Wrong Configuration with Nginx External Proxy #210
Description
Hello, I hope on your help.
There is a static public ip and several machines behind it.
There is a nginx on 192.168.1.202.
There is an OpenCloud on 192.168.1.206.
I have edited OpenCloud env file to adapt domain settings, specify volumes mapping and set 1000:1000 permissions to mounted dirs.
In Keycloak I have created a new demo user with admin rights.
When I am trying to login in OpenCloud
CSP header issue, to fix it I have added to nginx config
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://keycloak.opencloud.xxx.yyy; img-src 'self' data: w3.org/svg/2000" always;
Then,
After, I have removed nginx CSP header and add to external-proxy/opencloud-exposed.yml and add next snippet to Docker container definitions
extra_hosts:
- "opencloud.xxx.yyy:192.168.1.202"
- "keycloak.xxx.ushakov.yyy:192.168.1.202"
- "wopiserver.xxx.ushakov.yyy:192.168.1.202"
- "collabora.opencxxloud.xxx.yyy:192.168.1.202"
and - it works on not-in-lan devices - but why? I could not test it from-inside LAN? I have specified internal IPs in in-LAN test machine.
then I have started to experiment and got a different results
Main question-problem is: why services setup depends on network setup?
Why in-container hosts specification change behavior of OpenCloud deployment?
If not to specify hosts in containers, on lan-external device I could not login or could not create a document and edit with collabora.
All inter-service communication can and should be done via internal docker networking.