Cocalc Docker behind nginx

[Ingo Dahn]

Has anybody succeeded in accessing a cocalc docker container through nginx?

Since nginx listens on port 443 I have to launch the cocalc docker with -p SomeNewPort:443. It launches without error.

With a docker proxy rule redirecting requests to / to SomeNewPort I get a "502 Bad Gateway" Error from nginx.

But in the same way I can successfully access a container build from nginxdemos/hello. That container exposes only port 80, which I can map to SomeNewPort and nevertheless get a secure connection to the container since my server turns any http connection to https.

The CoCalc container exposes ports 443 and 80, but maps 80 to nothing. When I map it's 80 to SomeNewPort, I get a "too many redirects" error.

There are no error messages in the nginx logs and the cocalc console output doesn't show any sign of activity after launch.

[William Stein]

Hi,

It seems like you're asking me to make port 80 map to an unencrypted
version of the CoCalc server. I'm reluctant to do this by
default, since it will cause a lot of confusion, since if you try to
use cocalc via an unencrypted connection the browser will I think
refuse to store certain (secure) cookies which silently and subtly
breaks things. However, I could add this as a command line
option when starting cocalc-docker.

If this is what you want, can you make a github issue for it?

William

> --
> CoCalc: Collaborative Calculation in the Cloud -- https://cocalc.com
> ---
> You received this message because you are subscribed to the Google Groups "CoCalc" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cocalc+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cocalc/ecb41499-dea3-45e6-9f70-dbf5a99eb55c%40googlegroups.com.



--

Best Regards,
William Stein

CEO, SageMath, Inc.
https://cocalc.com

[Charles Taylor]

I got this working today using the `-p SomeNewPort:443` method you mention. The 80/443 port thing is a red herring, there's no need to involve port 80 at any point. Try an nginx setup like this:

docker run --name=cocalc -d -v ~/cocalc:/projects -p 9090:443 sagemathinc/cocalc
 

In your nginx sites-available folder, create a file like the following called e.g. mycocalc:

server {
    server_name mycocalc.com;

    location / {
        include proxy_params;
        # push traffic through the proxy to the port you mapped above, in this case 9090, on the localhost:
        proxy_pass https://localhost:9090/;

        # this enables proxying for websockets, which cocalc uses extensively:
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
    listen 443 ssl;
}

It's worth mentioning the docker image takes a little time to warm up - if you try to access it before it's ready, it won't work.

And just to be sure - you're starting the docker image with something like `docker start cocalc`, right?

[Ingo Dahn]

I tried that and still  get 502 Bad Gateway from nginx.

Here is what I did:

As it did not exist I sudo-created /etc/nginx/sites-available (Note: I am successfully running already another docker container under a different subdomain. I administer my docker images from the Plesk server administration software, perhaps Plesk stores its configuration in a different place? Cf. https://docs.plesk.com/en-US/obsidian/administrator-guide/web-servers/apache-and-nginx-web-servers-linux/apache-and-nginx-configuration-files.68678/)

I sudo-created the in that place a file with the content you gave (using a different port).

I sudo-run the cocalc docker from the command line using the command you gave.

Plesk detected the image was running and reported the mapping MyPort-> 443, 80-> ''

Using Plesk I activated for my cocalc subdomain the rule mapping 443 to MyPort.

After 30 Minutes I still get 502 Bad Gateway