Hi, I am trying to use nginx to expose multiple endpoints for my services running on balenaOS. My nginx.conf file is:
server {
listen 80 default_server;
server_name localhost;
}
}
Hitting the root (’/’) location over the public URL works as intended and I get my app running on 3080. However, hitting the /gateway/ endpoint forwards to http, which of course gets blocked as mixed-origin content. See image below:
In my docker-compose I have everything running as network_mode “host” right now for testing. Any ideas how to keep using https on this other endpoint?
https is a secure connection achieved with a certificate (click the padlock in your browser while on the forums here and you will see Balena’s certificate allowing your secure connection). They are gained by using things like Let’s Encrypt (can Google it) to generate a certificate that can be validated. The validation tends to depend on internet access and re-generating the certificate every 90 days (unless you pay for it). For this reason, https on a device like a Balena IoT device is probably not what you are looking for. Especially as you are likely using it locally and not over the internet, so the benefits aren’t really there.
The cross origin issue is likely a security policy on NGINX and/or your app, which stops you working across domains (i.e. http://one.local to http://two.local). If the two paths are on the same domain (I.e. http://one.local/one and https://one.local/two) it will probably go through. Otherwise, try Googling how to disable CORS.
Hard to add much more without knowing more details on the setup.
P.S.
This isn’t really a Balena related issue or question. Doesn’t mean it can’t be posted here necessarily, but probably explains the radio silence from the Balena team, it’s more a community question.
EDIT:
Looking at it again I see the Balena URL you are referring to, so maybe a lot of the above isn’t valid. Hopefully of some help though, worth exploring the CORS. I don’t see any reason why that wouldn’t work using a reverse proxy as you are. Also take a look at the server name and try making it a catch all rather than localhost, so it knows it is listening on the web address specified: Server names
If still struggling would be helpful to see the docker-compose files and NGINX files.
Thanks Maggie! I was able to get the behavior I was looking for by using bridge networking instead of host. This way the various endpoints that nginx proxies are still https. I don’t quite understand why this fixed the issue but at least it’s working
