HTTP 重定向到 nginx.conf 中的 HTTPS

Question

I have a nginx.conf in which I am running an application on localhost. I need to redirect the application from HTTP to HTTPS. In the nginx.conf , I have a configuration as below:

http {
  error_log /etc/nginx/error/error.log warn; #./nginx/error.log warn;
  client_max_body_size 20m;

  proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m;

  server {
    listen 80;
    server_name localhost; 
    return 301 https://$server_name$request_uri;
     }

  server {
    listen 443 ssl http2;

    server_name localhost; 

    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;

    ssl_certificate /etc/nginx/ssl.crt;
    ssl_certificate_key /etc/nginx/ssl.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
    ssl_prefer_server_ciphers on;

    keepalive_timeout 70;

    location / {
      proxy_pass http://localhost:80; 
      proxy_ssl_certificate /etc/nginx/ssl.crt; 
      proxy_ssl_certificate_key /etc/nginx/ssl.key; 
      proxy_ssl_verify    off;
      allow all;
      proxy_redirect          off;
      proxy_set_header   Host $host;
      proxy_set_header   X-Real-IP $remote_addr;
      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Host $server_name;
      proxy_set_header   X-Forwarded-Proto https;
      #access_log      /var/log/nginx/access.log;
      #error_log       /var/log/nginx/error.log;
      client_max_body_size    0;
      client_body_buffer_size 128k;
      proxy_connect_timeout   1200s;
      proxy_send_timeout      1200s;
      proxy_read_timeout      1200s;
      proxy_buffers           32 4k;
    }

    }

And docker-compose.yml as below:-

version: '2'
services:

  mysql:
    image: mysql:5.7.21
    restart: always
    environment:
    - MYSQL_ROOT_PASSWORD=admin
    - MYSQL_DATABASE=bookstack
    - MYSQL_USER=bookstack
    - MYSQL_PASSWORD=admin
    volumes:
    - ./mysql:/var/lib/mysql
    networks:
    - bookstack-bridge


  bookstack:
    
    image: solidnerd/bookstack:latest
    container_name: bookstack
    restart: always
    depends_on:
    - mysql
    environment:
 
    - APP_URL=http://localhost:8080

    volumes:
    - ./uploads:/var/www/bookstack/public/uploads
    - ./storage-uploads:/var/www/bookstack/public/storage
    ports:
    - 8080:8080
    networks:
    - bookstack-bridge

  nginx:
    image: nginx:latest
    container_name: bookstack-nginx
    restart: always

And in the docker-compose.yml, I do have APP_URL=http://localhost:8080 env variable.

Does anybody have an idea, what needs to be changed to redirect from HTTP to HTTPS?

Thanks in advance.

Answer 1

I customized your docker-compose-yml.

1. Your docker-compose.yml would not work for https because some parts are wrong or missing.

2. To use HTTPS you have to create the certificates with Openssl. These must be in the folder /etc/nginx/certs in the container.

3. When you put the certificates in the folder you have to set - VIRTUAL_PORT=8080 to 443 and change the APP_URL from http to https

4. When you start a service and assign it to the network "web" nginx automatically sees that a new service is registered. It automatically maps to the port specified in the image. This happens with the volume command "/tmp/docker.sock:ro". ":ro" stands for Readonly

5. If you assign a service to the network "internal" it is not accessible from the outside and Nginx ignores it. See "mysql" service.

6. With "depends_on:" i say that all services have to start before bookstack starts. This is important! First Nginx, then MySql and finally bookstack.

7. I prefer to use VIRTUAL_HOST on its own local domain. You can also use localhost there, the only important thing is that your "hosts" file in the operating system points to your external Docker IP. Example: "192.168.5.121 bookstack.local"

8. My tip! I would store the service "nginx--proxy" in a sepparate docker-compose file. Then you can easily register further services with the nginx.

Good luck with that and if you want to use Bookstack only locally HTTPS might not be that urgent now. Otherwise search for "Create Certs for Nginx local"

Before you start create the network "web":

docker network create web

version: '2.4'

services:

  mysql:
    image: mysql:5.7.21
    container_name: bookstack-mysql
    restart: unless-stopped
    networks:
      - "internal"
    healthcheck:
      test: "exit 0"
    environment:
      - MYSQL_ROOT_PASSWORD=admin
      - MYSQL_DATABASE=bookstack
      - MYSQL_USER=bookstack
      - MYSQL_PASSWORD=admin
    volumes:
      - ./docker/data/mysql:/var/lib/mysql

  bookstack:
    image: solidnerd/bookstack:0.29.3
    container_name: bookstack
    restart: unless-stopped
    networks:
      - "web"
      - "internal"
    depends_on:
      nginx--proxy:
        condition: service_started
      mysql:
        condition: service_healthy
    environment:
      - VIRTUAL_HOST=bookstack.local
      - VIRTUAL_PORT=8080
      - DB_HOST=mysql:3306
      - DB_DATABASE=bookstack
      - DB_USERNAME=bookstack
      - DB_PASSWORD=admin
      - APP_URL=http://bookstack.local
    volumes:
      - ./docker/data/uploads:/var/www/bookstack/public/uploads
      - ./docker/data/storage-uploads:/var/www/bookstack/storage/uploads

  nginx--proxy:
    image: jwilder/nginx-proxy:latest
    container_name: nginx--proxy
    restart: always
    environment:
      DEFAULT_HOST: default.vhost
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./docker/data/certs:/etc/nginx/certs
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - "web"
      - "internal"

networks:
  web:
    external: true
  internal:
    external: false

Answer 2

The solution worked for me:-

In the docker-compose.yml, in nginx service section added networks tag-

    networks:
    - bookstack-bridge

And in the nginx.conf added proxy_pass as-

proxy_pass http://bookstack:8080;

Thanks you guys for your help.