nginx reverse proxying

[h1nk]

I saw some of the alternative instances are hosted behind Apache or nginx. I have had absolutely no success getting libreddit to work with nginx. I've been trying the following configuration to no avail:

server {
    listen 443 ssl http2;
    server_name libreddit.${NGINX_HOST};

    location / {
        set $libreddit http://libreddit:8080;
        proxy_pass $libreddit;
    }
}

I get a bad gateway on each index hit: [error] 34#34: *93 upstream prematurely closed connection while reading response header from upstream

I'm running my instance from Docker and building the image off the latest master commit. The instance is accessible from both containers:

root@nginx:/# curl -I libreddit:8080
HTTP/1.1 200 OK
content-length: 36365
content-security-policy: default-src 'none'; manifest-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none';
content-type: text/html
date: Tue, 16 Feb 2021 20:09:31 GMT
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: DENY

root@libreddit:/usr/src/libreddit# curl -I localhost:8080
HTTP/1.1 200 OK
content-length: 36365
content-security-policy: default-src 'none'; manifest-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none';
content-type: text/html
date: Tue, 16 Feb 2021 20:11:40 GMT
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: DENY

Any help getting this configuration to work would much appreciated.

[spikecodes]

Hey h1nk, thanks for opening this issue! I am not very experienced with Nginx but I'll try to help if I can.

I don't think this is the issue but it might be useful to add this line after the line that starts with listen:

listen [::]:443 ssl http2 default_server;

I saw you enabled TLS support, but did you specify the location of your TLS certificate(s)? You can do so by adding this code block (filling in the paths of the cert and key) after the location / { ... } block:

ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;

Also, I think some other instances use jwilder/nginx-proxy as the reverse proxy which may suit your use case better (I found it to be easier but you may want more manual control).

[JacksonTaylorxyz]

I am also trying to host libreddit behind nginx as a reverse proxy, and am being unsuccessful as well. I am planning on doing something different for SSL (I believe certbot with letsencrypt will work in my case and edit the file for me). Here is what I have:

server {
    server_name libreddit.mysite.com;
    location /{
        proxy_pass http://127.0.0.1:8080;
    }
}

I am receiving the same error from nginx as upstream prematurely closed connection while reading response header from upstream, also running libreddit via docker. I have tried changing the proxy_read_timeout and proxy_connect_timeout to no success either.

[spikecodes]

I think you may need to specify a port to listen on using:

listen 80;

See: https://nginx.org/en/docs/http/request_processing.html

[h1nk]

Port 80 is the implicit default for the listen configuration directive (see https://nginx.org/r/listen)

[h1nk]

The following setup reproduces the issue:

./nginx.conf

events {}

http {
    server {
        location / {
            proxy_pass http://localhost:8080;
        }
    }
}

./docker-compose.yml

version: '3.8'

services:
  nginx:
    image: nginx
    network_mode: host
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
  libreddit:
    image: spikecodes/libreddit
    network_mode: host

$ docker-compose up

...
[error] 21#21: *1 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "localhost"
...

[h1nk]

@spikecodes maybe you could ask the community member you referred to in #16 (comment) what their nginx.conf contains. Perhaps this is an issue with the use of actix in this application. I see this in the actix-web gitter chat but no solution in the reply thread

[ghost]

I just updated the container and now I am getting the upstream error as well.

[spikecodes]

@h1nk Thank you for this useful information! I was able to reproduce the error using the file contents that you provided.

My apologies for not updating the README but Libreddit now uses Tide and no longer Actix Web.
I found this issue reported on Tide's GitHub repository.

Using jbr's adivce, I was able to fix this by simply adding:

proxy_http_version 1.1;

Above the proxy_pass line.

[JacksonTaylorxyz]

That worked on my end. Thanks @spikecodes!

[spikecodes]

Great to hear! 😄 My pleasure!

[somini]

Just got hit with this, changing the proxy HTTP version works.

Maybe mention this on the README, on the Deployment section?

[spikecodes]

Thanks somini, that's a great idea! Just added.