https代理到localhost后的nginx超时

Question

I want to run one docker-compose with Nginx which will be only a proxy to other docker-compose services.

Here is my docker-compose.yml with proxy:

version: '2'

services:
    storage:
        image: nginx:1.11.13
        entrypoint: /bin/true
        volumes:
            - ./config/nginx/conf.d:/etc/nginx/conf.d
            - /path_to_ssl_cert:/path_to_ssl_cert
    proxy:
        image: nginx:1.11.13
        ports:
            - "80:80"
            - "443:443"
        volumes_from:
            - storage
        network_mode: "host"

So it will grap all connections to port 80 or 443 and proxy them to services specified in ./config/nginx/conf.d directory.

Here is example service ./config/nginx/conf.d/domain_name.conf :

server {
    listen 80;
    listen 443 ssl;
    server_name domain_name.com;

    ssl_certificate     /path_to_ssl_cert/cert;
    ssl_certificate_key /path_to_ssl_cert/privkey;

    return 301 https://www.domain_name.com$request_uri;
}

server {
    listen 80;
    server_name www.domain_name.com;

    return 301 https://www.domain_name.com$request_uri;

#    If you uncomment this section and comment return line it's works
#    location ~ {
#        proxy_pass http://localhost:8888;
#        # or proxy to https, doesn't matter 
#        #proxy_pass https://localhost:4433;
#    }
}

server {
    listen 443 ssl;
    server_name www.domain_name.com;

    ssl on;
    ssl_certificate     /path_to_ssl_cert/cert;
    ssl_certificate_key /path_to_ssl_cert/privkey;

    location ~ {
        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Client-Verify SUCCESS;
        proxy_set_header X-Client-DN     $ssl_client_s_dn;
        proxy_set_header X-SSL-Subject   $ssl_client_s_dn;
        proxy_set_header X-SSL-Issuer    $ssl_client_i_dn;

        proxy_pass https://localhost:4433;
#       like before
#       proxy_pass http://localhost:8888;
    }
}

It's redirect all request http://domain_name.com , https://domain_name.com and http://www.domain_name.com to https://www.domain_name.com and proxy it to specific localhost service.

Here is my specific service docker-compose.yml

version: '2'

services:
    storage:
        image: nginx:1.11.13
        entrypoint: /bin/true
        volumes:
            - /path_to_ssl_cert:/path_to_ssl_cert
            - ./config/nginx/conf.d:/etc/nginx/conf.d
            - ./config/php:/usr/local/etc/php
            - ./config/php-fpm.d:/usr/local/etc/php-fpm.d
            - php-socket:/var/share/php-socket
    www:
        build:
            context: .
            dockerfile: ./Dockerfile_www
        image: domain_name_www
        ports:
            - "8888:80"
            - "4433:443"
        volumes_from:
            - storage
        links:
            - php
    php:
        build:
            context: .
            dockerfile: ./Dockerfile_php
        image: domain_name_php
        volumes_from:
            - storage

volumes:
    php-socket:

So when you go to http://www.domain_name.com:8888 or https://www.domain_name.com:4433 you will get content. When you curl to localhost:8888 or https://localhost:4433 from server where docker is running you will get content too.

And now my issue.

When I go to browser and type domain_name.com , www.domain_name.com or https://www.domain_name.com nothing happen. Even when I curl to this domain from my local machine I got timeout.

I have search some info "nginx proxy https to localhost" but noting works for me.

Answer 1

I have solution!

When I setup network_mode: "host" in docker-compose.yml for my proxy I thought that ports: entries still are working but not.

Now proxy works in my host network so it use local ports and omit ports: entries from docker-compose.yml . That's mean I have manually open ports 80 and 443 on my server.