I'm running OneDev in a docker container. I also have the LinuxServer.IO swag container running my nginx instance. I modified the reverse proxy guide found here (https://docs.onedev.io/administration-guide/reverse-proxy-setup) to fit within the swag subdomain structure. That file looks like this:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.*;
include /config/nginx/ssl.conf;
proxy_buffering off;
# maximum size of uploaded file
client_max_body_size 100M;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
set $upstream_app 172.16.0.100;
set $upstream_port 6610;
set $upstream_proto http;
location /wicket/websocket {
proxy_pass $upstream_proto://$upstream_app:$upstream_port/wicket/websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /~server {
proxy_pass $upstream_proto://$upstream_app:$upstream_port/~server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass $upstream_proto://$upstream_app:$upstream_port/;
}
}
If I access the OneDev instance directly on port 6610 at the appropriate local IP, everything works. When I connect via the external URL (https://git.example.com), my browser is infinitely redirected to /~login. This appears to be entirely done inside the script in the HTML response to /.
Am I missing something?
Thanks!
Robin Shen commented 1 year ago
I tried a local installed Nginx instance with your nginx config, and it works fine. Can you please let me know the command you are using to start the LinuxServer.IO swag container?
Jonathan Simon commented 1 year ago
Native nginx reverse proxy did work for me as well. All I did here was merge the host nginx site file with the swag format and include their boilerplate.
While the host port is 4444, the port forwarding in my router is 443->4444 on the host. I have another container that only functions in host networking and needs 443.
Then how to mount/merge your nginx config file? Should I prepopulate directory /media/storage/docker_configs/letsencrypt with something first?
I never used this container before. Checking the documentation and guessing the setup might be time consuming. A step-by-step reproducing guide will be of a lot help.
Also is http protocol working?
Robin Shen commented 1 year ago
Reproducing steps with http protocol should be simpler if it does not work either.
Jonathan Simon commented 1 year ago
Sorry about that! The swag container will auto-populated many directories under its /config. After it does that, put the nginx config in my first post in the swag container's /config/nginx/proxy-confs/onedev.subdomain.conf and restart the swag container. Swag won't start unless it can resolve the domain name you specify for it to get an SSL cert for.
I redirect all http traffic to https just to not have to think about it but I'll reconfigure it as http tomorrow to see what happens.
Robin Shenchanged state to 'Closed'1 year ago
Previous Value
Current Value
Open
Closed
Robin Shen commented 1 year ago
Feel free to reopen if you tested with http protocol.
Jonathan Simon commented 11 months ago
Btw, I figured this out and it was entirely on me. The http vs https thing was a red herring. The proxy_pass directive in the location block for / in my nginx config file didn't include $request_uri at the end so every request redirected to / which obviously doesn't work.
I'm running OneDev in a docker container. I also have the LinuxServer.IO swag container running my nginx instance. I modified the reverse proxy guide found here (https://docs.onedev.io/administration-guide/reverse-proxy-setup) to fit within the swag subdomain structure. That file looks like this:
If I access the OneDev instance directly on port 6610 at the appropriate local IP, everything works. When I connect via the external URL (https://git.example.com), my browser is infinitely redirected to
/~login
. This appears to be entirely done inside the script in the HTML response to/
.Am I missing something?
Thanks!