Listmonk email server, running via docker through nginx vhost. Resolves with port at the end but I get a 502 bad gateway error without the port.
fedilink
4
Listmonk email server, running via docker through nginx vhost. Resolves with port at the end but I get a 502 bad gateway error without the port.
fedilink

EDIT: It was a firewall issue. I disabled my firewall and it works.

https://listmonk.app/

The site loads properly on serverIP:5870 and if I change proxy_pass http://127.0.0.1:5870; to proxy_pass http://listmonk.mydomain.com:5870; then it will load on listmonk.mydomain.com:5870. But it gives the 502 error when I visit the site without the port.

If I set proxy_pass http://127.0.0.1:5870; and visit listmonk.mydomain.com:5870 I get:

The connection for this site is not secure
listmonk.mydomain.com sent an invalid response.
[Try running Windows Network Diagnostics](javascript:diagnoseErrors()).
ERR_SSL_PROTOCOL_ERROR

docker-compose.yml:

version: "3.7"

x-app-defaults: &app-defaults
  restart: unless-stopped
  image: listmonk/listmonk:latest
  ports:
    - "5870:9000"
  networks:
    - listmonk
  environment:
    - TZ=Etc/UTC

x-db-defaults: &db-defaults
  image: postgres:13
  ports:
    - "9432:5432"
  networks:
    - listmonk
  environment:
    - POSTGRES_PASSWORD=pw
    - POSTGRES_USER=listmonk
    - POSTGRES_DB=listmonk
  restart: unless-stopped
  healthcheck:
    test: ["CMD-SHELL", "pg_isready -U listmonk"]
    interval: 10s
    timeout: 5s
    retries: 6

services:
  db:
    <<: *db-defaults
    container_name: listmonk_db
    volumes:
      - type: volume
        source: listmonk-data
        target: /var/lib/postgresql/data

  app:
    <<: *app-defaults
    container_name: listmonk_app
    depends_on:
      - db
    volumes:
      - ./config.toml:/listmonk/config.toml
      - ./uploads:/listmonk/uploads

networks:
  listmonk:

volumes:
  listmonk-data:

nginx config:

server {
        listen              443 ssl;
        server_name            listmonk.example.com;

  location / {
     proxy_pass  http://127.0.0.1:5870;
     proxy_set_header   Host            $http_host;
     proxy_set_header   X-Real-IP       $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for; 
    }

}

server {
    listen              80;
    server_name            listmonk.example.com;
      location / {
return 301 https://$host$request_uri;
      }
}
@MaximilianKohler@lemmy.world
creator
link
fedilink
English
11Y

It was a firewall issue. I disabled my firewall and it works.

@MaximilianKohler@lemmy.world
creator
link
fedilink
English
-1
edit-2
1Y

I tried some of the solutions here https://serverfault.com/questions/351212/nginx-redirects-to-port-8080-when-accessing-url-without-slash

proxy_set_header Host $host:$server_port; didn’t seem to change anything.

I also tried

  proxy_pass http://listmonk.example.com:5870/;
  proxy_redirect http://listmonk.example.com:5870/ http://listmonk.example.com/;

Maybe this https://stackoverflow.com/questions/30097334/nodejs-on-nginx-not-working-without-a-port-number-in-the-url is the answer, but I don’t understand it.

@bigredgiraffe@lemmy.world
link
fedilink
English
31Y

the purpose of using nginx is to not have to use the port number in this scenario, the reason it works is because your DNS for that hostname still points to that machine that both containers are running on. Normal DNS A and cname records do not contain port information.

The 502 bad gateway error means that nginx is not able to connect to the upstream host for that hostname, this is where you need to use the port for the other container (5870). Do know that using localhost in docker will not have the results you are expecting, if these are on the same host you can use the name you have configured for the container as the hostname in nginx otherwise use the host IP, in your case it would be http://listmonk_app:5870.

Hope that helps!

@MaximilianKohler@lemmy.world
creator
link
fedilink
English
1
edit-2
1Y

Thanks! I was using 127.0.0.1 because that’s what other people were successfully using: https://github.com/knadh/listmonk/issues/1590#issuecomment-1812399067. I had tried variations of proxy_pass http://app:5870; because I’m running listmonk successfully on another server using proxy_pass http://app:9000;, but that is when nginx is running from inside the docker container:

services:
  db:
    <<: *db-defaults
    container_name: listmonk_db
    volumes:
      - type: volume
        source: listmonk-data
        target: /var/lib/postgresql/data

  app:
    <<: *app-defaults
    container_name: listmonk_app
    depends_on:
      - db
    volumes:
      - ./config.toml:/listmonk/config.toml
      - ./listmonk/uploads:/listmonk/uploads

  nginx:
    image: nginx:mainline-alpine
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    networks:
      - listmonk
    depends_on:
      - app
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

  certbot:
    image: certbot/certbot
    restart: unless-stopped
    container_name: certbot
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    networks:
      - listmonk
    depends_on:
      - nginx
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

I forgot to try proxy_pass http://listmonk_app:5870; though. I just tried that and I got the same error that I get with proxy_pass http://app:5870;.

Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

systemctl status nginx.service
● nginx.service - Centmin Mod NGINX Server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/nginx.service.d
           └─failure-restart.conf, openfileslimit.conf
   Active: failed (Result: start-limit) since Sun 2023-11-26 01:07:52 UTC; 1min 57s ago
  Process: 34289 ExecStop=/bin/sh -c /bin/kill -s TERM $(/bin/cat /usr/local/nginx/logs/nginx.pid) (code=exited, status=0/SUCCESS)
  Process: 18426 ExecReload=/bin/sh -c /bin/kill -s HUP $(/bin/cat /usr/local/nginx/logs/nginx.pid) (code=exited, status=0/SUCCESS)
  Process: 25700 ExecStart=/usr/local/sbin/nginx -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
  Process: 34339 ExecStartPre=/usr/local/sbin/nginx -t (code=exited, status=1/FAILURE)
 Main PID: 25702 (code=exited, status=0/SUCCESS)

Nov 26 01:07:47 centos7test systemd[1]: nginx.service: control process exited, code=exited status=1
Nov 26 01:07:47 centos7test systemd[1]: Failed to start Centmin Mod NGINX Server.
Nov 26 01:07:47 centos7test systemd[1]: Unit nginx.service entered failed state.
Nov 26 01:07:47 centos7test systemd[1]: nginx.service failed.
Nov 26 01:07:52 centos7test systemd[1]: nginx.service holdoff time over, scheduling restart.
Nov 26 01:07:52 centos7test systemd[1]: Stopped Centmin Mod NGINX Server.
Nov 26 01:07:52 centos7test systemd[1]: start request repeated too quickly for nginx.service
Nov 26 01:07:52 centos7test systemd[1]: Failed to start Centmin Mod NGINX Server.
Nov 26 01:07:52 centos7test systemd[1]: Unit nginx.service entered failed state.
Nov 26 01:07:52 centos7test systemd[1]: nginx.service failed.

journalctl -xe
--
-- The result is timeout.
Nov 26 01:08:56 centos7test systemd[1]: Dependency failed for /mnt/HC_Volume_33691542.
-- Subject: Unit mnt-HC_Volume_33691542.mount has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mnt-HC_Volume_33691542.mount has failed.
--
-- The result is dependency.
Nov 26 01:08:56 centos7test systemd[1]: Job mnt-HC_Volume_33691542.mount/start failed with result 'dependency'.
Nov 26 01:08:56 centos7test systemd[1]: Job dev-disk-by\x2did-scsi\x2d0HC_Volume_33691542.device/start failed with result 'timeout'.
Nov 26 01:09:01 centos7test systemd[1]: Started Session 313 of user root.
-- Subject: Unit session-313.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-313.scope has finished starting up.
--
-- The start-up result is done.
Nov 26 01:09:01 centos7test CROND[34567]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Nov 26 01:09:10 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=85.203.42.26 DST= LEN
Nov 26 01:09:35 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=205.185.121.3 DST= LE
Nov 26 01:09:45 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=107.148.82.29 DST= LE
Nov 26 01:09:53 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=62.204.41.118 DST= LE
Nov 26 01:10:01 centos7test systemd[1]: Started Session 314 of user root.
-- Subject: Unit session-314.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-314.scope has finished starting up.
--
-- The start-up result is done.
Nov 26 01:10:01 centos7test systemd[1]: Started Session 315 of user root.
-- Subject: Unit session-315.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-315.scope has finished starting up.
--
-- The start-up result is done.
Nov 26 01:10:01 centos7test CROND[34680]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Nov 26 01:10:01 centos7test CROND[34679]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Nov 26 01:10:11 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=91.92.246.145 DST= LE
Nov 26 01:10:12 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=85.203.42.26 DST= LEN
Nov 26 01:10:21 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=85.209.11.142 DST= LE
Nov 26 01:10:22 centos7test sshd[34734]: Received disconnect from 180.101.88.196 port 14758:11:  [preauth]
Nov 26 01:10:22 centos7test sshd[34734]: Disconnected from 180.101.88.196 port 14758 [preauth]
Nov 26 01:10:40 centos7test kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC= SRC=162.216.150.164 DST=
lines 1377-1425/1425 (END)
@brygphilomena@lemmy.world
link
fedilink
English
21Y

I wrote this a while back. Maybe it can help https://www.reddit.com/r/homelab/comments/arx2qe/tutorial_reverse_proxy_with_nginx/

502 usually means it’s having a hard time hitting the service on the back end. Are you able to access listmonk directly without the reverse proxy? What is the URL I. The browser when you do that?

Is listmonk on the same server as nginx? Is nginx running in a container? If nginx is running in a container, 127.0.0.1 would try to load from inside the nginx container which isn’t where listmonk is. Use the LAN IP address of the docker host listmonk is on instead of 127.0.0.1.

@MaximilianKohler@lemmy.world
creator
link
fedilink
English
11Y

Thanks, I checked out your link. I think my most recent comment below answers some of your questions. https://lemmy.world/comment/5586470

Are you able to access listmonk directly without the reverse proxy? What is the URL I. The browser when you do that?

Besides the info I put in the OP, I’m not sure what else you’re asking.

LAN IP address of the docker host

No idea what this is, so I looked it up https://www.howtogeek.com/devops/how-to-get-a-docker-containers-ip-address-from-the-host/ and ran docker ps then put the container ID at the end of this docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' docker-container-ID. It output an IP address which I used for proxy_pass http://docker-IP:5870;, restarted nginx, and nothing seems to have changed.

@brygphilomena@lemmy.world
link
fedilink
English
11Y

Not the docker container IP. The IP of the machine you are running docker itself on. Nginx is running in a container, it’s not allowed to talk to the other docker container IP directly and it has a separate network stack from the listmonk container, so 127.0.0.1 only goes back to nginx.

Say your machine that you are running docker on is 192.168.0.67, the listmonk docker container is 172.16.0.89, and nginx container has an IP of 172.16.0.34.

Your nginx config would need the proxy to point to 192.168.0.67:5870.

Then make sure you don’t have ufw or some similar firewall blocking the connection from nginx to listmonk.

@MaximilianKohler@lemmy.world
creator
link
fedilink
English
1
edit-2
1Y

Nginx is running in a container

I don’t think it is. On my other machine it’s running in the docker container, but not this one.

Using serverIP:5870 has the same result as using listmonk.mysite.com:5870. It loads a broken page https://i.stack.imgur.com/gIy4A.jpg with broken links. IE: the URLs are http://localhost:9000/subscription/form.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 76 users / day
  • 109 users / week
  • 241 users / month
  • 850 users / 6 months
  • 1 subscriber
  • 1.53K Posts
  • 8.72K Comments
  • Modlog