Nginx-proxy: SSL is forced even though no certificate is available (wrong one is used)

Created on 17 Jun 2015 · 3Comments · Source: nginx-proxy/nginx-proxy

Hey awesome work on this proxy server! It's made my life a lot easier. I'm new to SSL and have some trouble setting up the following:

My main website is at example.com. I have a dev server at dev.example.com. Only my main website should use SSL but my dev server shouldn't.

I run my dev server like this:
docker run -d --restart=always -e VIRTUAL_HOST=dev.example.com -e ROOT_URL=http://dev.example.com/ --name app-dev example/app-dev
In my certs folder there is only example.com.crt and example.com.key. Nevertheless, when inspecting default.conf, it's trying to use port 443 and those certificates even though the domain name is different (dev.example.com instead of example.com).

server {
    server_name dev.example.com;
    return 301 https://$host$request_uri;
}

server {
    server_name dev.example.com;
    listen 443 ssl spdy;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
...

example.com works fine using SSL as expected, just the dev server doesn't (Your connection is not private Attackers might be trying to steal your information etc)

Am I doing something wrong?

EDIT: I run my proxy server like this:
docker run -d -p 80:80 --restart=always --name pl-router -p 443:443 -v /opt/pl-data/router/pl-router.conf:/etc/nginx/conf.d/pl-router.conf:ro -v /opt/pl-data/router/certs/:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy

Source

nickjanssen

Most helpful comment

@chaos95 you just saved the day, thank you! Adding -e CERT_NAME="" did the trick

nickjanssen on 17 Jun 2015

👍2

All 3 comments

My workaround for this, as per #176, is to set CERT_NAME to "" (empty string) on the container, which causes the template logic to skip over the HTTPS configuration section.

chaos95 on 17 Jun 2015

👍2

@chaos95 you just saved the day, thank you! Adding -e CERT_NAME="" did the trick

nickjanssen on 17 Jun 2015

👍2

If you want to just test on HTTP instead of disabling HTTPS, just adding HTTPS_METHOD=noredirect and restarting the application container should work.
HTTPS_METHOD=noredirect will optionally enable not to force HTTP to HTTPS (more in the documentation)..

Also, HTTPS_METHOD=noredirect helps when you want to do 301 redirect to HTTPS via an external load balancer or a CDN (such as cloudflare, cloudfront or ALB)