francescou/docker-compose-ui

Compose UI behind proxy

bergtwvd opened this issue · 10 comments

I need to run Docker ComposeUI and several other services behind a nginx proxy, on host abc.com The main portal must be accessible on https://abc.com. I want to redirect requests for service xxx from https://abc.com/xxx to 127.0.0.1/xxx. where xxx is the Docker ComposeUI. Below the nginx config file I have in mind, where xxx needs to be replaced by the compose UI service name.

How can I make this work for Docker ComposeUI?

nginx.conf file:

events {
    worker_connections  1024;
}

http {
  upstream portal {
    server 127.0.0.1:4000;
  }

  upstream composeui {
    server 127.0.0.1:4001;
  }

  map $http_upgrade $connection_upgrade {
      default upgrade;
      '' close;
  }

  server {
    listen 443 ssl;
    server_name abc.com;

    # SSL
    ssl_certificate /etc/nginx/conf.d/domain.crt;
    ssl_certificate_key /etc/nginx/conf.d/domain.key;

    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On
_nginx.html
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    # To add basic authentication to v2 use auth_basic setting.
    auth_basic "My realm";
    auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;

    location / {
      proxy_http_version 1.1;
      proxy_set_header Host              $http_host;   # required for docker cli
ent's sake
      proxy_set_header X-Real-IP         $remote_addr; # pass on real client's I
P
      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_read_timeout                 900;

      proxy_pass http://portal;
    }

    location /xxx {
      proxy_http_version 1.1;
      proxy_set_header  Host              $http_host;   # required for docker cl
ient's sake
      proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's
IP
      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header  X-Forwarded-Proto $scheme;
      proxy_read_timeout                  900;

      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_pass http://composeui;
    }
  }
}

Hello @bergtwvd
the easiest solution would be to use a subdomain (e.g. docker-compose-ui.abc.com).

otherwise, I think you could rewrite the URL (see #43)

I think there is something missing in the nginx config in #43, since my nginx.conf is similar.
Is a rewrite rule missing?

try something like this:

location /docker-compose-ui/ {
        proxy_pass   http://docker-compose-ui:5000;
        rewrite ^/docker-compose-ui/(.*)$ /$1 break;
}

Yes, I added a similar rule: rewrite ^/composeui(.*)$ $1 break;

and it seems to work with a few caveats:

  • I have to explicitly add a "/" at the end of the ComposeUI URL to avoid a bad gateway message;
  • The project logo.png images do not show up on the project buttons.

To get the logos I had to add the following to nginx.conf

    location /api {
      proxy_pass http://composeui;
    }

The logo seems to be the only resource where /api/v1/projects/.... was used rather than /composeui/api/v1/projects/....

I've fixed the logos path in docker-compose-ui:latest

you can use the following workaround to avoid the bad gateway error:

location /docker-compose-ui {
        rewrite (.*) /docker-compose-ui/;
}

I downloaded latest and the logos now show up, without using the /api rewrite rule.

I also tested:

location /docker-compose-ui {
        rewrite (.*) /docker-compose-ui/;
}

with the following effect:

When I refer to Docker ComposeUI with https://abc.com/composeui then I get the compose page without styles applied.

When I refer to Docker ComposeUI with https://abc.com/composeui/ then I get the page with styles applied.

nginx file is:

events {
    worker_connections  1024;
}

http {
  upstream portal {
    server portal:8080;
  }

  upstream composeui {
    server composeui:5000;
  }

  upstream portainer {
    server portainer:9000;
  }

  map $http_upgrade $connection_upgrade {
      default upgrade;
      '' close;
  }

  server {
    listen 443 ssl;
#    listen 443;
    server_name localhost;

    # SSL
    ssl_certificate /etc/nginx/conf.d/domain.crt;
    ssl_certificate_key /etc/nginx/conf.d/domain.key;

    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    # To add basic authentication to v2 use auth_basic setting.
    auth_basic "My realm";
    auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;

    proxy_http_version 1.1;
    proxy_set_header Host              $http_host;   # required for docker client's sake
    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout                 900;

    location / {
      proxy_pass http://portal/;
    }

    location /composeui {
      rewrite (.*) /composeui/ last;
    }

    location /composeui/ {
      rewrite ^/composeui/(.*)$ /$1 break;
      proxy_pass http://composeui;
    }

    location /portainer/ {
      proxy_set_header Connection "";
      proxy_buffers 32 4k;
      proxy_pass http://portainer/;
    }

    location /portainer/api/websocket/ {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_pass http://portainer/api/websocket/;
    }

  }
}

try this:

location /docker-compose-ui {
        rewrite .* ./docker-compose-ui/ redirect;
}

The redirect flag works. I expected the last flag to do the trick; unclear why this flag does not work.

Let's close the issue for now, with this work around.