Nginx-proxy: [SSL] What to do when a server exposes only port 80?

Created on 10 Aug 2016  路  4Comments  路  Source: nginx-proxy/nginx-proxy

I have several services that expose only port 80 thus being insecure.
I'd like to access them through HTTPS so I put a docker-compose config like this:

  shortener:
   image: local/shortener
   environment:
   - VIRTUAL_HOST=example.org
   - VIRTUAL_PROTO=https
   - VIRTUAL_PORT=80

But when I try to access the page I get this in the logs:

[error] 32#32: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 5.91.126.59, server: example.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://172.18.0.7:80/favicon.ico", host: "example.org", referrer: "https://example.org"

What should I do?

picture peperunas
👍1

All 4 comments

I solved by removing the VIRTUAL_PROTO and VIRTUAL_PORT environmental variables (while having the certificates in the certs folder).
May someone explain me why this currently works?

peperunas picture peperunas on 10 Aug 2016
👍1

Hi, VIRTUAL_PROTO is which protocol nginx-proxy should use to talk to the proxied container. VIRTUAL_PORT is only needed if the container exposes more than one port and the port to be used is not 80.

wader picture wader on 10 Aug 2016
🎉1

@Krishath This way you probably get a non-secure http connection. Does your browser show the certificates?

dirad picture dirad on 11 Aug 2016

Yes @dirad. I think that in this way nginx-proxy establishes a secure connection with the client through HTTPS while forwarding the traffic to the (unsecure) proxied container.

peperunas picture peperunas on 11 Aug 2016
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

iBobik picture iBobik  路  4Comments
etiennemtl picture etiennemtl  路  3Comments
lagivan picture lagivan  路  3Comments
auzty picture auzty  路  3Comments
kevindesousa picture kevindesousa  路  3Comments