Unable to use port 433

2020-01-31 18:33:37.255Z2020-01-31 18:44:16.187Z

Hi!

I work in a very closed intranet enviroment and I have just a one server avaliable to use I don't use AWS or anything like and unfortally I can't ask for more server to just only one small aplicattion. :(

So here I use Nginx with multi applications and It already has a certificate (asign by my own company) and I configure a reverse proxy to the aplications.

My best example how I do is the way I configure the Ghost

docker-compose.yml >>

image: ghost:latest

restart: always

ports:
  - 2370:2368  #port  without ssl

volumes:
  - ./content:/var/lib/ghost/content

environment:
  - NODE_ENV=production
  - url=https://xxxxx.intranet.com.br/blog1 #that is important the subdir alow to have multiples blogs on the same server

nginx >>

	location /blog1 {
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	       proxy_pass http://172.29.15.163:2370;

}

So I would like being able something like that, maybe theres a easy and better way.

Thanks

Solved in post #3, click to view

Reply

2 replies

KajMagnus @KajMagnus
core-dev
support-team
2020-02-03 18:17:30.389Z
I have in mind to reply tomorrow. Sorry I was short of time. Brifely, you'd edit Talkyard's docker-compose.yml and change the external port numbers from 80 and 443, to e.g. 8080 and 8443. And then you add a server { .. } block in your Nginx server that forwards the traffic to Talkyard, plus, you generate LetsEncrypt cert for this Nginx server block.
Reply

In reply tofernandes.ayla⬆:

KajMagnus @KajMagnus

2020-02-04 14:48:50.705Z2020-03-31 07:54:29.622Z

Ok, so in Talkyard's docker-compose.yml ( https://github.com/debiki/talkyard-prod-one/blob/master/docker-compose.yml ),
there's a Talkyard container named Web that by default listens to 80 and 443. Since those ports are not available, you need to reconfigure Web's external ports, so it listens to, say, 8080 and 8443 instead:

  web:
    image: ${DOCKER_REPOSITORY}/talkyard-web:${VERSION_TAG}
    ...
    ports:
      - '8080:80'    # instead of 80:80
      - '8443:443'   # instead of 443:443

Then, in the Nginx server, this works for me:

events { }

http {
  server {
    server_name your-talkyard-server-hostname;
    # or maybe just localhost, for testing?


    # TLS config
    # ...


    location / {
      # I'm not 100% sure about this line. I tested this in a docker-compose network,
      # and in that case, http://web:80 was what I had to use. In your case though,
      # I think this should work — assuming Talkyard runs on the same server (localhost)
      # on port 8080.
      #
      proxy_pass http://127.0.0.1:8080/;
      #
      # Or maybe this? looking at your Ghost config, if Talkyard is installed on the same
      # IP address but port 8080 instead:
      # proxy_pass http://172.29.15.163:8080;

      proxy_http_version 1.1;

      # $host = the first servername, no port number.
      # $http_host = the Host header, if any.
      proxy_set_header Host  $http_host;

      proxy_set_header X-Real-IP          $remote_addr;
      proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto  $scheme;
    }
  }
}

Reply 1 LikeSolution

ReplyAdd progress note