Comments (8)
SchoNie
commented on June 18, 2024
Those changes were already merged in build: update template for nginx 1.25.1
You could see those deprecation error 1 time after starting the updated container, but after the first re-create it should be gone.
from nginx-proxy.
buchdag
commented on June 18, 2024
@Snoobz as @SchoNie explained this should have already been taken care of and you should not see those messages.
Could you send us your full rendered nginx config using:
$ docker exec -t yourproxycontainer nginx -Tfrom nginx-proxy.
Snoobz
commented on June 18, 2024
Hello @buchdag,
Per requested, here is the output of the command you asked me to run 👍
2023/07/18 16:43:33 [warn] 121#121: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:61
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:61
2023/07/18 16:43:33 [warn] 121#121: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:96
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:96
2023/07/18 16:43:33 [warn] 121#121: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:142
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:142
2023/07/18 16:43:33 [warn] 121#121: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:188
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:188
2023/07/18 16:43:33 [warn] 121#121: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:232
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:232
2023/07/18 16:43:33 [warn] 121#121: protocol options redefined for 0.0.0.0:443 in /etc/nginx/conf.d/XXXX.conf:3
nginx: [warn] protocol options redefined for 0.0.0.0:443 in /etc/nginx/conf.d/XXXX.conf:3
2023/07/18 16:43:33 [warn] 121#121: conflicting server name "_" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "_" on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
XXXX_log /var/log/nginx/XXXX.log main;
sendfile on;
#tcp_nopush on;
server_tokens off;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
#For NextXXXX allow the max size file uploXXXX
client_max_body_size 1G;
}
daemon off;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreXXXXsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/default.conf:
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_proto
map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$upstream_addr"';
XXXX_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_heXXXXer Host $http_host;
proxy_set_heXXXXer Upgrade $http_upgrade;
proxy_set_heXXXXer Connection $proxy_connection;
proxy_set_heXXXXer X-Real-IP $remote_addr;
proxy_set_heXXXXer X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_heXXXXer X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_heXXXXer X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_heXXXXer X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
server_tokens off;
listen 80;
XXXX_log /var/log/nginx/XXXX.log vhost;
return 503;
}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
server_tokens off;
listen 443 ssl http2;
XXXX_log /var/log/nginx/XXXX.log vhost;
return 503;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# XXXX.XXXX.com
upstream XXXX.XXXX.com {
## Can be connected with "proxy-web" network
# XXXX
server 172.18.0.2:8080;
# Fallback entry
server 127.0.0.1 down;
}
server {
server_name XXXX.XXXX.com;
listen 80 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name XXXX.XXXX.com;
listen 443 ssl http2 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
# Only allow traffic from internal clients
include /etc/nginx/network_internal.conf;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/XXXX.XXXX.com.crt;
ssl_certificate_key /etc/nginx/certs/XXXX.XXXX.com.key;
ssl_dhparam /etc/nginx/certs/XXXX.XXXX.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/XXXX.XXXX.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://XXXX.XXXX.com;
}
}
# XXXX.XXXX.com
upstream XXXX.XXXX.com {
## Can be connected with "proxy-web" network
# XXXX
server 172.18.0.8:80;
# Fallback entry
server 127.0.0.1 down;
}
server {
server_name XXXX.XXXX.com;
listen 80 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name XXXX.XXXX.com;
listen 443 ssl http2 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
# Only allow traffic from internal clients
include /etc/nginx/network_internal.conf;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/XXXX.XXXX.com.crt;
ssl_certificate_key /etc/nginx/certs/XXXX.XXXX.com.key;
ssl_dhparam /etc/nginx/certs/XXXX.XXXX.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/XXXX.XXXX.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://XXXX.XXXX.com;
}
}
# XXXX.XXXX.com
upstream XXXX.XXXX.com {
## Can be connected with "proxy-web" network
# XXXXXXXX
server 172.18.0.7:80;
# Fallback entry
server 127.0.0.1 down;
}
server {
server_name XXXX.XXXX.com;
listen 80 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name XXXX.XXXX.com;
listen 443 ssl http2 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/XXXX.XXXX.com.crt;
ssl_certificate_key /etc/nginx/certs/XXXX.XXXX.com.key;
ssl_dhparam /etc/nginx/certs/XXXX.XXXX.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/XXXX.XXXX.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/XXXX.XXXX.com;
location / {
proxy_pass http://XXXX.XXXX.com;
}
}
# XXXX.XXXX.com
upstream XXXX.XXXX.com {
## Can be connected with "proxy-web" network
# XXXX
server 172.18.0.6:443;
# Fallback entry
server 127.0.0.1 down;
}
server {
server_name XXXX.XXXX.com;
listen 80 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name XXXX.XXXX.com;
listen 443 ssl http2 ;
XXXX_log /var/log/nginx/XXXX.log vhost;
# Only allow traffic from internal clients
include /etc/nginx/network_internal.conf;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/XXXX.XXXX.com.crt;
ssl_certificate_key /etc/nginx/certs/XXXX.XXXX.com.key;
ssl_dhparam /etc/nginx/certs/XXXX.XXXX.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/XXXX.XXXX.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://XXXX.XXXX.com;
}
}
# configuration file /etc/nginx/network_internal.conf:
# Only allow traffic from internal clients
allow 10.0.1.0/24;
allow 10.0.2.0/24;
allow XX.XX.XX.XX;
# Deny all other IPs (LAN and WAN)
deny all;
# configuration file /etc/nginx/vhost.d/default:
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
# configuration file /etc/nginx/vhost.d/XXXX.XXXX.com:
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
location ^~ /.well-known {
# The rules in this block are an XXXXaptation of the rules
# in the XXXXXXXX `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location = /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
location = /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
# Let XXXXXXXX's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /XXXXXXXX/index.php$request_uri;
}
# configuration file /etc/nginx/conf.d/XXXX.conf:
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl;
http2 on;
XXXX_log /var/log/nginx/XXXX.log vhost;
return 503;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# XXXX.XXXX.com
upstream XXXX.XXXX.com {
## Can be connected with "proxy-web" network
# XXXX XXXX
server 10.0.1.201:443;
}
server {
server_name XXXX.XXXX.com;
listen 443 ssl;
http2 on;
XXXX_log /var/log/nginx/XXXX.log vhost;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass https://XXXX.XXXX.com;
}
}
I have masked personal informations by XXXX.
For your information, I have of course the default.conf file but the container is also using another personal XXXX.conf file which was created and is maintained by myself (so that is why you see the http2 on; well written for this configuration part of the output provided.
If you need more information, feel free to ask.
Thank you!
Regards,
Raphaël
from nginx-proxy.
SchoNie
commented on June 18, 2024
Your default.conf seems to be generated from an outdated template file.
The first line should be something like: # nginx-proxy version : 1.3.1-34-gc430825 chore: Move version comment to the top of the template merged Jan 29.
And it should also have a lot of debug comments because feat: Unconditionally produce debug comments was merged on Jan 18
Both things are missing from your output which supects me you are using an old template.
Do you maybe have the template file bind mounted? Can you post your docker-compose file so we can check?
from nginx-proxy.
Snoobz
commented on June 18, 2024
Hello,
Here is the docker-compose.yml file content :
version: '2'
services:
nginx-proxy:
image: nginxproxy/nginx-proxy:latest
hostname: nginx-proxy
restart: unless-stopped
container_name: nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- nginx-certs:/etc/nginx/certs
- nginx-vhostd:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
- nginx-conf:/etc/nginx
- nginx-app:/app
networks:
default:
ipv4_address: 172.18.0.150
letsencrypt:
image: nginxproxy/acme-companion:latest
hostname: letsencrypt
restart: unless-stopped
container_name: letsencrypt
volumes_from:
- nginx-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- acme:/etc/acme.sh
- letsencrypt-app:/app
environment:
- [email protected]
volumes:
acme:
nginx-certs:
nginx-vhostd:
nginx-html:
nginx-certs:
nginx-conf:
nginx-app:
letsencrypt-app:
networks:
default:
external:
name: proxy-web
Thanks for the help!
Regards,
Raphaël
from nginx-proxy.
SchoNie
commented on June 18, 2024
Yes the problem is in the nginx-app:/app mount. Nginx-proxy is using the template from /app/nginx.tmpl which in your case is a volume containing an old version ignoring the updated template from the latest build.
Can you comment or remove nginx-app:/app and nginx-app: (from the volumes section) from the docker compose file and re-create the container?
from nginx-proxy.
Snoobz
commented on June 18, 2024
Hello,
This indeed solved the problem.
I did a docker-compose stop && docker-compose rm
Then edited the docker-compose.yml, commented the nginx-app:/app and nginx-app:, then restarted the container with docker-compose up -d and after that now new errors in the docker logs!
I also checked the configuration using the command provided earlier (docker exec -t yourproxycontainer nginx -T) and the syntax is now correct!
Thanks for the help!
We can close this case!
Regards,
Raphaël
from nginx-proxy.
SchoNie
commented on June 18, 2024
You are welcome! You can close this issue yourself if completed.
from nginx-proxy.
Related Issues (20)
- phpipam + nginx-proxy = connection refused
- Broken testcase test/test_host-network-mode/test_host-network-mode.py HOT 1
- SSH Certificates will Not Update HOT 1
- HTTP/2 Rapid Reset Attack HOT 2
- Unable to download python requirements for testing HOT 1
- default.conf config file formatting corrupted and hardly readable (nginx -T) HOT 1
- Issue with Bookstack urls being re-written to http not https HOT 2
- 403 Forbidden error when serving static site HOT 1
- Cannot reach container in IPv6 network HOT 4
- Regression in Behavior with Fix #2186 Affecting SSL Connections HOT 9
- "daemon" directive is duplicate in /etc/nginx/nginx.conf error HOT 3
- connect() failed (111: Connection refused) while connecting to upstream HOT 2
- vhost.d for http part
- 502 Bad Gateway & Upstream connection refused HOT 7
- host header does not include port number HOT 2
- `nginx-proxy` pass converting `%1C` to pipe `|` HOT 1
- 405 (cors error) on specific location
- The server connection via port 443 fails when using PHP 8.1 or above HOT 2
- Error 500 On Service Start
- htpasswd folder doesn't work anymore / no basic auth HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-proxy.