Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEFAULT_ROOT not working? #2150

Closed
MaxPowers1337 opened this issue Jan 26, 2023 · 2 comments
Closed

DEFAULT_ROOT not working? #2150

MaxPowers1337 opened this issue Jan 26, 2023 · 2 comments

Comments

@MaxPowers1337
Copy link

MaxPowers1337 commented Jan 26, 2023
edited by buchdag

Hello,

I'm using the current latest version (as of now) which should have already implemented (#2146).
I'd have espected the DEFAULT_ROOT=none (from #2146) env-var to not generate a location / within the vhost.
Is there something i'm missing or doing wrong?

"NGINX_VERSION=1.23.3",
"NJS_VERSION=0.7.9",
"PKG_RELEASE=1~bullseye",
"NGINX_PROXY_VERSION=1.1.0-13-gf8ae0a4",
"DOCKER_GEN_VERSION=0.9.4",

my containers:

container1:
    image: myimage:latest
    container_name: container1
    networks:
      - no-internet
    expose:
      - 8080
    restart: unless-stopped
    environment:
      - LETSENCRYPT_HOST=mydomain.com
      - LETSENCRYPT_EMAIL=mail@mydomain.com
      - /etc/localtime:/etc/localtime:ro
      - TZ=Europe/London
      - VIRTUAL_HOST=mydomain.com
      - VIRTUAL_PATH=/
      - DEFAULT_ROOT=none

  container2:
    container_name: container2
    restart: unless-stopped
    depends_on:
      - container1
    expose:
      - 5000
    networks:
      - internet
      - no-internet
    build:
      context: ./container2/
      dockerfile: Dockerfile
    environment:
      - VIRTUAL_HOST=mydomain.com
      - VIRTUAL_PATH=~^/(bla|foo)
      - VIRTUAL_PORT=5000
      - LETSENCRYPT_HOST=mydomain.com
      - LETSENCRYPT_EMAIL=mail@mydomain.com
      - /etc/localtime:/etc/localtime:ro

  proxy:
    image: nginxproxy/proxy:latest
    container_name: proxy
    networks:
      - internet
      - no-internet
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - htpasswd:/etc/nginx/htpasswd:ro
      - certs:/etc/nginx/certs:ro
      - vhost:/etc/nginx/vhost.d:rw
      - html:/usr/share/nginx/html:rw
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
    environment:
        - ENABLE_IPV6=true

The generated nginx-configuration

# mydomain.com/
upstream mydomain.com-42099b4af021e53fd8fd4e056c2568d7c2e3ffa8 {
    # Exposed ports: [{   8080  tcp }]
    # Default virtual port: 8080
    # VIRTUAL_PORT: <no value>
    # Cannot connect to network 'no-internet' of this container
    ## Can be connected with "no-internet" network
    # container1
    server 172.27.0.8:8080;
}
# mydomain.com~^/(bla|foo)
upstream mydomain.com-e15eed02fb5860d3fbe9bcb262b55c805e707de9 {
    # Exposed ports: [{   5000  tcp }]
    # Default virtual port: 5000
    # VIRTUAL_PORT: 5000
    ## Can be connected with "internet" network
    # container2
    server 172.26.0.7:5000;
    # Cannot connect to network 'no-internet' of this container
    # Cannot connect to network 'internet' of this container
    ## Can be connected with "no-internet" network
    # container2
    server 172.27.0.9:5000;
}
server {
    server_name mydomain.com;
    listen 80 ;
    listen [::]:80 ;
    access_log /var/log/nginx/access.log vhost;
    # Do not HTTPS redirect Let's Encrypt ACME challenge
    location ^~ /.well-known/acme-challenge/ {
        auth_basic off;
        auth_request off;
        allow all;
        root /usr/share/nginx/html;
        try_files $uri =404;
        break;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    server_name mydomain.com;
    access_log /var/log/nginx/access.log vhost;
    listen 443 ssl http2 ;
    listen [::]:443 ssl http2 ;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/mydomain.com.crt;
    ssl_certificate_key /etc/nginx/certs/mydomain.com.key;
    ssl_dhparam /etc/nginx/certs/mydomain.com.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/mydomain.com.chain.pem;
    set $sts_header "";
    if ($https) {
        set $sts_header "max-age=31536000";
    }
    add_header Strict-Transport-Security $sts_header always;
    include /etc/nginx/vhost.d/mydomain.com;
    location / {
        proxy_pass http://mydomain.com-42099b4af021e53fd8fd4e056c2568d7c2e3ffa8;
        auth_basic "Restricted mydomain.com";
        auth_basic_user_file /etc/nginx/htpasswd/mydomain.com;
    }
    location ~^/(bla|foo) {
        proxy_pass http://mydomain.com-e15eed02fb5860d3fbe9bcb262b55c805e707de9;
        auth_basic "Restricted mydomain.com";
        auth_basic_user_file /etc/nginx/htpasswd/mydomain.com;
    }
}

# configuration file /etc/nginx/vhost.d/default:
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
    auth_basic off;
    auth_request off;
    allow all;
    root /usr/share/nginx/html;
    try_files $uri =404;
    break;
}
## End of configuration add by letsencrypt container
client_max_body_size 10G;
client_body_buffer_size 400M;

# configuration file /etc/nginx/vhost.d/mydomain.com:
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
    auth_basic off;
    auth_request off;
    allow all;
    root /usr/share/nginx/html;
    try_files $uri =404;
    break;
}
## End of configuration add by letsencrypt container
#location / {
#    satisfy any;
#    allow 172.26.0.0/16;
#    allow 172.27.0.0/16;
#    deny  all;
#}
root@f36cf7dd322b:/# cat /etc/nginx/htpasswd/mydomain.com 
user:$apr1$z6gthqc9$OyqbKIENaaeQrrNhICRHu0
root@f36cf7dd322b:/# cat /etc/nginx/vhost.d/mydomain.com 
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
    auth_basic off;
    auth_request off;
    allow all;
    root /usr/share/nginx/html;
    try_files $uri =404;
    break;
}
## End of configuration add by letsencrypt container
#location / {
#    satisfy any;
#    allow 172.26.0.0/16;
#    allow 172.27.0.0/16;
#    deny  all;
@rhansen
Copy link
Collaborator

rhansen commented Jan 26, 2023 

      - VIRTUAL_PATH=/
      - DEFAULT_ROOT=none

Two things:

  • DEFAULT_ROOT must be set on the nginx-proxy container, not on your proxied application container.
  • DEFAULT_ROOT only takes effect when there is no VIRTUAL_PATH=/ (neither implicit nor explicit). See Allow complete override of location blocks #1179 for overriding the location / block when VIRTUAL_PATH=/ does exist.

@rhansen rhansen closed this as completed Jan 26, 2023
@MaxPowers1337
Copy link
Author

Thank you. Wasnt clear for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rhansen @MaxPowers1337