NGINX Headers For Docker

In case you run docker behind nginx some of your container might need specific headers otherwise a browser trying to access them might want to connect to a local or private address, something like https://127.0.0.1:8080. This will not work. Unless, of course you run docker on your workstation. Below you can find the headers required to avoid this issue:

        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";

Here is a complete nginx configuration file, you can include this under /etc/nginx/conf.d/

server {
    if ($host = yourhostname.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


     listen  80;
     server_name yourhostname.org;

     location / {
             return 301 https://$server_name$request_uri;
     }

}

 server {
     listen          443;
     server_name     yourhostname.org;

     access_log      /var/log/nginx/yourhostname.org-acces.log  main;
     error_log       /var/log/nginx/yourhostname.org-error.log;

     ssl on;
     ssl_certificate /etc/letsencrypt/live/yourhostname.org/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/yourhostname.org/privkey.pem; # managed by Certbot


     location / {
        limit_req zone=limited burst=200 nodelay;
        proxy_pass      http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";
     }


}

8080 is the port on which your docker is listening:

% docker ps|grep 8080
a6108ec10751   lscr.io/linuxserver/chevereto   "/init"                  2 hours ago    Up 2 hours    443/tcp, 0.0.0.0:8080->80/tcp                          chevereto

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.