Comments (16)
I did update all my packages and I got the latest docker image
from docker-nginx-ssl-proxy.
Request URL: https://support.cocoatech.com/discussions
Request Method: GET
Status Code: 302
Remote Address: 68.183.165.239:443
Referrer Policy: strict-origin-when-cross-origin
cache-control: no-cache, private
content-security-policy: default-src https: http: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://.tawk.to .tawk.to nrpc.olark.com hooks.slack.com; img-src 'self' http: https: data:; report-uri https://help.tenderapp.com/csp_report
content-type: text/html; charset=utf-8
date: Tue, 17 Aug 2021 22:40:30 GMT
location: https://support.cocoatech.com/discussions
p3p: CP="ALL DSP COR CUR ADM DEV OUR IND UNI"
server: nginx
set-cookie: anon_token=c4e40fd12; path=/; expires=Wed, 17-Aug-2022 22:40:30 GMT; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: allowall
x-permitted-cross-domain-policies: none
x-rack-cache: miss
x-request-id: 412a50de0138deccb8636b31a70e05e1
x-runtime: 0.018587
x-ua-compatible: IE=Edge,chrome=1
x-xss-protection: 1; mode=block
:authority: support.cocoatech.com
:method: GET
:path: /discussions
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
cookie: anon_token=c4e40fd12
pragma: no-cache
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-site
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
from docker-nginx-ssl-proxy.
My guess would be that your origin server is not recognizing the headers passed by the proxy which indicate that the connection is over SSL. It's probably trying to redirect to SSL, when the connection is already happening over SSL (it just doesn't know it). The log output from the docker container might help debug, as would logs from the origin server.
from docker-nginx-ssl-proxy.
docker logs
192.99.13.186 - - [17/Aug/2021:23:06:16 +0000] "GET /discussions/problems/33066-path-finder-715-wont-start/toggle_access HTTP/1.1" 302 174 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)" "-"
178.63.87.197 - - [17/Aug/2021:23:06:19 +0000] "GET /discussions/problems/120728-refresh-of-tags HTTP/1.1" 302 150 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)" "-"
45.17.138.136 - - [17/Aug/2021:23:06:19 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:19 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:19 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
45.17.138.136 - - [17/Aug/2021:23:06:20 +0000] "GET /discussions HTTP/2.0" 302 107 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" "-"
from docker-nginx-ssl-proxy.
but it seems the server is getting hit by other users?
178.63.87.197 - - [17/Aug/2021:23:06:49 +0000] "GET /discussions/problems/120728-refresh-of-tags HTTP/1.1" 302 150 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)" "-"
54.36.148.248 - - [17/Aug/2021:23:06:51 +0000] "GET /discussions/problems/31933-pf712-fail-on-boot-segfault-error/comments/1 HTTP/1.1" 301 162 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)" "-"
178.63.87.197 - - [17/Aug/2021:23:06:55 +0000] "GET /discussions/problems/120728-refresh-of-tags HTTP/1.1" 302 150 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)" "-"
178.63.87.197 - - [17/Aug/2021:23:07:01 +0000] "GET /discussions/problems/120728-refresh-of-tags.atom?category=problems&discussion=120728-refresh-of-tags HTTP/1.1" 301 162 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)" "-"
from docker-nginx-ssl-proxy.
server is here: https://support.cocoatech.com/discussions
from docker-nginx-ssl-proxy.
nginx-ssl-proxy:
image: danieldent/nginx-ssl-proxy
restart: always
environment:
SECURITY_HEADERS: skip
UPSTREAM: cocoatech.tenderapp.com
SERVERNAME: support.cocoatech.com
ports:
- "80:80"
- "443:443"
volumes:
- "./cert:/etc/letsencrypt"
from docker-nginx-ssl-proxy.
A few hours ago I deleted the docker image and did another docker-compose up -d, so it should be fresh.
And it worked for years.
I had to update it because I was using an old ACME v1? So I updated everything.
from docker-nginx-ssl-proxy.
I just restarted removing that SECURITY_HEADERS just to test. No difference
from docker-nginx-ssl-proxy.
Here's what I'm trying to do. I have this support server at cocoatech.tenderapp.com (3rd party service)
But I wanted the users to go through my own domain support.cocoatech.com
So I set up a digital ocean server and run your docker image to forward to tenderapp.com
68.183.165.239
is my ip address of the digital ocean
from docker-nginx-ssl-proxy.
The cocoatech.tenderapp.com service has stopped honouring the X-Forwarded-Proto header and/or has implemented https for themselves. This is probably for the best, as you've been passing your traffic unencrypted to them, presumably over a public network. This proxy image connects to the upstream server over http. You'd need to create a custom configuration /build to connect to the origin over https.
url -v -H "X-Forwarded-Proto: https" http://cocoatech.tenderapp.com
* Trying 192.228.96.17:80...
* Connected to cocoatech.tenderapp.com (192.228.96.17) port 80 (#0)
> GET / HTTP/1.1
> Host: cocoatech.tenderapp.com
> User-Agent: curl/7.72.0
> Accept: */*
> X-Forwarded-Proto: https
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Server: nginx/1.16.0
< Date: Tue, 17 Aug 2021 23:27:53 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< P3P: CP="ALL DSP COR CUR ADM DEV OUR IND UNI"
< Location: https://cocoatech.tenderapp.com/
< X-UA-Compatible: IE=Edge,chrome=1
< Cache-Control: no-cache
< Set-Cookie: anon_token=6e2ad6daa; path=/; expires=Wed, 17-Aug-2022 23:27:53 GMT; HttpOnly; SameSite=Lax
< X-Request-Id: 990b1ed6ff1a10a4806d29563bb8f606
< X-Runtime: 0.017960
< X-Rack-Cache: miss
< Content-Security-Policy: default-src https: http: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://*.tawk.to *.tawk.to nrpc.olark.com hooks.slack.com; img-src 'self' http: https: data:; report-uri https://help.tenderapp.com/csp_report
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: allowall
< X-Permitted-Cross-Domain-Policies: none
< X-XSS-Protection: 1; mode=block
<
* Connection #0 to host cocoatech.tenderapp.com left intact
<html><body>You are being <a href="https://cocoatech.tenderapp.com/">redirected</a>.</body></html>
from docker-nginx-ssl-proxy.
I know almost nothing about this. How do I configure your docker image to do this?
from docker-nginx-ssl-proxy.
If it's difficult, I could just remove the whole thing and use their url.
from docker-nginx-ssl-proxy.
But I'm kind of worried about existing links that people might have saved or referred to in the forums.
from docker-nginx-ssl-proxy.
hey, I got it working!
I changed this:
upstream origin {
server cocoatech.tenderapp.com:443;
}
And this:
proxy_pass https://origin;
from docker-nginx-ssl-proxy.
😄
from docker-nginx-ssl-proxy.
Related Issues (20)
- Option to Change Challenge Port HOT 1
- Problem with proxies HOT 2
- aarch64 compatibility
- Ensure Container is available at Domain Name before proceeding to Let's Encrypt Checks HOT 4
- too many certificates issued HOT 2
- acme challenge deleted before verification
- How set proxy_set_header? HOT 3
- Timeout exceed while awaiting headers
- Reduce nginx stdout verbosity HOT 2
- proxy_pass can't be http://origin HOT 1
- feature request: custom error pages
- Registering *with* email? HOT 1
- Stop acquiring new certificate if it's already available in /etc/letsencrypt folder HOT 3
- How to use DNS TXT record ? HOT 1
- Documentation: fix docker-compose.yml
- Should be noted that http validation is used
- UPSTREAM difficult to get right
- Multiple domains on one docker host
- Potential security hole with ssl_dhparam HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-nginx-ssl-proxy.