Compose UI behind proxy
bergtwvd opened this issue · 10 comments
I need to run Docker ComposeUI and several other services behind a nginx proxy, on host abc.com
The main portal must be accessible on https://abc.com. I want to redirect requests for service xxx
from https://abc.com/xxx
to 127.0.0.1/xxx
. where xxx
is the Docker ComposeUI. Below the nginx config file I have in mind, where xxx
needs to be replaced by the compose UI service name.
How can I make this work for Docker ComposeUI?
nginx.conf file:
events {
worker_connections 1024;
}
http {
upstream portal {
server 127.0.0.1:4000;
}
upstream composeui {
server 127.0.0.1:4001;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
server_name abc.com;
# SSL
ssl_certificate /etc/nginx/conf.d/domain.crt;
ssl_certificate_key /etc/nginx/conf.d/domain.key;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On
_nginx.html
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# To add basic authentication to v2 use auth_basic setting.
auth_basic "My realm";
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host; # required for docker cli
ent's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's I
P
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_pass http://portal;
}
location /xxx {
proxy_http_version 1.1;
proxy_set_header Host $http_host; # required for docker cl
ient's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's
IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://composeui;
}
}
}
I think there is something missing in the nginx config in #43, since my nginx.conf is similar.
Is a rewrite rule missing?
try something like this:
location /docker-compose-ui/ {
proxy_pass http://docker-compose-ui:5000;
rewrite ^/docker-compose-ui/(.*)$ /$1 break;
}
Yes, I added a similar rule: rewrite ^/composeui(.*)$ $1 break;
and it seems to work with a few caveats:
- I have to explicitly add a "/" at the end of the ComposeUI URL to avoid a bad gateway message;
- The project
logo.png
images do not show up on the project buttons.
To get the logos I had to add the following to nginx.conf
location /api {
proxy_pass http://composeui;
}
The logo seems to be the only resource where /api/v1/projects/....
was used rather than /composeui/api/v1/projects/...
.
I've fixed the logos path in docker-compose-ui:latest
you can use the following workaround to avoid the bad gateway error:
location /docker-compose-ui {
rewrite (.*) /docker-compose-ui/;
}
I downloaded latest and the logos now show up, without using the /api
rewrite rule.
I also tested:
location /docker-compose-ui {
rewrite (.*) /docker-compose-ui/;
}
with the following effect:
When I refer to Docker ComposeUI with https://abc.com/composeui
then I get the compose page without styles applied.
When I refer to Docker ComposeUI with https://abc.com/composeui/
then I get the page with styles applied.
nginx file is:
events {
worker_connections 1024;
}
http {
upstream portal {
server portal:8080;
}
upstream composeui {
server composeui:5000;
}
upstream portainer {
server portainer:9000;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
# listen 443;
server_name localhost;
# SSL
ssl_certificate /etc/nginx/conf.d/domain.crt;
ssl_certificate_key /etc/nginx/conf.d/domain.key;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# To add basic authentication to v2 use auth_basic setting.
auth_basic "My realm";
auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
proxy_http_version 1.1;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
location / {
proxy_pass http://portal/;
}
location /composeui {
rewrite (.*) /composeui/ last;
}
location /composeui/ {
rewrite ^/composeui/(.*)$ /$1 break;
proxy_pass http://composeui;
}
location /portainer/ {
proxy_set_header Connection "";
proxy_buffers 32 4k;
proxy_pass http://portainer/;
}
location /portainer/api/websocket/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://portainer/api/websocket/;
}
}
}
try this:
location /docker-compose-ui {
rewrite .* ./docker-compose-ui/ redirect;
}
The redirect
flag works. I expected the last
flag to do the trick; unclear why this flag does not work.
Let's close the issue for now, with this work around.