Nginx – How to Proxy Pass to Docker Container with SSL

dockerhttpsnginxPROXYssl

I want to serve multiple sites on my server. Each site I suppose to wrap as docker-compose build, each has its own nginx, that listen to one single port

I have a site with hostname site1.com. It's docker compose exposes port 81:

...
services:
  web:
    image: nginx
    ...
    ports:
      - '81:443'
    ...
...

And the client nginx (inside container) listens to everything on 443 and has all ssl settings

server {
        listen 443 ssl;

        ssl_certificate /etc/letsencrypt/fullchain1.pem;
        ssl_certificate_key /etc/letsencrypt/privkey1.pem;
    
        # ...
        # and everything else
}

And here is host nginx, that is just passing from port 80 to 81 according to server_name:

server {
        listen 80;
        listen [::]:80;

        server_name site1.com;

        location / {
                proxy_pass https://localhost:81;
        }
}

For now it's working. But it is insecure. So I try to add 443 forwarding.

server {
        listen 443;
        listen [::]:443;
        server_name bederdinov.me;

        location / {
                proxy_pass https://localhost:81;
        }
}

Nginx restart well, but when I go to https://site1.com I'm getting a ERR_SSL_PROTOCOL_ERROR

It seems quite obvious – host nginx is trying to serve request with ssl, but only docker client nginx knows how to do it

How can I tell host nginx, that it don't have to do anything but only pass all the work to client nginx? Or maybe there is another server software I can use for this task?

Best Answer

SSL termination is handled by the nginx outside of the container. You need to configure the SSL options there. There is no need to configure SSL inside of the container as long as it runs on the same host as the reverse proxy.

Related Topic