Develop Reference

failed: Connection closed before receiving a handshake response

Thats a very weird error, because i have tried configuring it multiple times, and still cant get my websocket work properly. And i dont think that problem is in clientside.
So I have 2 guesses:
I might improperly configured nginx.conf file
i have improperly configured something what is related with docker. for example entrypoint.sh
So far i have tried editing both files, and also tried different variations of configuring routs. I also think that it can be some dumb mistake, but i have spent a long time on this, so i really appreciate any help or advide
here is asgi.py:
import os
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
from django.core.asgi import get_asgi_application
from channels.routing import ProtocolTypeRouter, URLRouter
from service import routing
from channels.auth import AuthMiddlewareStack
from django.core.asgi import get_asgi_application
application_asgi = ProtocolTypeRouter({
'http': get_asgi_application(),
'websocket':AuthMiddlewareStack(
URLRouter(
routing.websocket_urlpatterns
)
),
})
application = get_asgi_application()
routing.py:
from django.urls import re_path, path
from .consumers import EventConsumer
websocket_urlpatterns = [
path('^api/wsEvents/', EventConsumer.as_asgi())
]
my nginx.conf:
daemon off;
upstream django {
server django_gunicorn:8000;
}
upstream websocket {
server django_asgi:8080;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
http {
listen 8000;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /static/ {
autoindex on;
alias ./backend/service/static:/backend/static; #and here also was just /static?
}
location /api/wsEvents/ {
proxy_pass http://localhost:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
docker-compose:
services:
django_asgi:
build:
context: .
command: daphne config.asgi:application --port 8080 --bind 0.0.0.0
volumes:
- .:/app/backend
environment:
- .env
links:
- db
- redis
depends_on:
- db
- redis
redis:
restart: always
image: redis
ports:
- 6379:6379
volumes:
- redisdata:/data
django_gunicorn:
volumes:
- static:/app/static ## here was just /static/ | also in default.conf same
env_file:
- .env
build:
context: .
ports:
- 8000:8000
links:
- redis
nginx:
build: ./nginx
volumes:
- static:/app/static/ # here was just static:/static/
depends_on:
- django_gunicorn
- django_asgi
ports:
- "80:80"
Any advice or help is appreciated

NGINX proxy_pass to Docker, ERR_TOO_MANY_REDIRECTS

I have docker-compose with simple wordpress docker and mysql docker included:
version: '3'
services:
db:
image: mysql:5.7
volumes:
- ./db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: XXX
MYSQL_DATABASE: XXX
MYSQL_USER: XXX
MYSQL_PASSWORD: XXX
networks:
- wpsite
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- '8000:80'
restart: always
volumes:
- ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
- './:/var/www/html'
env_file:
- .env
networks:
- wpsite
networks:
wpsite:
It works correctly when I'm trying to access paths through localhost:8000, I get correct responses from that psecific url:
http://localhost:8000/test
http://localhost:8000/wp-content/themes/mytheme/assets/main.js
http://localhost:8000/wp-content/themes/mytheme/assets/image.svg
http://localhost:8000/wp-admin
All of them works correctly.
Then I prepared my nginx on server (not in docker) to proxy_pass all requestts to localhost:8000:
server {
server_name myurl.com.pl;
location / {
proxy_pass http://localhost:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myurl.com.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pmyurl.com.pl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = myurl.com.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name myurl.com.pl;
listen 80;
return 404; # managed by Certbot
}
But then I'm always getting redirect in url from myurl.com.pl => localhost ... with 302 ERR_TOO_MANY_REDIRECTS
What I'm doing wrong?

Issue was finally not related to nginx or docker itself. It was issue on wp-config side, where needs to be specified:$_SERVER['HTTPS'] = 'on';. Then it works as expected

How to configure multiple keycloak instances on nginx

I have two keycloak instances running on two separate swarm stacks.
this is how my stack file looks like:
INSTANCE 1
version: "3.4"
services:
# keycloak Server
keycloak:
image: jboss/keycloak:11.0.0
deploy:
replicas: 1
update_config:
parallelism: 1
delay: 10s
order: start-first
restart_policy:
condition: on-failure
environment:
# DB_STUFF
PROXY_ADDRESS_FORWARDING: "true"
ports:
- "18080:18080"
command:
- "-b"
- "0.0.0.0"
- "-Djboss.socket.binding.port-offset=10000"
INSTANCE 2
version: "3.4"
services:
# keycloak Server
keycloak:
image: jboss/keycloak:11.0.0
deploy:
replicas: 1
update_config:
parallelism: 1
delay: 10s
order: start-first
restart_policy:
condition: on-failure
environment:
# DB_STUFF
PROXY_ADDRESS_FORWARDING: "true"
ports:
- "18081:18081"
command:
- "-b"
- "0.0.0.0"
- "-Djboss.socket.binding.port-offset=10001"
And the nginx configuration:
location /auth/ {
proxy_pass http://localhost:18080/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 80;
}
location /auth2/ {
proxy_pass http://localhost:18081/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 80;
}
I wanted to be able to access each of them through a separate path, but when I try to access the admin console of the second instance at /auth2 it redirects me to the first one at /auth.
I have little knowledge about nginx so any help is appreciated.

You may want to change the web context on your second Keycloak instance to auth2.
Set an environment variable WEB_CONTEXT to auth2 on your second Keycloak instance. Then add a CLI script file web-context.cli like this:
set WEB_CONTEXT=${env.WEB_CONTEXT:auth}
set KEYCLOAK_CONFIG_FILE=${env.KEYCLOAK_CONFIG_FILE:standalone-ha.xml}
set JBOSS_HOME=${env.JBOSS_HOME}
echo Setting web-context to $WEB_CONTEXT in $JBOSS_HOME/standalone/configuration/$KEYCLOAK_CONFIG_FILE
embed-server --server-config=$KEYCLOAK_CONFIG_FILE --std-out=echo
/subsystem=keycloak-server/:write-attribute(name=web-context,value=$WEB_CONTEXT)
stop-embedded-server
Add the file to /opt/jboss/startup-scripts.
See "Runnin custom scripts on startup" section in the README for details.

Nginx: (111: Connection refused) while connecting to upstream wordpress & docker

As many people I have the problem with the following error when I call the website (blog.mydomain.de):
502 Bad Gateway
nginx/1.14.2
2020/03/14 23:59:08 [error] 7#7: *1 connect() failed (111: Connection refused) while connecting to upstream, client: $IP, server: blog.mydomain.de, request: "GET / HTTP/2.0", upstream: "https://192.168.160.5:443/", host: "blog.mydomain.de"
So my problem is using WordPress. I also show you the NextCloud config because this works without any problems. I also know that the WordPress nginx config should contain more but I tried to find it if I even get this error with minimal config missing fastcgi and stuff.
worker_processes auto;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
}
http {
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml
application/javascript application/json application/xml application/rss+xml image/svg+xml;
server_names_hash_bucket_size 64;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
more_clear_headers 'server';
ssl_certificate /etc/letsencrypt/live/mydomain.de-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.de-0001/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.de-0001/chain.pem;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers "EECDH-AESGCM:EDH+ESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
server {
listen 80;
listen [::]:80;
server_name blog.mydomain.de cloud.mydomain.de;
return 301 https://$host$request_uri;
#return 301 https://$server_name$request_uri;
}
# NextCloudPi
server {
server_name cloud.mydomain.de;
listen 443 ssl http2;
listen [::]:443 ssl http2;
client_max_body_size 100G;
underscores_in_headers on;
location / {
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Front-End-Https on;
proxy_pass https://nextcloudpi;
}
}
# NextCloudPi Konfiguration Web-Interface
server {
server_name cloud.mydomain.de;
listen 4443 ssl http2;
listen [::]:4433 ssl http2;
location / {
more_clear_headers 'upgrade';
more_clear_headers 'Strict-Transport-Security';
proxy_ssl_verify off;
proxy_pass https://nextcloudpi:4443;
proxy_pass_header Authorization;
proxy_set_header 'X-Forwarded-Host' cloud.mydomain.de;
proxy_set_header 'X-Forwarded-Proto' https;
proxy_set_header 'X-Forwarded-For' $remote_addr;
proxy_set_header 'X-Forwarded-IP' $remote_addr;
}
}
# WordPress
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.mydomain.de;
client_max_body_size 200m;
underscores_in_headers on;
location / {
proxy_pass http://wordpress;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
}
}
I'm using this with docker containers. The compose file looks like this:
version: "3"
networks:
nextcloudpi:
services:
nginx:
restart: always
container_name: nginx
image: cptdaydreamer/nginx:latest
ports:
- 80:80
- 443:443
- 4443:4443
- 6800:6800
volumes:
- /media/storage/nginx:/var/log/nginx
- /etc/ssl:/etc/ssl
- /etc/letsencrypt/live:/etc/letsencrypt/live
- /etc/letsencrypt/archive:/etc/letsencrypt/archive
links:
- wordpress
depends_on:
- nextcloudpi
networks:
- nextcloudpi
- default
nextcloudpi:
restart: always
container_name: nextcloudpi
image: cptdaydreamer/nextcloudpi:latest
expose:
- 80
- 443
- 4443
- 6800
volumes:
- /media/storage/data:/data
- /etc/localtime:/etc/localtime:ro
networks:
- nextcloudpi
portainer:
image: portainer/portainer
command: -H unix:///var/run/docker.sock
restart: always
ports:
- 9001:9000
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /media/storage/portainer:/data
container_name: portainer
db:
container_name: mariadb
image: mariadb:latest
#ports:
# - 3306:3306
volumes:
- /media/storage/mariadb:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: $PRIVATE
MYSQL_DATABASE: $PRIVATE
MYSQL_USER: $PRIVATE
MYSQL_PASSWORD: $PRIVATE
wordpress:
container_name: wordpress
links:
- db
#ports:
# - 9000:9000
depends_on:
- db
image: wordpress:latest
expose:
- "80"
restart: always
volumes:
- /media/storage/wordpress:/var/www/html
environment:
WORDPRESS_DB_HOST: db:3306
#WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: $PRIVATE
WORDPRESS_DB_PASSWORD: $PRIVATE
WORDPRESS_DB_NAME: $PRIVATE
WORDPRESS_TABLE_PREFIX: $PRIVATE
I don't know what the exact problem is. The logs of the docker container of wordpress shows:
[15-Mar-2020 00:50:24] NOTICE: fpm is running, pid 1
[15-Mar-2020 00:50:24] NOTICE: ready to handle connections
Any ideas?
Updated on request:
Wordpress image is now latest instead of 7.3-fpm
Current used nginx.conf

Try edit to wordpress:9000 in the proxy pass script and change the Nginx config to this.
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
There's a mistake in your understanding. The wordpress-php-fpm image just expose the PHP-FPM service at port 9000, nothing running at https://wordpress:443 so Nginx will throw the 502 status. That's why you should use the fastcgi_pass to connect to PHP-FPM instead of proxy_pass like NextCloud API expose the https at port 4443 already.
When you split your stacks to 2 docker-compose.yml, everything will become more clearly and seperately.
-- wordpress/
--- docker-compose.yml
--- data/
-- nextcloud/
--- docker-compose.yml
--- data/
This is how Docker works.
From my experience, when using Docker, just keep a stack standalone. I mean Nextcloud going with an database, good. Then make another stack with WordPess and another database instance. It's take all the advantage of Docker and seperate the application each other.

docker-nginx with docker-gen doesnt catch any of the declared subdomain

I setted up docker-nginx with docker-gen in a docker-compose file
version: '2'
services:
nginx:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ${NGINX_FILES_PATH}/conf.d:/etc/nginx/conf.d
- ${NGINX_FILES_PATH}/vhost.d:/etc/nginx/vhost.d
- ${NGINX_FILES_PATH}/html:/usr/share/nginx/html
- ${NGINX_FILES_PATH}/certs:/etc/nginx/certs:ro
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: nginx-gen
restart: unless-stopped
volumes:
- ${NGINX_FILES_PATH}/conf.d:/etc/nginx/conf.d
- ${NGINX_FILES_PATH}/vhost.d:/etc/nginx/vhost.d
- ${NGINX_FILES_PATH}/html:/usr/share/nginx/html
- ${NGINX_FILES_PATH}/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- ${NGINX_FILES_PATH}/conf.d:/etc/nginx/conf.d
- ${NGINX_FILES_PATH}/vhost.d:/etc/nginx/vhost.d
- ${NGINX_FILES_PATH}/html:/usr/share/nginx/html
- ${NGINX_FILES_PATH}/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
NGINX_PROXY_CONTAINER: "nginx"
networks:
default:
external:
name: nginx-proxy
everything works fine, I do have a default.conf folder generated, depending on my others containers, here it is:
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
# bnbkeeper.thibautduchene.fr
upstream bnbkeeper.thibautduchene.fr {
## Can be connect with "nginx-proxy" network
# bnbkeeper
server 172.20.0.12:8080;
}
server {
server_name bnbkeeper.thibautduchene.fr;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://bnbkeeper.thibautduchene.fr;
}
}
# gags.thibautduchene.fr
upstream gags.thibautduchene.fr {
## Can be connect with "nginx-proxy" network
# gogs
server 172.20.0.7:3000;
}
server {
server_name gags.thibautduchene.fr;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://gags.thibautduchene.fr;
}
}
# portainer.thibautduchene.fr
upstream portainer.thibautduchene.fr {
## Can be connect with "nginx-proxy" network
# portainer
server 172.20.0.9:9000;
}
server {
server_name portainer.thibautduchene.fr;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://portainer.thibautduchene.fr;
}
}
however, when I reach any of these proxied address, the server does'nt exist and nginx doesnt even catch the request...
It looks like nginx is not even aware of my subdomain.

Ok, for those that are as silly as me, don't forget to add the subdomain to your provider, nginx doe'st yet handle it by itself..