docker-fusiondirectory
docker-fusiondirectory copied to clipboard
Default instructions create unusable webserver
Hello all,
I have the docker-compose.yml below. With it, I am able to successfully create the container, but nginx is not accessible externally or internally.
To simplify things, I am executing docker exec -it <container> bash
, then wget 127.0.0.1
to test.
The error I get:
bash-4.4# wget 127.0.0.1
Connecting to 127.0.0.1 (127.0.0.1:80)
Connecting to 127.0.0.1 (127.0.0.1:443)
wget: can't connect to remote host (127.0.0.1): Connection refused
bash-4.4# telnet localhost 443
telnet: can't connect to remote host (127.0.0.1): Connection refused
As you can see, port 443 is not open. Port 80 is open, but seems to redirect to 443:
# curl -i localhost:80
HTTP/1.1 302 Found
Server: nginx/1.19.3
Date: Sun, 10 Jan 2021 23:58:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.33
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: deny
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: FusionDirectory=5de2d003838548e9605b6cf6e7055091; expires=Mon, 11-Jan-2021 23:58:13 GMT; Max-Age=86400; path=/
Content-Language: en-us
Location: https://localhost/
The docker-compose.yml:
$ cat docker-compose.yml
version: '3.7'
services:
fusiondirectory-app:
container_name: fusiondirectory-app
image: tiredofit/fusiondirectory
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:x.y.z
- traefik.port=80
- traefik.docker.network=proxy
- traefik.backend=fusiondirectory-app
volumes:
- ./logs:/www/logs
#- ./custom:/assets/fusiondirectory
#- ./plugins-custom:/assets/plugins-custom
environment:
- VIRTUAL_HOST=x.y.z
- VIRTUAL_NETWORK=proxy
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=x.y.z
- [email protected]
- ZABBIX_HOSTNAME=fusiondirectory-app
- ENABLE_ARGONAUT=FALSE
- PLUGIN_AUDIT=TRUE
- PLUGIN_DSA=TRUE
- PLUGIN_LDAPDUMP=TRUE
- PLUGIN_LDAPMANAGER=TRUE
- PLUGIN_MAIL=TRUE
- PLUGIN_PERSONAL=TRUE
- PLUGIN_PPOLICY=TRUE
- PLUGIN_SSH=TRUE
- PLUGIN_SUDO=TRUE
- PLUGIN_WEBSERVICE=TRUE
- LDAP1_HOST=x.y.z
- LDAP1_BASE_DN=x
- LDAP1_ADMIN_DN=x
- LDAP1_ADMIN_PASS=x
- LDAP1_PORT=389
- LDAP1_NAME=Production
networks:
- proxy
- services
restart: always
networks:
proxy:
external: true
services:
external: true
Any ideas what I should be doing differently here?
tarek : )
You can try CONTAINER_LOG_LEVEL=DEBUG
also head inside the container and verify if there is the nginx process. If not, try nginx -t
to see if the configuration has broken.
nginx -t gives me a normal result:
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
As for the server logs, this might be it:
[cont-init.d] 10-nginx: executing...
[DEBUG] ** [container] Container: Getting defaults for 10-nginx
[DEBUG] ** [container] Container: No functions available for 10-nginx
[NOTICE] ** [nginx] Disable Nginx FastCGI HTTPS Termination Support
[cont-init.d] 10-nginx: exited 0.
Though I'm not sure what to do with this...
tarek : )
I looked at the config files in /etc/cont-init.d/ and found the following flag:
NGINX_ENABLE_FASTCGI_HTTPS
When enabled, a wget DOES work. I'm going to see if this gets things working, the put in a PR for an updated docker-compose.
tarek : )
Everything almost works. I am not sure how to access the port for the server, and so I am forced to use the ports option in the docker-compose.yml, which is not optimal. Any suggestions on how to access the exposed port?
You should put it in front of a reverse proxy server, like jwiler/nginx-proxy or traefik. That will give you SSL termination.
I'm using nginx proxy. The difficulty is knowing where to point. With ports: 9800:80
, it becomes:
location / {
proxy_pass http://localhost:9800;
proxy_set_header Host $http_host;
}
However, when I create a network with docker network create, I still get no open port 80 on either of the two networks (proxy
and services
from your example)
Alright, with jwilder/nginx-proxy
you would use the following as environment variables:
VIRTUAL_HOST=your.fusiondirectory.domain.example
VIRTUAL_PORT=80
But I am a bit confused by your example, it sounds like you are running a nginx proxy on baremetal, not through Docker - So in that case, I would expose
ports:
- 127.0.0.1:9800:80
In your docker-compose.yml file which will expose the port 80 of the container only to localhost and your locally installed nginx will be able to proxy_pass to it.
Excellent. Thank you! Indeed, I am running it on bare metal, though it seems like it's wiser to move to a container as I figure out how..
Yes definitely - Dockerize everything :P