Can't visit by domain after proxy configure via Nginx

Guoyi · March 10, 2021, 2:50pm

My Nginx configure is

server {
            listen 80;
            server_name cloud.malacology.net;
            return 301 https://$server_name$request_uri;
}
server {
    listen 443;
    server_name cloud.malacology.net;
    ssl_certificate /etc/ssl/cloud/1_cloud.malacology.net_bundle.crt;
    ssl_certificate_key /etc/ssl/cloud/2_cloud.malacology.net.key;
    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/access.log;

    location /syncthing/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://my_IP:8384;
        proxy_read_timeout 600s;
        proxy_send_timeout 600s;
#       proxy_redirect http://my_IP:8384 https://cloud.malacology.net;
    }
}

I install via docker, the command is

docker run -p 8384:8384 -p 22000:22000 -v /home/admin/syncthing:/var/syncthing syncthing/syncthing:latest

I can visit it via IP:port, but when I visit domain, it doesn’t work and only know welcome to nginx or redirect too many

bt90 · March 10, 2021, 3:43pm

What’s up with the proxy_redirect line? Did you configure Syncthing to use TLS? You would need to use https:// in that case.

Btw: you’re missing the 22000/udp port forwarding

Guoyi · March 10, 2021, 3:47pm

I use HTTPS. you can see my docker command, there is 22000. You mean this?

server {
    listen 443;
    server_name cloud.malacology.net;
    ssl_certificate /etc/ssl/cloud/1_cloud.malacology.net_bundle.crt;
    ssl_certificate_key /etc/ssl/cloud/2_cloud.malacology.net.key;
    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/access.log;

    location /syncthing/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://localhost:8384;
        proxy_read_timeout 600s;
        proxy_send_timeout 600s;
        proxy_redirect https://localhost:8384 https://cloud.malacology.net;
    }
}

But it is not okay still.

Guoyi · March 10, 2021, 3:50pm

Sorry, I may not understand your meaning, could you give me an example?

bt90 · March 10, 2021, 4:15pm

proxy_redirect is nowhere mentined in the docs. Delete this line.

But is syncthing(without your reverse proxy) configured to use HTTPS? You would have to use this then:

proxy_pass https://my_IP:8384;

To use docker with 22000 tcp+udp:

-p 22000:22000/tcp -p 22000:22000/udp

Guoyi · March 10, 2021, 4:49pm

Thanks. Now my nginx configure is

server {
    listen 443;
    server_name cloud.malacology.net;
    ssl_certificate /etc/ssl/cloud/1_cloud.malacology.net_bundle.crt;
    ssl_certificate_key /etc/ssl/cloud/2_cloud.malacology.net.key;
    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/access.log;

    location /syncthing/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://my_IP:8384;
        proxy_read_timeout 600s;
        proxy_send_timeout 600s;
#        proxy_redirect https://localhost:8384 https://cloud.malacology.net;
    }
}

Then I remove the docker container and start with the command and error is reposrted

docker: Error response from daemon: driver failed programming external connectivity on endpoint sleepy_wu (2ac1b5eaa9072b26ee76f75483564e9d74d3e10b6426ebdcde450d3559770c07): Bind for 0.0.0.0:22000 failed: port is already allocated.

Then I remove all the container, and use the command

docker run -p 8384:8384 -p 22000:22000/tcp -p 22000:22000/udp -v /home/admin/syncthing:/var/syncthing syncthing/syncthing:latest

but the web still show

Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

bt90 · March 10, 2021, 5:02pm

You’re using the wrong URL.

https://cloud.malacology.net/syncthing

The path is specified via location

Guoyi · March 10, 2021, 5:14pm

Thanks for your help, now it’s okay. Thanks for your nice and kind help again. Best regards, Guoyi

bt90 · March 10, 2021, 6:33pm

You should also update your SSL config. This is horribly outdated. No one should use TLS1.0 or TLS1.1 anymore.

Stick with the nginx defaults or apply these settings:

system · April 9, 2021, 6:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.