SOLVED NGINX® Manager - Reverse Proxy Subdomain to Docker-Container

[Deleted member 1066013]

Hey everyone,
I have a few Docker containers running on my cPanel server and recently switched from Engintron to NGINX® Manager.

Using Engintron, I had redirected calls to the subdomains to IP:port of the Docker containers.

I achieved this with this code in CustomRules.conf:

#Redirect http to https
if ($scheme = "http") {
    set $redirToSSL "yes";
}

if ($host ~* "^sub1\.|^sub2\.") {
    set $shouldSSL "please";
}
set $sslRedirection $redirToSSL$shouldSSL;

if ($sslRedirection = "yesplease") {
    return 301 https://$host$request_uri;
}

#Redirect Subdomain to Docker
if ($host = "sub1.domain.com") {
    set $PROXY_SCHEME "http"; # Is the internal protocol HTTPS? If not, change to "http"
    set $PROXY_DOMAIN_OR_IP "server.domain.com";
    set $PROXY_TO_PORT PORT;
    set $redirToSSL "on";
}


if ($host = "sub2.domain.com") {
    set $PROXY_SCHEME "http"; # Is the internal protocol HTTPS? If not, change to "http"
    set $PROXY_DOMAIN_OR_IP "server.domain.com";
    set $PROXY_TO_PORT PORT;
    set $redirToSSL "on";
}

I wanted to configure the reverse proxy via the include files in /etc/nginx/conf.d/users/user/sub#.domain.com/sub.conf .

Unfortunately I found out that neither if-blocks nor proxypass are allowed here.

How can I make the call to my subdomain be redirected to my docker container?

Thanks for your help

 

[cPRex]

Hey there! cPanel doesn't officially support docker containers so I don't have an official answer for this on my end. I'll leave this marked as "new thread" for a bit for better visibility to see if other users have some ideas they can share.

 

[Hackle]

Sorry, maybe it is wrong to write this here.

But apparently overnight my account was deleted and I just had to create a new account. In addition my post was given to user kdav850, how is this possible?

 

[cPRex]

I don't entirely understand what you're saying - are you saying the forums user changed somehow?

 

[Hackle]

I don't entirely understand what you're saying - are you saying the forums user changed somehow?

Yes exactly.
Timeline:
Yesterday I joined the forum by cPanel-ID under the name Hackle, but not setting an extra password, opened this thread and got your reply.

I have the email confirmation from creating the thread.

Todays morning I couldn't login in to my account via cPanel-ID nor with the name Hackle.
The thread creator was then kdav850, although this user joined into the forum at 7:59 today.

I then logged in again with my cPanel ID and used the name Hackle and now additionally set a password.

 

[cPRex]

The logs on my side show completely different users/IP addresses/timestamps/geographical region/email for those users, so I'm not seeing any connection there between the two accounts.

 

[Hackle]

Anyway, the account I created yesterday and started the thread with has disappeared or been deleted.

But I definitely have the confirmation email for the creation of the thread.

The account with which I now write I have recreated with the same name.

 

[Hackle]

How the connection to the account kdav850 comes about, I do not know and kdav850 is definitely not my account.

But just the fact that the thread was opened yesterday evening and the user kdav850 has logged in for the first time only this morning, suggests an error.

 

[Hackle]

A few screens of the contradictions

 

[cPRex]

I'm wondering if there could be a compromise on your local system as we do see the same IP address logging in to both of your accounts.

I think further discussion about this should likely go to a support ticket.

 

[Hackle]

Is there a way to directly open a support ticket to this thread?

 

[cPRex]

I'm actually doing some research of my own at this time. I'm seeing some other odd inconsistencies as well, so I'll let you know what I see.

 

[cPRex]

Alrighty - that turned out to be very interesting. It turns out there was a database sync issue last night where one server had the Hackle user, and one server had the kdav850 user, and those both overlapped for a brief period of time.

In order to avoid any confusion I've removed the kdav850 user and renamed it so it no longer shows up in the post here. You can continue using the Hackle account with no problems. I'm sorry this happened, but due to this we can confirm that although things looked odd, there were no security issues.

 

[Hackle]

Alrighty - that turned out to be very interesting. It turns out there was a database sync issue last night where one server had the Hackle user, and one server had the kdav850 user, and those both overlapped for a brief period of time.

In order to avoid any confusion I've removed the kdav850 user and renamed it so it no longer shows up in the post here. You can continue using the Hackle account with no problems. I'm sorry this happened, but due to this we can confirm that although things looked odd, there were no security issues.

Okay, I'm glad there are no security issues!

In the meantime I found out the corresponding NGINX config.
The thread can be marked as solved.

If someone is interested in the solution, I can provide it.

 

[cPRex]

For sure - if you could post your findings here I can mark this thread as solved.

 

[Hackle]

MY SOLUTION:

Make sure you have created the subdomain you want to use and have docker up and running.

To redirect the subdomain to the IP:port of the Docker containers on a cPanel server, a configuration file must be created in

/etc/nginx/conf.d/*.conf

containing the appropriate server blocks.

Most of the Code I have found and copied from the /etc/nginx/conf.d/users/"cpaneluser".conf in the subdomain section

server{
    listen 443 ssl http2;

    server_name sub.domain.com;

    ssl_certificate /var/cpanel/ssl/apache_tls/sub.domain.com/combined;
    ssl_certificate_key /var/cpanel/ssl/apache_tls/sub.domain.me/combined;

    ssl_protocols TLSv1.2 TLSv1.3;
    proxy_ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
   
    root /home/"cpaneluser"/sub.domain.com;

    location / {
        proxy_cache $CPANEL_PROXY_CACHE;
        proxy_no_cache $CPANEL_SKIP_PROXY_CACHING;
        proxy_cache_bypass $CPANEL_SKIP_PROXY_CACHING;

        proxy_cache_valid 200 301 302 60m;
        proxy_cache_valid 404 1m;
        proxy_cache_use_stale error timeout http_429 http_500 http_502 http_503 http_504;
        proxy_cache_background_update on;
        proxy_cache_revalidate on;
        proxy_cache_min_uses 1;
        proxy_cache_lock on;

        include conf.d/includes-optional/cpanel-proxy.conf;
        proxy_pass http://127.0.0.1:PORT-TO-DOCKER-CONTAINER;
    }

    include conf.d/server-includes/cpanel-static-locations.conf;

    include conf.d/users/"cpaneluser"/*.conf;
    include conf.d/users/"cpaneluser"/sub.domain.com/*.conf;
}

Most of the Code I have found and copied from the /etc/nginx/conf.d/users/"cpaneluser".conf in the subdomain section
After that rebuild the NGINX config.

Maybe there is a better solution, then I am open to suggestions, but I hope this helps someone else as well.