Combination nginx & docker not working

Experience Manager (PaaS/OnPrem)
1

For my client I’m working on BRXM 14.1 with headless setup. Locally everything is running with Apache as reverse proxy, using the default setup (configuration as described here).

Issue description:

However, for our DTAP servers we want to use Docker & Nginx. As we couldn’t get that working out of the box, we are now locally trying to fix this. We can’t get our BR Docker setup, in combination with Nginx, working for CMS. Docker, Nginx & Site combination is working.

Config

We have a default Nginx container with configuration as below and Bloomreacht container with hst:host definitions as below. Here are the most important details of this configuration:

We have been playing with properties hst:defaultport, hst:showcontextpath and hst:showport but nothing seems to work.

If anyone has the answer I would love to hear it. Maybe it is something simple we are overlooking?

Nginx configuration CMS

server {
  listen       80;

  server_name "cms.local.issues.nl";

  location / {

    # Set headers for proxy header rewriting, like ProxyPassReverse in Apache http

    # See http://wiki.nginx.org/LikeApache
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://brxm:8080/cms/;

    proxy_redirect / http://brxm:8080/cms/;
    #proxy_redirect default;
    proxy_cookie_path /cms/ /;

  }

}

Nginx configuration SITE

server {

  listen       80;

  server_name "brxm.local.issues.nl";

  location / {

    # Set headers for proxy header rewriting, like ProxyPassReverse in Apache http

    # See http://wiki.nginx.org/LikeApache
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://brxm:8080/site/;

    proxy_redirect default;
    proxy_cookie_path /site/ /;

  }


}

Docker compose file

version: '3.7'

services:

  nginx:
    image: nginx:stable-alpine
    hostname: 'nginx'
    networks:
      brxm_net:
        aliases:
          - "cms.local.issues.nl"
          - "brxm.local.issues.nl"
          - "frontend.local.issues.nl"
    ports:
      - 10080:80
      - 10443:443
    links:
      - frontend
      - brxm
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/conf.d:/etc/nginx/conf.d

  frontend:
    image: docker-server:5000/frontend:latest
    hostname: 'frontend'
    links:
      - brxm
    networks:
      brxm_net:
    ports:
      - 3000:3000


  brxm:
    image: docker-server:5000/brxm:latest
    hostname: 'brxm'
    ports:
      - 8080:8080
      - 8009:8009
    networks:
      brxm_net:
    environment:
      profile: h2
    volumes:
      - ./tomcat/conf:/usr/local/tomcat/conf

networks:
  brxm_net:

BR hst:host configuration for Site

/hst:myproject/hst:hosts/brxm-local-issues-nl:
  jcr:primaryType: hst:virtualhostgroup
  hst:defaultport: 8080
  /nl:
    jcr:primaryType: hst:virtualhost
    hst:showcontextpath: false
    hst:showport: true
    /issues:
      jcr:primaryType: hst:virtualhost
      /local:
        jcr:primaryType: hst:virtualhost
        /brxm:
          jcr:primaryType: hst:virtualhost
          /hst:root:
            jcr:primaryType: hst:mount
            hst:alias: Particulier
            hst:homepage: root
            hst:locale: nl_NL
            hst:mountpoint: /hst:myproject/hst:sites/particulier
            hst:pagemodelapi: resourceapi
            hst:parameternames: [environment]
            hst:parametervalues: [local-docker]
            hst:responseheaders: ['Access-Control-Allow-Origin: http://localhost:3000','Access-Control-Allow-Credentials: true']

BR hst:host configuration for Site

/hst:platform/hst:hosts/cms-local-issues-nl:
  jcr:primaryType: hst:virtualhostgroup
  hst:defaultport: 8080
  /nl:
    jcr:primaryType: hst:virtualhost
    hst:showcontextpath: false
    hst:showport: true
    /issues:
      jcr:primaryType: hst:virtualhost
      /local:
        jcr:primaryType: hst:virtualhost
        /cms:
          jcr:primaryType: hst:virtualhost
          /hst:root:
            jcr:primaryType: hst:mount
            hst:ismapped: false
            hst:namedpipeline: WebApplicationInvokingPipeline
            hst:showcontextpath: false
            hst:showport: false
2

What is not working exactly for cms? Are you getting infinite redirects? What do the logs for cms say?

3

http://cms.local.issue.nl:10080/
redirects
http://cms.local.issues.nl/cms/?0

We just found out that the url http://cms.local.issue.nl:10080/cms/?0 works. so we need to have the redirect retain the portnumber and all will be fine.

What is strange, is that the CMS host config has the property hst:showcontextpath: false. I don’t expect the redirect to ‘/cms/?0’

4

On first /cms hit cms webapp sends a redirect with a set-cookie header. It deduces the redirect url from your hst platform config. You seem to have hst:showport=false there. It should be true, so that it can send a redirect with the port number intact

5

thanks for your response (again).

Just changed that value, but it made no difference. Any other suggestions?

Request headers initial request (http://cms.local.issues.nl:10080/):

GET / HTTP/1.1
Host: cms.local.issues.nl:10080
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7

Response headers initial request (http://cms.local.issues.nl:10080/):

Server: nginx/1.18.0
Date: Fri, 08 May 2020 13:27:44 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: JSESSIONID=6601A3CB317AAB0F777D0498AC6234DE; Path=/cms; HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store
Location: http://cms.local.issues.nl/cms/?0

Request headers redirect (http://cms.local.issues.nl/cms/?0):

  1. Provisional headers are shown
  2. Upgrade-Insecure-Requests:1
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
6

I thought that would work, I’d debug the following method:
org.hippoecm.hst.util.HstRequestUtils#getCmsBaseURL

public static String getCmsBaseURL(final HttpServletRequest cmsHostServletRequest) {
        final String farthestRequestScheme = HstRequestUtils.getFarthestRequestScheme(cmsHostServletRequest);
        final String farthestRequestHost = HstRequestUtils.getFarthestRequestHost(cmsHostServletRequest, false);

        final HstModel platformHstModel = getPlatformHstModel();

        final ResolvedVirtualHost resolvedCmsHost = platformHstModel.getVirtualHosts().matchVirtualHost(farthestRequestHost);
        if (resolvedCmsHost == null) {
            throw new IllegalStateException(String.format("Could not match cms host '%s' in platform hst model", farthestRequestHost));
        }

        final String cmsLocation;
        final VirtualHost cmsVHost = resolvedCmsHost.getVirtualHost();
        if (cmsVHost.isContextPathInUrl() && isNotEmpty(cmsVHost.getContextPath())) {
            cmsLocation = farthestRequestScheme + "://" + farthestRequestHost + cmsVHost.getContextPath();
        } else {
            cmsLocation =  farthestRequestScheme + "://" + farthestRequestHost;
        }
        return cmsLocation;
    }

The farthest request host variable there should include the port number. But in your case it does not. Can you set up remote debugging within docker and setup breakpoints within this method?

7

I’ll try that and get back to this topic with the results

1 Like