Hello everybody,
after several searches and AI support, I need more eyes to get this running.
I have a podman with a few pods and solo containers running on separated networks and ports and a VM with other IP address, the certs are made for the local host (hostname, hostname.local, IP, 127.0.0.1, localhost), there are no processes blocking port 80.
Nginx can read the key cert pair without errors, firewall ports are all open as I can reach all Apps on LAN.
nginx container log shows no errors for 8443, what assumes the container is not addressed?
Conneting by 8088 gives logs.
With my configuration I make nginx start, and I get the startpage with http, but not with https.
The goal is to have all containers on a local network without internet domain, access is only by VPN.
While nginx is running all other containers are reachable, nginx on port 8088, but not on 8443, get 502.
When I can bring one container on, I can repeat this for all following.
Here is an example for a jellyfin container (only interesting points):
podman run -d \
–name=jellyfin \
–network jellyfinnet \
–network-alias jellyfin \
-p 8096:8096 \
-p 7359:7359/udp \
“docker.io-container:latest”
With this settings, nginx runs in podman:
podman run -d \
–name nginx \
–network nginxnet \
–network nextcloudnet \
–network jellyfinnet \
–network xwikinet \
-p 8088:80 \
-p 8443:443 \
-v /mnt/cloudron/common/nginx/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /mnt/cloudron/common/nginx/certs:/etc/nginx/certs:ro \
–restart=always
”docker.io-container:latest”
That config is AI supported but it looks well. The only point I’m not sure is marked with ###.
worker_processes auto;
events { worker_connections 1024; }
http {
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection “1; mode=block”;
server {
listen 80;
listen [::]:80;
server_name knut knut.local localhost hostIP;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name knut knut.local;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
add_header Strict-Transport-Security "max-age=2592000; includeSubDomains; preload" always;
# --------- Jellyfin (Port 8096) ----------
### The goal is to reach jellyfin by jellyfin.knut or jellyfin.knut.local
### to recognize when conneting on different local networks.
location /jellyfin/ {
proxy_pass http://jellyfin:8096/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}