roller24's picture

I have the TurnkeyLXC on baremetal with several APPs and really have been impressed with the ease of installation. I will be needing to serve via http/https more than one APP on a network limited to one public ipaddr.   I am attempting to use the nginx proxy_pass function and have been having quite a struggle.

I ran the binary nginx-proxy using my fqdn domain with and without the www. in the domain -d --domain option and both wp1 and wordpress as the -n --name option. the resulting /etc/nginx/sites-enabled file results in passing to http://wordpress or http:wp1 which i found odd. I replace ipaddr of APP  and have tried many options.  I  believe the dnsmasq or hosts files may be configured wrong as I get lxc as hostname -f  and dnsdomainname does show my domain but domainname returns none as does nisdomainname. could someone please try to add some clarity to this for me. here is some info about my present setupl

in the root lxc 

etc/hosts/ 

127.0.0.1  localhost
127.0.1.1 lxc.mydomain.com lxc

hostname returns lxc, hostname -f returns lxc.mydomain.com

etc/nginx/sites-enabled/mydomain.com


server {
    listen              80;
    server_name         mydomain.com;

    location / {
        include         /etc/nginx/include/proxy;
        proxy_pass      http://wordpress;
    }
}

server {
I left out the rest for brevity

 

Forum: 
roller24's picture

so in my frustration,,, I installed lynx text based web browser on the root system, and was able to to browse to http://wordpress/ site , as well as http://www.mydomain.com passed successfully to wordpress as presented in the nginx-proxy binary generated conf file. so the proxy is working, however only locally within the root system. On my workstation the page always results with server took too long error.  Not sure where to look now, as I am assuming that the proxy is functioning as it should.

Jeremy Davis's picture

Thanks for your feedback.

Your statement about it "passing to http://wordpress or http:wp1" does sound potentially like a bug.

Whilst I use our LXC templates lots myself (and do much of my manual pre-release testing with them) I actually use Proxmox rather than our LXC appliance as my host. So my experience with our LXC host appliance is quite limited. Most of the more recent development has been done by community member John Carver.

Regardless, I wonder if this issue is related to your problems?! Fingers crossed that may be the issue and lead you in the right direction.

Sorry I don't have anything more to add at the moment, but within the next week or 2 I'll try to put aside some time to set up an LXC server so that I can properly test this, and hopefully merge John's code and rebuild the LXC appliance.

Any further feedback you may have would be warmly welcomed.

roller24's picture

So port 80 and 443 was not open on the firewall....  problem solved.. 

 

roller24's picture

Thank for reply Jeremy. I have never had to open these ports before, during many apache webserver setups on linux. perhaps apache2 installs opened them for me. I didn't even think about it until I had success only within the root server. I did a port scan and sure enough the port was blocked. My first setup using nginx certainly has thrown me a learning curve.  A bit humiliating, but Who doesn't love to learn?

 

roller24's picture

Strange.. in webmin, when I checked the firewall, it claimed these ports were accepting tcp .. that was misleading to say the least.

Jeremy Davis's picture

On TurnKey appliances, by default, the firewall should be configured, but not enabled. Did you enable that yourself?

Out of interest, did you resolve it by doing something within Webmin? Or commandline? I'm curious to understand a little more so hopefully I might be a bit more useful to the next user that hits something like this!

Also, it'd be great to hear any further feedback on things that you think might improve the LXC appliance (and/or any of our appliances). It's always really nice to hear when people have positive feedback for us. But in honesty, I find constructive criticism more useful.

roller24's picture

Ok... apparently I did not activate the firewall. on the baremetal install at all. I put in two rules on the cli to open ports 80 and 443, which of course did the trick until I rebooted. I then tried several methods to save them and was getting gateway 502 error.  I was totally unaware that I needed to turn on the firewall, because I opened webmin and saw all the rules, and assumed that it was preconfigured and running, not merely preconfigured. I also assumed that the APPLY CONFIGURATION was to activate alterations if made, and not an initialization. 

once I did activate the rules did engage and I did not have to re-enter the rules.

I also just clicked the ACTIVATE AT BOOT TIME .. and it's spinning madly, with no end in sight.

Okay.. I just clicked away from that page and came back and the boot time seems to have stuck. 

I will now, make a better effort to use the webmin, and carefully read the entire page prior to proceeding.

Pretty sure all the lovely green "accept" in front of rules led me to believe it was up and running. 

 

Jeremy Davis's picture

Ah ok. Although TBH I still don't understand why the port was being blocked in the first place. By default, nothing should be blocked (with the firewall disabled).

TBH, I have considered enabling the firewall by default. Although historically it has always been that way and I am somewhat hesitant to change defaults too much. In the past changes such as that have often been met with disdain from existing users. It's a bit of a balancing act sometimes trying to improve the user experience for new users vs upsetting existing users...

Regardless, I'm really glad to hear that you're now up and running. Good luck with it all and please feel free to offer any further suggestions and input re the appliances.

roller24's picture

I think a bit faster than I type, so I hope that made sense. 

once I did activate the rules did engage and I did not have to re-enter the rules.

means, 

Once I activated the firewall with webmin, the ports opened up and i did not have to enter the rules on the cli to open them, 

roller24's picture

tried to quote myself and came up with a blank post.... hmmm

 

anyway I hope what I said made sense.

Jeremy Davis's picture

Yep all good! :)

Add new comment