falinsky
falinsky

Reputation: 7438

docker and jwilder/nginx-proxy http/https issue

I'm using docker on osx via boot2docker.

I have 2 hosts: site1.loc.test.com and site2.loc.test.com pointed to ip address of docker host.

Both should be available via 80 and 443 ports.

So I'm using jwilder/nginx-proxy for reverse proxy purposes.

But in fact when I'm running all of them via docker-compose every time I try to open via 80 port I get redirect to 443 (301 Moved Permanently).

May be I've missed something in jwilder/nginx-proxy configuration?

docker-compose.yml

proxy:
  image: jwilder/nginx-proxy
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - certs:/etc/nginx/certs
  ports:
    - "80:80"
    - "443:443"

site1:
  image: httpd:2.4
  volumes:
    - site1:/usr/local/apache2/htdocs
  environment:
    VIRTUAL_HOST: site1.loc.test.com
  expose:
    - "80"

site2:
  image: httpd:2.4
  volumes:
    - site2:/usr/local/apache2/htdocs
  environment:
    VIRTUAL_HOST: site2.loc.test.com
  expose:
    - "80"

Upvotes: 8

Views: 10746

Answers (3)

Yuci
Yuci

Reputation: 30219

To serve traffic in both SSL and non-SSL modes without redirecting to SSL, you can include the environment variable HTTPS_METHOD=noredirect (the default is HTTPS_METHOD=redirect).

HTTPS_METHOD must be specified on each container for which you want to override the default behavior.

Here is an example Docker Compose file:

version: '3'

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./config/certs:/etc/nginx/certs
    environment:
      DEFAULT_HOST: my.example.com

  app:
    build:
      context: .
      dockerfile: ./Dockerfile
    environment:
      HTTPS_METHOD: noredirect
      VIRTUAL_HOST: my.example.com

Note: As in this example, environment variable HTTPS_METHOD must be set on the app container, not the nginx-proxy container.

Ref: How SSL Support Works section for the jwilder/nginx-proxy Docker image.

Upvotes: 2

tworabbits
tworabbits

Reputation: 1213

Just to keep this topic up to date, the jwilder/nginx-proxy meanwhile introduced a flag for that: HTTPS_METHOD=noredirect; To be set as environment variable.

Further reading on github

Upvotes: 7

Alexis N-o
Alexis N-o

Reputation: 3993

I think your configuration should be correct, but it seems that this is the intended behaviour of jwilder/nginx-proxy. See these lines in the file nginx.tmpl: https://github.com/jwilder/nginx-proxy/blob/master/nginx.tmpl#L89-L94

It seems that if a certificate is found, you will always be redirected to https.


EDIT: I found the confirmation in the documentation

The behavior for the proxy when port 80 and 443 are exposed is as follows:

  • If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS is always preferred when available.

You can still use a custom configuration. You could also try to override the file nginx.tmpl in a new Dockefile .

Upvotes: 6

Related Questions