Nginx config? about docker-mkvtoolnix HOT 16 CLOSED

Yes, I will fix this!

from docker-mkvtoolnix.

Fixed in the latest image :)

from docker-mkvtoolnix.

Websocket needs to be proxied:

map $http_upgrade $connection_upgrade {
	default upgrade;
	''      close;
}
server {
        [...]
	location /websockify {
		proxy_pass http://mkvtoolnix.mywebsite.com:5900;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		proxy_read_timeout 86400;
	}
}

But unless you are using Nginx to proxy multiple thing, a much easier way is to enable the Secure connection. All you need to do then is to provide your certificates and forward the correct port on your router.

from docker-mkvtoolnix.

Yes I'm reverse proxying quite a few docker containers.
That said, I still couldn't make the proxying work with the addition config you provided.

Also I'm a bit confused on the
proxy_pass http://mkvtoolnix.mywebsite.com:5900; line. Isn't port 5900 for VNC? In this case the access would be through the browser. From your documentation, port 5900 is optional if VNC isn't used.

Just to be clear, that's the final mkvtoolnix.conf with your added configs that I've used:

map $http_upgrade $connection_upgrade {
	default upgrade;
	''      close;
}

server {
 listen 80;
 return 301 https://$host$request_uri;
 server_tokens off;
}

server {
 listen 443 ssl http2;
 server_tokens off;
 server_name mkvtoolnix.mywebsite.com;
 ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
 ssl_session_cache shared:SSL:50m;
 ssl_session_timeout 30m;
 ssl_protocols TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
 ssl_ecdh_curve secp384r1;
 ssl_session_tickets off;
 ssl_stapling on;
 ssl_stapling_verify on;
 resolver 8.8.8.8 8.8.4.4 valid=300s;
 resolver_timeout 5s;
 ssl_dhparam /etc/nginx/ssl/dhparam.pem;
 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;

 location / {
        proxy_pass http://127.0.0.1:5800;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }
 location /websockify {
	proxy_pass http://mkvtoolnix.mywebsite.com:5900;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_read_timeout 86400;
 }
}

from docker-mkvtoolnix.

Yes, port 5900 is the VNC port and it accepts websocket connections. The websocket connection is initiated by the web browser.

The container already contains a running nginx instance, which forwards websocket connections to the internal vnc server. Thus, in this configuration, the VNC port is not needed from an external point of view.

However, since you are using your own nginx instance, you need to replicate what's done by the container. And since your nginx instance is outside the container, the VNC port of the container needs to be accessible externally.

I don't have all the details of your network, but instead of http://mkvtoolnix.mywebsite.com:5900, you could try http://127.0.0.1:5900, like the config for the web interface. In summary, the address you put there should reach the container. You can verify with a VNC client that port 5900 is working.

from docker-mkvtoolnix.

After looking more closely to the error shown in your screen shot, could you try to connect using:

https://mkvtoolnix.mywebsite.com:443

If this doesn't work, try:

https://mkvtoolnix.mywebsite.com?port=443

from docker-mkvtoolnix.

https://mkvtoolnix.mywebsite.com:443 didn't work
but https://mkvtoolnix.mywebsite.com/?port=443 does work!

Anyway to make it work with just https://mkvtoolnix.mywebsite.com ? It must be possible to have the ?port=443 portion be automatically added. I know this is more of a pure Nginx question at this point, which if you can't help with it's no problem.

from docker-mkvtoolnix.

Thanks a lot for the help!

from docker-mkvtoolnix.

Hi, I'm sorry to comment here but there is things I struggle to understand.

I'm on a Synology NAS and try to get it worked with reverse proxy, the part I should add is on the synology nginx conf or in nginx of the docker ?

from docker-mkvtoolnix.

You need to adjust the nginx config on your Synology (i.e. the config of your reverse proxy).

from docker-mkvtoolnix.

Ok thanks, that's what I thought but when I edited the conf I still get server disconnected, I might have done something wrong. Thanks again

from docker-mkvtoolnix.

Make sure to read this: https://github.com/jlesage/docker-mkvtoolnix#reverse-proxy

from docker-mkvtoolnix.

Yep I've copy/paste the content in my nginx conf.

Should I put something instead of the '[...]' ? I just removed it.

from docker-mkvtoolnix.

The [...] is just to indicate that you may have to integrate with your existing config. So yes, just remove it.

from docker-mkvtoolnix.

Ok that's weird even with that, it says disconnected...

I attached my nginx.conf if you have time to take a look.

I will investigate more this afternoon but maybe you will see something I missed...

By the way thanks for the support and the great idea of this project ;)

from docker-mkvtoolnix.

Nothing obvious, but make sure to clear your browser's cache when trying new config.

from docker-mkvtoolnix.