Jump to content
linuxserver.io

[Support] Linuxserver.io - Nginx

160 posts in this topic Last Reply

Recommended Posts

Spoke to Sparklyballs about this.  He's looking at the implications of this.  Depending on your point of view http2 may have some security implications is the concern.

 

I don't know much about this, but perhaps it's the reason why the Ubuntu repo carries an older version.

Share this post


Link to post

I think it's just because you're on ubuntu trusty/LTS which was released in 2014. They're only including security updates to avoid breaking changes, so nginx is frozen at version 1.4 which was the current version at the time.

 

Ubuntu vivd has nginx 1.6.2, wily includes nginx 1.9.3. If you used ppa:nginx/stable, you'd get nginx 1.8 which doesn't have http2 support (it was introduced in 1.9), but does add some other useful features which aren't in 1.4 such as weak etags for gzipped content. ppa:nginx/development (which tracks nginx mainline versions) does include http2.

 

The nginx release notes are here: http://nginx.org/en/CHANGES

 

If the nginx version is updated, http2 won't be on by default. It's only enabled if "http2" is added to your listen directive(s), for example "listen 443 default_server ssl http2;".

 

I believe there is a breaking change between nginx 1.4 and 1.9 with the default configs. The line "include /etc/nginx/fastcgi_params;" needs to be changed to "include /etc/nginx/fastcgi.conf;". To avoid any impact for users of the container, after performing the update /etc/nginx/fastcgi_params could be symlinked to /etc/nginx/fastcgi.conf.

 

edit: If the repositories are changed, it's probably best to change to ppa:nginx/stable, not development. That doesn't have http2 yet. It tracks official nginx stable releases.

Share this post


Link to post

Hi guys, trying to use this nginx docker as a reverse proxy for pydio. I can't seem to get sharing to work though, I keep getting 404ed and this is in my error log:

 "Primary script unknown" while reading response header from upstream, client: x.x.x.x, server: xxx, request: "POST /pydio/index.php? HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xxx", referrer: "https://xxx/pydio/settings/"

 

My nginx config:

	location /pydio/ {
	proxy_pass https://192.168.0.101:444/;
	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php5-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php5-fpm:
		#fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}
}

 

Any help would be appreciated. I suspect its something to do with the php and cgi thing, but I have no idea how to solve it :-\

Share this post


Link to post

Is there any way to prevent this Docker from making a "default" file/configuration when restarted under /config/nginx/site-confs ?  It is messing up my reverse proxy configuration.  I delete default & it then works.  Kind of a pain.

Share this post


Link to post

I'm trying to get Owncloud working in reverse proxy but no luck.

What is the changes I need to do to get this working?

//Peter

Share this post


Link to post

I'm trying to get Owncloud working in reverse proxy but no luck.

What is the changes I need to do to get this working?

//Peter

 

Peter, I don't use nginx, I use Apache, but here's how to get Owncloud working on server.com/owncloud for the config.php file in Owncloud.

 

$CONFIG = array (
  'instanceid' => 'INSTANCEID',
  'passwordsalt' => 'PASSWORD',
  'secret' => 'SECRET',
  'trusted_domains' => 
  array (
    0 => '192.168.0.1',
    1 => 'server.com',
  ),
  'datadirectory' => '/var/www/owncloud/data',
  'overwritewebroot' => '/owncloud',
  'overwrite.cli.url' => 'https://server.com',
  'overwritehost' => 'server.com',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '8.0.3.4',
  'dbname' => 'owncloud',
  'dbhost' => '192.168.0.1',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_USER',
  'dbpassword' => 'PASSWORD',
  'installed' => true,
  'forcessl' => true,
  'forceSSLforSubdomains' => true,
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',

 

In Apache the default.conf bit would be

 

<Location /owncloud>
ProxyPass https://192.168.0.1:8000
ProxyPassReverse https://192.168.0.1:8000
</Location>

 

Hope that helps a bit.

Share this post


Link to post

Thanks, I will try this. But open port 443 to the web server might be an issue? But that is needed to get this to work?

Share this post


Link to post

Thanks, I will try this. But open port 443 to the web server might be an issue? But that is needed to get this to work?

 

I'm not sure whether it will work on port 80 alone or not as I run everything over 443, got my certificates for Apache from StartSSL which is free for up to 5 subdomains.  All traffic on my webserver gets automatically redirected to 443.

Share this post


Link to post

I'm also using 443 and ssl certificate , is it safe Then to open port 443 in router and forward this to unraid ip?

Share this post


Link to post

Yes as long as you've got nginx secured properly. 

Share this post


Link to post

Smdion, any chance you have that write up? I'm having some trouble with nginx config for reverse proxies.

 

Also, the links below are broken. If you (or someone else) still have the config file that would help.

 

Is there a guide somewhere on how to get the reverse proxy working? I've always wanted to do this to make all the different services such as Sabnzbd and Sickrage easier to access. I've been messing with it for about 2 hours now and I'm completely lost...

 

Hey bb12489,

 

I wrote a guide a while back for Apache (https://www.linuxserver.io/index.php/overview-reverse-proxy-with-docker/). I just converted over to nginx and do not have a write up yet (i plan too, just been busy)

 

Here is my old apache config - https://www.seandion.com/owncloud/index.php/s/R4tJqfqb4opuOsp

Here is my new nginx config - https://www.seandion.com/owncloud/index.php/s/XpFigScMblZO2dJ

 

Those should help a bit more and I will be doing an nginx addition to that guide.

Share this post


Link to post

Smdion, any chance you have that write up? I'm having some trouble with nginx config for reverse proxies.

 

Also, the links below are broken. If you (or someone else) still have the config file that would help.

 

Sorry, but smdion has been missing for quite some time..  ???

Share this post


Link to post

I have done a lot of test for reverse proxy soluitions but it always fail :-(

 

What I like to see is a docker with reverse proxy/nginx/owncloud/letsencrypt/fail2ban :-)

 

I think that this can't be done  ;)  ;-)

//Peter

Share this post


Link to post

error.log is showing

 

 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.3, server: localhost, request: "GET /couchpotato HTTP/1.1", upstream: "http://127.0.0.1:5050/couchpotato", host: "192.168.1.2"

 

any ideas what could be causing this?

Share this post


Link to post

Use the IP address of your unraid box instead of 127.0.0.1

Share this post


Link to post

Any chance we can get access to the php.ini file within the docker?

 

There are a couple of php security changes i would like to make such as turning off allow_url_fopen but can not access the php.ini file in the config folder

 

Its a small one but would be useful if its possible

Share this post


Link to post

Hey all, if this is a dumb question sorry.  I am extremely new to all of this. 

 

- I'm having trouble seeing the default welcome page after nginx docker installation. My UnRaid webgui is using port 80 so I set up the nginx container port=80 / host port=8008 but all I see is an "unable to connect" page.  I've been reading through tons of documentation but I guess I'm just not seeing what I need to see.  Is there more configuration required just to be able to see the default welcome page?

 

Thanks in advance  :-\

Share this post


Link to post

Hey all, if this is a dumb question sorry.  I am extremely new to all of this. 

 

- I'm having trouble seeing the default welcome page after nginx docker installation. My UnRaid webgui is using port 80 so I set up the nginx container port=80 / host port=8008 but all I see is an "unable to connect" page.  I've been reading through tons of documentation but I guess I'm just not seeing what I need to see.  Is there more configuration required just to be able to see the default welcome page?

 

Thanks in advance  :-\

 

The webui link in the docker page will need changing,  but try going to http://tower:8008

 

Also check the nginx log via the docker page in the Unraid webui to make sure it's finished setup before you do so.

 

If it still doesn't work then a browser cache clear or try an alternative browser.

Share this post


Link to post

Hi

 

Are there any hardcore coders that have the skills to add the RTMP module for Nginx to this Docker?

I’m currently running a Windows Server installation with Nginx that I’m using to as an HTS live feed, and I am really interested to moving this to a Docker.

 

Share this post


Link to post

Just checking in here to see if anyone has been able to reverse proxy their DDWRT web gui's ?

 

Just seen this, why?  Sounds like a really really bad idea to me if this is going to be WAN facing....  :o

Share this post


Link to post

If anybody has the time, it would be nice to add Let's Encrypt support to the docker image so I can actually secure my website. (it should all be automatic once it's going, though)

 

Also, what on earth is reverse proxy? Let's say I have a Wordpress site. Does having reverse proxy let me connect to websites in my 'internal' network? Would it be something like this?

 

 

Client(Me)  ------>    Internet  ----->  Home Server -------> WordPress ------> Nginx  -------(some reverse proxy thing)----> Owncloud and other apps?

 

Is it something like this?

Share this post


Link to post

Reverse proxy:

 

Client > Internet > Server > Reverse Proxy and from there onto app1, app2, app3 etc

 

Sent from my LG-H815 using Tapatalk

 

 

Share this post


Link to post

Reverse proxy:

 

Client > Internet > Server > Reverse Proxy and from there onto app1, app2, app3 etc

 

Sent from my LG-H815 using Tapatalk

 

Thanks - but does that mean I have to set up all the apps one by one in the site-confs/?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.