Help setting up nginx proxy with a web container & nginx reversed proxy container

Sorry for making so many threads, but finding it easier for asking for help in each thread. I’ve been working on this for over 24 hours… and I just… well, can’t seem to figure it out.

So rather than explaining my issue. I was wondering if someone could tell me what exactly to put into the reverse proxy container server file, and what to include in the web container nginx server file.

Here’s one of my current nginx proxy server file:

server {
listen 80 proxy_protocol;
listen [::]:80 proxy_protocol;

server_name xxxxxxx;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://ipofthewebcontainer;
}

real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;

listen [::]:443 proxy_protocol ssl ipv6only=on; # managed by Certbot
listen 443 proxy_protocol ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxxxxxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxxxx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy “origin”;

ssl_stapling on;
ssl_stapling_verify on;
}

and the nginx site config I use on the web container that includes my forums:

server {
listen 80 proxy_protocol;
listen [::]:80 proxy_protocol;

server_name xxxxxxx;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://ipofthewebcontainer;
}

real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;

listen [::]:443 proxy_protocol ssl ipv6only=on; # managed by Certbot
listen 443 proxy_protocol ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxxxxxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxxxx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy “origin”;

ssl_stapling on;
ssl_stapling_verify on;
}

Can someone tell me if this is the proper way to do it? And where I have to include any additional nginx server code, such as friendly urls? On the nginx reverse proxy or nginx web container? Trying to learn to make this work… but after working for it for the past 24 hours is getting tiresome.

I’ve been using How to Set Up a Reverse Proxy to Host Websites in LXD | Linode Docs as a guideline. But the guide lacks information on how to properly set up the web container nginx server file as a whole as it only explains the basics and only shows a nginx reverse proxy example file.

I think the purpose of the guide is to explain the LXD-specific aspects of setting up multiple websites in LXD containers.

The proxy container has the task of directing Web requests to the appropriate Web container. You achieve this through the server_name directive. It says there how to add more than one hostnames. You aggregate all the hostnames that relate to a specific Web container.

Then, in the Web container, you create server blocks for each distinct website, as you would normally do when setting up a Web server.

The default case of a single website does not require to make any changes into a Web container. You do not even need to change server_name if you have a single Website, because the default directive will match.

I have multiple websites, all web containers I have thus far are all using port 80. So I only have to include the listen ports (80/443) and server name in the proxy container (and ssl location files) and the rest of the server configuration goes into the web container nginx? Such as friendly url code, and deny ip.

Last time I tried deny IP on the web container, it blocked all users access to all sites, for some reason. While adding it in a server file on the proxy seemed to work.

Just trying to figure out what nginx server code goes on the proxy and what should be on the web container.

I also apologize. The main thread had duplicate nginx block code, which I just now saw.

I have solved it though… I think? Not sure if it is the best way. I use the server listen 80/443 block with the ssl information on the proxy, and use this for example in the web site nginx server file:

server {
listen 80;
server_name website;

    listen 443 ssl http2;
    listen [::]:443 ipv6only=on ssl http2;
    root /var/www/website;

    index index.php index.html index.htm;


    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   HTTP_SCHEME         https;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

}

I have noticed however, if I seperate it the server block so it’ll separate 80 and 443 with eg:

server {
listen 80;
server_name website;
}

server {
listen 443 ssl http2;
listen [::]:443 ipv6only=on ssl http2;
root /var/www/website;

    index index.php index.html index.htm;


    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   HTTP_SCHEME         https;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

}

I am getting a welcome to nginx. How come?