Jwilder/nginx vs ttrss-docker

Boblepirate · 2021-05-24T07:55:23.960Z

Dear all,

May be sorry in advance for this newbie question, but I made a lot of search to understand how to interface jwilder/nginx and ttrss-docker without success !

As said before, I’ve got my jwilder/nginx reverse proxy working fine (I tried it with a static page served by a docker nginx:alpine). I’ve got also my tt-rss-docker working fine on localhost:8280
But I don’t understand how to connect both…

Here is my docker-compose.yaml for jwilder/nginx reverse proxy

services: 
  # Nginx
  nginx-reverse-proxy:
    image: jwilder/nginx-proxy:latest
    container_name: nginx-reverse-proxy
    restart: always
    ports:
        - "80:80"
        - "443:443"
    volumes:
        - ./conf.d:/etc/nginx/conf.d
        - ./certs:/etc/nginx/certs:ro
        - ./vhost.d:/etc/nginx/vhost.d
        - /usr/share/nginx/html
        - /var/run/docker.sock:/tmp/docker.sock:ro
    labels:
        - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy

  # Let's Encrypt
  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion:latest
    restart: always
    volumes_from:
        - nginx-reverse-proxy
    container_name: letsencrypt
    volumes:
        - ./certs:/etc/nginx/certs:rw
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - acme:/etc/acme.sh
                  
volumes:
  conf.d:
  vhost.d:
  certs:
  acme:

I also add in conf.d directory a proxy_location file

location /tt-rss/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:8280/tt-rss/;
    break;
}

And on ttrss-docker side, I’ve got the original coming from [url]https://git.tt-rss.org/fox/ttrss-docker-compose[/url].
I just modify the.env file

# Copy this file to .env before building the container.
# Put any local modifications here.

TTRSS_DB_USER=postgres
TTRSS_DB_NAME=postgres
TTRSS_DB_PASS=password

# This is only used by web-ssl container.
#HTTP_HOST=localhost

# You will likely need to set this to the correct value, see README.md
# for more information.
TTRSS_SELF_URL_PATH=https://my_registered_domain/tt-rss

# You can customize other config.php defines by setting overrides here.
# See app/Dockerfile for complete list. Examples:
# TTRSS_PLUGINS=auth_remote
# TTRSS_SINGLE_USER_MODE=true
# TTRSS_SESSION_COOKIE_LIFETIME=2592000
# TTRSS_FORCE_ARTICLE_PURGE=30
# etc, etc.

# bind exposed port to 127.0.0.1 by default in case reverse proxy is used.
# if you plan to run the container standalone and need origin port exposed
# use next HTTP_PORT definition (or remove "127.0.0.1:").
HTTP_PORT=127.0.0.1:8280
#HTTP_PORT=8280

# Let's encrypt
VIRTUAL_HOST=my_registered_domain
VIRTUAL_PORT=80
LETSENCRYPT_HOST=my_registered_domain
LETSENCRYPT_EMAIL=my_registered_email

Can someone help me, I don’t know how to link ttrss-docker to jwilder/nginx. I tried a lot of different solution without any success.

Regards

fox · 2021-05-24T08:24:13.687Z

if your reverse proxy nginx is also running in docker, it has a separate localhost of its own.

you’ll need to use your host IP in the location block and forward tt-rss port accordingly (not a very good idea for security reasons) or run them all within one docker private network and use container (=service) hostnames i.e. http://ttrss-nginx/tt-rss/ - this way you won’t need to forward any ports to the host. note that the latter example not using port 8280 - inside the container nginx listens on port 80.

Boblepirate · 2021-05-26T16:56:09.042Z

Thank you for your help.

Finally I 've got the solution (may be someone could be interested).

Here is my docker-compose.yaml for jwilder/nginx reverse proxy

services: 
  # Nginx
  nginx-reverse-proxy:
    image: jwilder/nginx-proxy:latest
    container_name: nginx-reverse-proxy
    restart: always
    ports:
        - "80:80"
        - "443:443"
    volumes:
        - ./certs:/etc/nginx/certs:ro
        - ./vhost.d:/etc/nginx/vhost.d
        - /usr/share/nginx/html
        - dhparam:/etc/nginx/dhparam
        - /var/run/docker.sock:/tmp/docker.sock:ro
        - ./htpass:/etc/nginx/htpasswd
    labels:
        - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
    networks: ["net"]
        
  # Let's Encrypt
  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion:latest
    restart: always
    volumes_from:
        - nginx-reverse-proxy
    container_name: letsencrypt
    volumes:
        - ./certs:/etc/nginx/certs:rw
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - acme:/etc/acme.sh
    networks: ["net"]

volumes:
  vhost.d:
  certs:
  dhparam:
  acme:
  htpass:

networks:
  net:
    external: true

And in the vhost.d directory the file “default_location” (name of the file is important).

location /tt-rss/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://ttrss-docker_web-nginx_1/tt-rss/;
    break;
}

I also had “net” network to cthulhoo/ttrss-web-nginx and “common” to all the dockers inside ttrss docker.
And it works fine.

Regards.