0

I have a docker container running a Flask app and then frontending it with an Nginx proxy. The Nginx container is running on port 80 and then I am using an HAProxy for SSL offloading. This setup works I browse to http://test.example.com and it redirects me th https and the site is up. Now, I would like the Nginx server to only reply on either localhost for healthchecks or my FQDN. If I browse to it via IP or any other domain I dont want to respond. With the config below, I got the healthcheck to work, but when I browse to it via FQDN (http://test.example.com), I get a 503 error. Not sure what I am missing. Not sure if I need to add anything for the https redirect or what, but localhost seems to work, but not FQDN. When I browse via FQDN, the flask server is not even seeing the request.

server {
    listen 80 default_server;

    return 444;
}

server {
    listen 80;
    charset utf-8;

    # Virtual host for localhost
    server_name localhost;

    location / {
        # Apply rate limiting
        limit_req zone=mylimit burst=20 nodelay;

        proxy_pass http://flask:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

server {
    listen 80;
    charset utf-8;

    # Virtual host for test.example.com
    server_name test.example.com;

    location / {
        # Apply rate limiting
        limit_req zone=mylimit burst=20 nodelay;

        proxy_pass http://flask:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
Improve this question
3
  • 2
    Client got 503, but how the server logged it? Also, this setup is inefficient. Surely, much better to list both localhost and test.domain.com in the same server block, to avoid duplication. Also it's worth adding dedicated error log and access log for this server block, to be able to divert its log stream into separate file.
    – Nikita Kipriyanov
    Nov 24 at 17:59
  • NO, I am tailing the logs and it does not show up there. but the server appears to be up, and healthcheck says the server is healthy.
    – user2236794
    Nov 24 at 18:34
  • 1
    I'd first find why my server doesn't log an error. That's very strange and should not happen. Are you sure the right server answers? Are you sure the error is generated by the Nginx and not by the backend (I mean, where else it may be logged)?
    – Nikita Kipriyanov
    Nov 25 at 4:25

1 Answer 1

Reset to default
1

I finally got it working. I had to add the IP of my HAProxy as an allowed IP, I also consolidated the nginx config.

server {
    listen 80;
    charset utf-8;

    server_name test.mydomain.com;


    location / {
        allow 10.36.130.1; # ip of HA Proxy doing SSL Offloading
        allow 127.0.0.1;
        deny all;

        # Apply rate limiting
        limit_req zone=mylimit burst=20 nodelay;

        proxy_pass http://flask:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;

    }
}
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .