2

I have run a docker container with nextcloud image (from here https://hub.docker.com/_/nextcloud/) with this script:

docker run \
--rm \
--detach \
--publish 54002:80 \
--name cloud.example.com \
--volume /srv/cloud.example.com/:/var/www/html \
nextcloud

And I Have made a reverse proxy with nginx:

server {
        listen *:80;
        server_name cloud.example.com;
        proxy_set_header Host cloud.example.com;
        location / {
        rewrite ^(.*)$ https://cloud.example.com$1 permanent;
        }
}

server {
        listen *:443 ssl http2;
        server_name     cloud.example.com;
        proxy_set_header Host cloud.example.com;
        set $service_port 54002;
        set $service_ip 192.168.2.33;
        ssl_certificate         /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
        ssl_certificate_key             /etc/letsencrypt/live/cloud.example.com/privkey.pem;

        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;

        location / {
                proxy_pass http://$service_ip:$service_port;
        }
}

And I get 502 error code. I have checked from local network http://server_ip:54002, it works fine, also only http site with proxy also works! Http Nginx config that works:

server {
        set $service_port 54002;
        set $service_ip 192.168.2.33;
        set $domain_name cloud.example.com;

        listen *:80;
        server_name $domain_name;

        proxy_set_header Host $domain_name;

        location / {
                proxy_pass http://$service_ip:$service_port;
        }
}

What is wrong with my https config?

Bogdan Lashkov
  • 131
  • 1
  • 1
  • 8
  • logs from nginx would be useful to see? – alexus Jul 10 '17 at 15:57
  • @alexus hi! Thanks for your reply! It is the second interesting thing with this config. It doesn't leave any logs! Files in /var/log/nginx are clear – Bogdan Lashkov Jul 10 '17 at 16:46
  • take a look at Module ngx_http_log_module - http://nginx.org/en/docs/http/ngx_http_log_module.html – alexus Jul 10 '17 at 16:47
  • I have recently add this (error_log /srv/nginx_log/error.log; access_log /srv/nginx_log/access.log;) to config, restarted server and nothing inside this files – Bogdan Lashkov Jul 10 '17 at 16:59
  • @alexus There was a lag for logging, now it shows: `173.245.48.78 - - [10/Jul/2017:20:52:20 +0300] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36" 172.68.46.158 - - [10/Jul/2017:20:52:34 +0300] "GET /favicon.ico HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"` – Bogdan Lashkov Jul 10 '17 at 17:56
  • that's part of access log not error log, you may want to update question instead of comment with that information... – alexus Jul 10 '17 at 18:49
  • @alexus it is empty – Bogdan Lashkov Jul 10 '17 at 19:12

1 Answers1

0

After struggling a lot of hours with this problem I finally found an error in my server config. With nginx everything is fine, but I forgot to allow 443 port in ufw. I erroneously decided that rule "Nginx HTTP" is sufficient for both http and https connections, but in fact only 80/tcp port was open, so I entered ufw allow 443/tcp and all errors gone! @alexus and others excuse me for wasting yours time!

Bogdan Lashkov
  • 131
  • 1
  • 1
  • 8