Search code examples
spring-bootdocker-composereverse-proxylets-encryptduck-dns

Use Linuxserver's Swag as reverse proxy for SpringBoot application in docker compose

I am currently experimenting with making my SpringBoot application publicly available from my Pi and found myself in the following situation:

  • I have reserved a domain from DuckDns and have the docker image running to update my ip.
  • I have my spring application running in a docker container:
version: "3"

services:
  my-app:
    container_name: my-app
    image: my-app:latest
    restart: unless-stopped
    ports:
      - "8080:8080"
    env_file:
      - .env
    networks:
      - postgres
      - swag

networks:
  postgres:
    external:
      name: postgres-network
  swag:
    external:
      name: swag-network
  • I have Swag running in docker. It creates the "swag" network used in the previous docker-compose. I chose this tool, because it both handles creating the certificate with Let's Encrypt and provides the possibility to setup a reverse proxy. I am not sure though if i really need this tool, or if it's too much.
version: "2.1"
services:
  swag:
    image: linuxserver/swag:arm64v8-1.32.0
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - URL=my-domain.duckdns.org
      - SUBDOMAINS=wildcard
      - VALIDATION=duckdns
      - DUCKDNSTOKEN=my-token
    volumes:
      - ./config:/config
    ports:
      - 443:443
    restart: unless-stopped
    networks:
      - swag

networks:
  swag:
    name: swag-network
  • And last but not least the reverse proxy needs to be configured in "config/nginx/proxy-confs/my-domain.subdomain.conf"
server {
    listen 443 ssl;
    server_name my-domain.duckdns.org;

    location / {
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://my-app:8080;
        proxy_redirect off;
    }
}

But i am unable to connect to the application using my domain.

My questions:

  • Do i need to add some https specific config inside the SpringBoot application, or if it's all handled outside of it. For example using port 443, not 8080
  • I am very inexperienced with proxies and public availability, so any tips would be greatly appreciated.
    • Is the concept here right?
    • Is the execution right?
    • Is there a smarter/better-practice way to do this?
Solution

  • It turns out that I put the proxy config in the wrong place. To set it globally, I needed to place it in this file:

    config/nginx/site-configs/default.conf