I have spantaleev’s matrix ansible playbook running on the same server as swag is running and I would now like to use swag’s nginx to server all the services of the playbook.
For federation to work I need to open port 8448 in addition to 80 and 443, the latter two work just fine, but I cannot get the config right to let swag’s nginx forward port 8448 to the container matrix-nginx-proxy:8448 (however, forwarding ssl traffic to the internal matrix-nginx-proxy:8080 works just fine).
This is my config:
nginx/site-confs/matrix.subdomain.conf
## Version 2021/05/18
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name matrix.unsicher.net;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app matrix-nginx-proxy;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
and I also made an additional file (or could I just put the entire content, thus server block, under the first server block?) for the different port mapping:
nginx/site-confs/matrix-federation.subdomain.conf:
## Version 2021/05/18
server {
# For the federation port
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
server_name matrix.unsicher.net;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app matrix-nginx-proxy;
set $upstream_port 8448;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
My ufw firewall is disabled (as it says by checking sudo status ufw).
When inside the swag container I can curl matrix-nginx-proxy:8448 just fine.
sudo netstat -plan | grep :8448
does not show me any open ports (wheras :80 and :443 are apperantly properly mapped)
Do you have any ideas how to further debug this?