0

I'm updating a legacy api to have a better dev experience. I have dockerized nginx and a java api and am managing them with vscode dev-containers plugin. There is another project that runs on node that currently is not dockerized and runs on my host machine (macOS). Previously nginx was configured on the host machine to allow https requests from the node client app to the java api. I need to have that same functionality without dockerizing the node app (yet).

I followed the steps in this post to sign my certs. There is an admin login page on the java api. When I try to access an admin page via https://localhost I get served the page fine. So no issues there.

The previous configuration expected you to have an entry on the hosts file 127.0.0.1 website in order to navigate to the the node app via https. This isn't working anymore with the dockerized nginx. I'm open to any suggestions as I've been spinning my wheels for a while.

This is my current nginx.conf file

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    upstream backend {
        # app is the java api docker service; this was localhost:8080 in the old configuration
        server app:8080;
    }

    upstream frontend {
        # points to the port where the node app is running on the host machine. Used to be localhost:4000
        server host.docker.internal:4000;
    }

    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /etc/nginx/certs/server.crt;
        ssl_certificate_key  /etc/nginx/certs/server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            proxy_pass http://backend;
        }
    }

    server {
        listen       443 ssl;
        server_name  website;

        ssl_certificate      /etc/nginx/certs/website.crt;
        ssl_certificate_key  /etc/nginx/certs/website.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            proxy_pass http://frontend;
        }
    }

    include servers/*;
}

Here is my docker-compose.yml

version: '3.8'

services:
  app:
    user: vscode
    build:
      context: ..
      dockerfile: .devcontainer/Dockerfile
    volumes:
      - ..:/workspace:cached
      - ./app/repository:/home/vscode/.m2/repository:cached
    ports:
      - "8080:8080"
    command: sleep infinity
  web:
    image: nginx:1.19.1-alpine
    ports:
      - "8082:8082"
      - "443:443"
      - "80:80"
    volumes: 
      - ./web/certs:/etc/nginx/certs
WhyAyala
  • 647
  • 7
  • 29
  • you should able to access the host service `host.docker.internal:4000` is there any error? – Adiii Jul 30 '20 at 02:09
  • I can ping it from the nginx container fine. When I try to navigate to `https://website` in a browser I get an error from the browser saying that the cert is invalid. Even if I bypass that warning to get to the node app, when i send a request to the dockerized api, I get an error in the console about the invalid cert. – WhyAyala Jul 30 '20 at 13:50

0 Answers0