HTTPS (for NGINX)

Question

HTTPS (for NGINX)

Closed this issue 8 months ago · 4 comments

Hi.

Although I haven't worked with Docker containers yet, I tested this container (0.9.4-nginx) in Unraid.
While I configured the Unraid WebUI to HTTPS ([6.12.6]/Settings/ManagementAccess/'Use SSL/TLS' = YES), I found no possibility to do the same for Baikal, e.g. specific container parameters.

Of course it is possible to edit the e.g. nginx.conf file directly in the container.
But what willl happen if I update the container in the future?
What happens if I restart Unraid?

Thanks

Answer 1 · 2024-01-19T13:36:49.000Z

I'm in a similar boat: I'm running Baikal behind a reverse proxy that handles HTTPS termination. But the rendered Baikal URLs for e.g. CSS are seemingly all hardcoded to use HTTP and I fail to see a configuration option for Baikal. Something like assume_ssl would be great.

Currently I can access the login page via HTTPS, but the form will try to redirect to HTTP and no resources will load:

Answer 2 · 2024-01-27T11:44:32.000Z

Hi @hallabalooza ,

Unfortunately I'm unfamiliar with Unraid, but from what I understood in docs/unraid-installation-guide.md, you need a way to serve the SSL certificate, it's not something Unraid does out of the box for you.

Can you share details on the setup, e.g. if you are using Traefik+Let's Encrypt, one of the Let's Encrypt clients, or a certificate file that you manage yourself?

Regarding modifying the nginx.conf file and what happens when you update/restart:

Files modified in the container are resetted, once the container is recreated
You can save those file modifications using volume, where your mount a file or folder into the container
An example for mounting a file, e.g. a custom nginx.conf, from the disk into the container is here: examples/docker-compose.ssl.yaml#L39-L40
docs/unraid-installation-guide.md also mentions mounts and how it's done in Unraid, the only difference I could spot for the nginx.conf file would be that you'd only mount a single file, not an entire directory

Hi @MarcusRiemer ,

Could this be because some HTTP headers are not passed through?

Traefik for example sets some HTTP headers to indicate that the original request was an HTTPS:

X-Forwarded-Host: <your domain>
X-Forwarded-Port: 443
X-Forwarded-Proto: https

I could imagine that X-Forwarded-Proto: https is missing and why the resources are all pointing to HTTP instead of HTTPS.

Answer 3 · 2024-05-07T02:09:40.000Z

This issue looks inactive, I will close it in 7 days.

Answer 4 · 2024-05-15T02:10:42.000Z

Closing this issue due to inactivity.