Swag's ngix does not open port 8448

I have spantaleev’s matrix ansible playbook running on the same server as swag is running and I would now like to use swag’s nginx to server all the services of the playbook.

For federation to work I need to open port 8448 in addition to 80 and 443, the latter two work just fine, but I cannot get the config right to let swag’s nginx forward port 8448 to the container matrix-nginx-proxy:8448 (however, forwarding ssl traffic to the internal matrix-nginx-proxy:8080 works just fine).

This is my config:

nginx/site-confs/matrix.subdomain.conf

## Version 2021/05/18

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name matrix.unsicher.net;

    include /config/nginx/ssl.conf;
    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app matrix-nginx-proxy;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

and I also made an additional file (or could I just put the entire content, thus server block, under the first server block?) for the different port mapping:

nginx/site-confs/matrix-federation.subdomain.conf:

## Version 2021/05/18

server {
    # For the federation port
    listen 8448 ssl http2;
    listen [::]:8448 ssl http2;

    server_name matrix.unsicher.net;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app matrix-nginx-proxy;
        set $upstream_port 8448;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

My ufw firewall is disabled (as it says by checking sudo status ufw).
When inside the swag container I can curl matrix-nginx-proxy:8448 just fine.
sudo netstat -plan | grep :8448 does not show me any open ports (wheras :80 and :443 are apperantly properly mapped)

Do you have any ideas how to further debug this?

can you share your swag compose

1 Like

I found the error: I did not put the port in the docker-compose, after adding it it finally worked!

For anyone else later landing here:
it is also important to put the .well-known location proxy in the /site-confs/default file:

 location /.well-known/matrix {
        proxy_pass https://matrix.yourserver.net/.well-known/matrix;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

for federation to work, when working on the base domain (so it does not go in the proxy-conf files).

Yes, I assumed this would be the case, hence asking for the compose :slight_smile:

glad you sorted it.

1 Like