Nginx in front of cloudron install.

danielreyes61

I am trying to get Nginx in front of my cloudron install working and having a hard time.
Below is my current config /etc/nginx/conf.d/<site>.conf . I've removed my site name. I already have Nginx setup in front and it is successfully running and proxy_passing to my other websites. I need this to work because I plan to run a lot of websites from different virtual machines and containers from my single IP address and if cloudron remains in control in front of my ip address, than I cannot do that. I tried changing the below config to port 443 with no success. The install configures the "my" DNS record in cloudflare successfully and then gives me a blank page when it try's to resolve to https://my.<site>.net/setup.html. If I go to localhost in browser it will show me the setup screen for a brief second before failing. Please advise. If this doesn't work, I'll have to manually install everything I liked about cloudron in portainer myself. In theory this should work. Not sure where to investigate and if this current install sitting at the "setup" screen can even be saved or if I will have to completely reinstall the VM and cloudron and try again each time. Thank you for taking a look!

• Dan

                          

server {
    listen       80;
    server_name my.<site>.net <site>.net;

location / {
    proxy_pass       https://192.168.1.139:80;
    proxy_http_version         1.1;
    proxy_read_timeout 300;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Real-PORT $remote_port;
           }
}

murgero

@danielreyes61 You need to proxy 80 and 443, plus whatever other ports your apps use (Matrix, Mastodon, teamspeak, minecraft to name a couple of examples.)

DigitEgal

This post is deleted!

danielreyes61

@murgero When I tried to setup 443, Nginx wanted a ssl certificate. Would I export the certificate that cloudron made and saved in firefox? After thinking about this more, I thought if I just had 80 and 443 set up that it would be the end of it and all would work well but now I am thinking I will actually still have to manually configure everything on my front end Nginx to match cloudron app's that I install. Is it not possible to have Cloudron manage all the proxy needed for those apps after I get 443 and 80 working in my Nginx?

murgero

@danielreyes61 I don't suppose there is a way for you to just get a second IP from your ISP?

nebulon

@danielreyes61 without answering the full question, the brief second seeing the setup screen is likely because the Cloudron thinks DNS setup was fine and thus will redirect your browser to the my.domain, which then does not work.

I haven't had such a setup before, but does nginx forward the domain correctly to be picked up by the nginx on Cloudron to match its own server_name directive?

scooke

@danielreyes61 said in Nginx in front of cloudron install.:

if cloudron remains in control in front of my ip address, than I cannot do that.

Cloudron is supposed to be the only one in control. The page where you can install it explicitly says, "a fresh ... server". It seems to me that Portainer is more like what you want to use, and it will be easier to do so without trying to mix and mash systems that need to be on their own. This isn't a weakness of Cloudron.

DigitEgal

@danielreyes61

Just dont....

Also if you need more stuff on there just get the pro subscription since they are doing a great job.
I wouldnt allow it aswell as dev to make that possible since it would make the free price plan abused.
If Cloudron dont offers that App, just get another (small) VPS for that stuff..

girish

@danielreyes61 As an experiment, I set up nginx proxy manager in a separate VM and it worked pretty much instantly.

What I did was:

• Installed nginx proxy manager
• Installed an app on Cloudron. I am using Vultr DNS.
• Added a proxy host in nginx proxy manager. I also configured it to use SSL via Vultr (it's a tab in the Add Host UI):

• Manually edited the Vultr DNS of paste.cloudron.space (the domain above) to point to nginx proxy manager VM instead of the Cloudron. I am able to access the app. I double checked it's going via the proxy VM by checking the certificate.

girish

@danielreyes61 If you want to use nginx directly, you should make it do https proxying and not http. nginxproxymanager seems to have generated something like this:

# ------------------------------------------------------------
# paste.cloudron.space
# ------------------------------------------------------------


server {
  set $forward_scheme https;
  set $server         "45.63.93.50";
  set $port           443;

  listen 80;
  listen [::]:80;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name paste.cloudron.space;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;

  access_log /data/logs/proxy-host-2_access.log proxy;
  error_log /data/logs/proxy-host-2_error.log warn;

  location / {
    # Proxy!
    include conf.d/include/proxy.conf;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

And proxy.conf is like this:

set              $upstream $forward_scheme://$server:$port$request_uri;
add_header       X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto  $scheme;
proxy_set_header X-Forwarded-For    $remote_addr;
proxy_set_header X-Real-IP          $remote_addr;
proxy_pass       $upstream;

Just pasting them to give you some ideas.