proxy locations to different container ports

[fflo]

Hey Adrien,

I'm trying to setup a Seafile storage container with my rap proxy.

To be able to upload media files to the Seafile cloud storage system it is necessary to proxy a certain "location /seafhttp" to another port than the rap.port.

example configuration: https://manual.seafile.com/deploy/deploy_with_nginx.html

I have already tried to get it working using a configuration file like this in vhost.d:

location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://[external dns name]:8082;
    client_max_body_size 0;
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;
}

... but RancherActiveProxy fails to start with the following error message in this case:
ranchergen.1 | level=info msg="[nginx -s reload]: \"2017/01/29 01:19:53 [emerg] 110#110: upstream \\\"[external dns name]\\\" may not have port 8082 in /etc/nginx/vhost.d/[domain]:3\""

I think the best solution would be to add additional tags allowing to redirect certain location(s) to other ports of the container.

Do you have a better idea how to fix this?

[fflo]

Update
As a workaround I have created a [rap.host]_location file in vhost.d with the following content:

location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://[external ip address of host running seafile container]:8082;
    client_max_body_size 0;
    proxy_request_buffering off;
    proxy_connect_timeout  1800s;
    proxy_read_timeout  3600s;
    proxy_send_timeout  3600s;
    send_timeout  3600s;
}

Using this workaround requires to publish the Seafile container tcp port 8082 on the host.

Is it possible to add additional tags allowing to redirect certain location(s) to other ports of the container? i.e.:

rap.1.location=/seafhttp
rap.1.port=8082
rap.1.client_max_body_size=0
rap.1.proxy_request_buffering=off

[adi90x]

Hello @fflo ,

Not sure if adding all those tag would be efficient. As it is becoming very specific to a situation.
However, you could use the advanced configuration to do what you are looking for :
rap.host=seafhttp.example.com=>http:8082,www.example.com=>https:80

Wouldn't it be what you want ?
Or you can also use the per-host setup and just use you own server configuration.

[fflo]

Hi Adrien,

that's a good idea.
Basically it means that I've to add an additional subdomain i.e. seaf.[domain] and add that subdomain to the list of rap.le_host.

I'll give it a try the next days and let you know about my results. 👍

[fflo]

Hi Adrien,

thanks for the hint. In principle using the advanced configuration option helps to resolve this issue.

But for whatever reason rancher-active-proxy did not (auto) recreate the let's encrypt san certificate (adding the additional hostnames).
I had to stop rap, move the old certificate out of the path and restart it. After this step the new le certificate has been created three times (path main domain + -0001, -0002). Is there a lock(file) taking care that certbot does not run multiple times in parallel (on multiple instances of rap)?