Reputation: 127
HTTPS with nginx, fastAPI, docker
I'm using nginx for my FARM stack app. I'm running into an issue with my APIs not going through HTTPS it works on HTTP. I've tried removing the server 80 block still getting the same issue.
Here's the error
docker-fastapi | [2021-04-10 01:02:36 +0000] [9] [WARNING] Invalid HTTP request received. proxy-app | 2021/04/10 01:02:36 [error] 22#22: *15 peer closed connection in SSL handshake while SSL handshaking to upstream, client: 192.168.249.11, server: xxxx, request: "GET /api/ HTTP/1.1", upstream: "https://192.168.160.2:8080/api/", host: "xxx"
Heres the nginx conf file
upstream docker_fastapi {
server docker-fastapi:8080;
}
server {
listen 80;
location ~ /api/ {
proxy_pass http://docker_fastapi;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl default_server;
server_name xxxx;
client_max_body_size 12m;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/nginx.crt;
ssl_certificate_key /etc/ssl/nginx.key;
server_tokens off;
add_header X-Frame-Options sameorigin always;
add_header X-Content-Type-Options nosniff;
add_header Cache-Control "no-cache";
add_header X-XSS-Protection "1; mode=block";
add_header Set-Cookie "lcid=1043; Max-Age=60";
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location ~ /api/ {
proxy_pass https://docker_fastapi;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_ssl_server_name on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
I pretty much copied this repo to try to get HTTPS to work https://github.com/geekyjaat/fastapi-react
Upvotes: 6
Views: 5702
Answers (1)
Reputation: 5411
Currently, your proxy passes the request to your API at https://192.168.160.2:8080/api/. However, the HTTPS certificate relies on the domain name. When you use an IP address, there will be an error about SSL connection between Nginx and upstream as you can see in the log :
closed connection in SSL handshake while SSL handshaking to upstream
You can run your API in HTTP. To pass the request to your API from the nginx proxy, change your configuration in the server 443 block from :
proxy_pass https://docker_fastapi;
to :
proxy_pass http://docker_fastapi;
Upvotes: 5
Related Questions
- React, FastAPI, nginx not working when add `--root-path /api` to FastAPI
- How to configure Nginx reverse proxy properly?
- Nginx With SSL and Frontend + Backend same server
- nginx redirect api call from https to http
- Nginx SSL for Docker Apps
- Set up nginx proxy for react application
- nginx + docker: http to https redirection
- Nginx configuration for SSL - React - Node - Cloudflare
- Set up https access to nginx docker container
- Docker with Nginx - Https not working