zealousSloth
zealousSloth

Reputation: 45

Nginx Reverse Proxy Problem: Using Docker-compose and Rundeck

Setting up my rundeck application within a docker container and using nginx to reverse proxy. Presume my problem is originating from the proxy that is being received back into the server.

When I access the desired URL (https://vmName.Domain.corp/rundeck) I am able to see the login page, even though it doesn't have any UI. Once I enter the default admin:admin information I am directed to a 404 page. I pasted below one of the error logs from the docker-compose logs. You'll notice it's going to /etc/nginx to find rundeck's logo.

I can't determine if the problem is in my docker-compose file or nginx' config file.

Example of error log:

    production_nginx | 2021-02-04T08:17:50.770544192Z 2021/02/04 08:17:50 [error] 29#29: *8 open() "/etc/nginx/html/assets/jquery-aafa4de7f25b530ee04ba20028b2d154.js" failed (2: No such file or directory), client: 10.243.5.116, server: vmName.Domain.corp, request: "GET /assets/jquery-aafa4de7f25b530ee04ba20028b2d154.js HTTP/1.1", host: "vmName.Domain.corp", referrer: "https://vmName.Domain.corp/rundeck/user/login"

If curious, I can access Rundeck's logo if I go to: https://vmName.Domain.corp/rundeck/assets/jquery-aafa4de7f25b530ee04ba20028b2d154.js"

Here's more information on my set-up

/nginx/sites-enabled/docker-compose.yml (main machine)

rundeck:
        image: ${RUNDECK_IMAGE:-jordan/rundeck:latest}
        container_name: production_rundeck
        ports:
            - 4440:4440
        environment:
            RUNDECK_GRAILS_SERVER_URL: "https://vmName.Domain.corp/rundeck"
            RUNDECK_GRAILS_URL: "https://vmName.Domain.corp/rundeck"
            RUNDECK_SERVER_FORWARDED: "true"
            RDECK_JVM_SETTINGS: "-Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server -Dfile.encoding=UTF-8 -Drundeck.jetty.connector.forwarded=true -Dserver.contextPath=/rundeck -Dserver.https.port:4440"
            #RUNDECK_SERVER_CONTEXTPATH: "https://vmName.Domain.corp/rundeck"
            RUNDECK_MAIL_FROM: "[email protected]"
            EXTERNAL_SERVER_URL: "https://vmName.Domain.corp/rundeck"
            SERVER_URL: "https://vmName.Domain.corp/rundeck"
        volumes:
            - /etc/rundeck:/etc/rundeck
            - /var/rundeck
            - /var/lib/mysql
            - /var/log/rundeck
            - /opt/rundeck-plugins



    nginx:
        image: nginx:latest
        container_name: production_nginx
        links:
            - rundeck
        volumes:
            - /etc/nginx/sites-enabled:/etc/nginx/conf.d
        depends_on:
            - rundeck
        ports:
            - 80:80
            - 443:443
        restart: always


networks:
    default:
        external:
            name: vmName

nginx/sites-enabled/default.conf (main machine)

    # Route all HTTP traffic through HTTPS
    # ====================================
    server {
        listen 80;
        server_name vmName;
        return 301 https://vmName$request_uri;
    }

    server {
        listen 443 ssl;
        server_name vmName;
        ssl_certificate /etc/nginx/conf.d/vmName.Domain.corp.cert;
        ssl_certificate_key /etc/nginx/conf.d/vmName.Domain.corp.key;
        return 301 https://vmName.Domain.corp$request_uri;
    }
    # ====================================


    # Main webserver route configuration
    # ====================================
    server {
        listen 443 ssl;
        server_name vmName.Domain.corp;
        ssl_certificate /etc/nginx/conf.d/vmName.Domain.corp.cert;
        ssl_certificate_key /etc/nginx/conf.d/vmName.Domain.corp.key;
    #===========================================================================#

        ## MAIN PAGE
    location /example-app {
        rewrite ^/example-app(.*) /$1 break;
        proxy_pass http://example-app:5000/;
        proxy_set_header    Host                $host/example-app;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
    }

    # #Rundeck
        location /rundeck/ {
    #       rewrite ^/rundeck(.*) /$1 break;
            proxy_pass http://rundeck:4440/;
            proxy_set_header    Host                $host/rundeck;
            proxy_set_header    X-Real-IP           $remote_addr;
            proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto   $scheme;
            }

    }

[image container]/etc/rundeck/ rundeck-config.properties:

    # change hostname here
    grails.serverURL=https://vmName.Domain.corp/rundeck
    grails.mail.default.from = [email protected]
    server.useForwardHeaders = true

[image container]/etc/rundeck/ framework.properties:

    framework.server.name = vmName.Domain.corp
    framework.server.hostname = vmName.Domain.corp
    framework.server.port = 443
    framework.server.url = https://vmName.Domain.corp/rundeck

Upvotes: 0

Views: 1019

Answers (1)

MegaDrive68k
MegaDrive68k

Reputation: 4325

It seems related to the Rundeck image/network problem, I did a working example with the official one, take a look:

nginx.conf (located at config folder, check the docker-compose file volumes section):

server {
    listen 80 default_server;
    server_name rundeck-cl;

    location / {
        proxy_pass http://rundeck:4440;
     }
}

docker-compose:

version: "3.7"
services:
  rundeck:
    build:
      context: .
      args:
        IMAGE: ${RUNDECK_IMAGE:-rundeck/rundeck:3.3.9}
    container_name: rundeck-nginx
    ports:
    - 4440:4440
    environment:
      RUNDECK_GRAILS_URL: http://localhost
      RUNDECK_SERVER_FORWARDED: "true"
  nginx:
    image: nginx:alpine
    volumes:
      - ./config/nginx.conf:/etc/nginx/conf.d/default.conf:ro
    ports:
    - 80:80

Dockerfile:

ARG IMAGE
FROM ${IMAGE}

Build with: docker-compise build and run with docker-compose up.

rundeck-config.properties content:

#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
rdeck.base=/home/rundeck

#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
rss.enabled=false

# Bind address and server URL
server.address=0.0.0.0
server.servlet.context-path=/
grails.serverURL=http://localhost

server.servlet.session.timeout=3600

dataSource.dbCreate = update
dataSource.url = jdbc:h2:file:/home/rundeck/server/data/grailsdb;MVCC=true
dataSource.username = 
dataSource.password = 

#Pre Auth mode settings
rundeck.security.authorization.preauthenticated.enabled=false
rundeck.security.authorization.preauthenticated.attributeName=REMOTE_USER_GROUPS
rundeck.security.authorization.preauthenticated.delimiter=,

# Header from which to obtain user name
rundeck.security.authorization.preauthenticated.userNameHeader=X-Forwarded-Uuid

# Header from which to obtain list of roles
rundeck.security.authorization.preauthenticated.userRolesHeader=X-Forwarded-Roles

# Redirect to upstream logout url
rundeck.security.authorization.preauthenticated.redirectLogout=false
rundeck.security.authorization.preauthenticated.redirectUrl=/oauth2/sign_in

rundeck.api.tokens.duration.max=30d
rundeck.log4j.config.file=/home/rundeck/server/config/log4j.properties
rundeck.gui.startpage=projectHome
rundeck.clusterMode.enabled=true

rundeck.security.httpHeaders.enabled=true
rundeck.security.httpHeaders.provider.xcto.enabled=true
rundeck.security.httpHeaders.provider.xxssp.enabled=true
rundeck.security.httpHeaders.provider.xfo.enabled=true
rundeck.security.httpHeaders.provider.csp.enabled=true
rundeck.security.httpHeaders.provider.csp.config.include-xcsp-header=false
rundeck.security.httpHeaders.provider.csp.config.include-xwkcsp-header=false

rundeck.storage.provider.1.type=db
rundeck.storage.provider.1.path=keys

rundeck.projectsStorageType=db

framework.properties file content:

# framework.properties -
#

# ----------------------------------------------------------------
# Server connection information
# ----------------------------------------------------------------

framework.server.name = 85845cd30fe9
framework.server.hostname = 85845cd30fe9
framework.server.port = 4440
framework.server.url = http://localhost

# ----------------------------------------------------------------
# Installation locations
# ----------------------------------------------------------------

rdeck.base=/home/rundeck

framework.projects.dir=/home/rundeck/projects
framework.etc.dir=/home/rundeck/etc
framework.var.dir=/home/rundeck/var
framework.tmp.dir=/home/rundeck/var/tmp
framework.logs.dir=/home/rundeck/var/logs
framework.libext.dir=/home/rundeck/libext

# ----------------------------------------------------------------
# SSH defaults for node executor and file copier
# ----------------------------------------------------------------

framework.ssh.keypath = /home/rundeck/.ssh/id_rsa
framework.ssh.user = rundeck

# ssh connection timeout after a specified number of milliseconds.
# "0" value means wait forever.
framework.ssh.timeout = 0

# ----------------------------------------------------------------
# System-wide global variables.
# ----------------------------------------------------------------

# Expands to ${globals.var1}
#framework.globals.var1 = value1

# Expands to ${globals.var2}
#framework.globals.var2 = value2
rundeck.server.uuid = a14bc3e6-75e8-4fe4-a90d-a16dcc976bf6

Upvotes: 0

Related Questions