17.0.5:3306
DB_DATABASE=bookstack
DB_USERNAME=dbuser
DB_PASSWORD=my.secret.password.for.dbuser
# Mail system to use
# Can be 'smtp', 'mail' or 'sendmail'
MAIL_DRIVER=smtp
# SMTP mail options
MAIL_HOST=localhost
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
Error Log on letsencrypt proxy: /config/log/nginx/error.log
2019/03/24 13:07:55 [error] 353#353: *521 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 25.25.25.25, server: bookstack.mydomain.com, request: "GET / HTTP/1.1", upstream: "https://192.168.0.15:6875/", host: "bookstack.mydomain.com"2019/03/24 13:07:55 [error] 353#353: *521 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 25.25.25.25, server: bookstack.mydomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://192.168.0.15:6875/favicon.ico", host: "bookstack.mydomain.com", referrer: "https://bookstack.mydomain.com/"
I followed the instructions here, as suggested, and I know it's connecting to the database. When I set the APP_URL variable in the .env file inside of bookstack, I can access bookstack locally from 192.168.0.15:6875. I can login and make stuff. When I navigate to https://bookstack.mydomain.com, I get a 502 Bad Gateway error. My first inclination was to read the logs. I researched the aforementioned error, and tried some things. At this point I am flailing. Any help would be greatly appreciated. I feel like I have spent days reading documentation, and I have learned a lot, but none of the things I have implemented work. I know this is an easy solution that I am just not seeing, because I use the letsencrypt proxy for many other things. Again, any help would be greatly appreciated.
Ok. I filled out an ID10T form, as well. I was had a port mapping from the Bookstack's docker IP from 172.17.0.7:80 to 192.168.0.15:6875. I referenced that same IP:PORT in my proxy_pass line. I was getting the SSL error, because I was trying to negotiate SSL to Bookstack's HTTP service, not it's HTTPS service. My setup is working perfectly, now.