I am currently running Keycloak on Docker at port 8090 and Hesk at port 8088, along with Nginx on the host system to manage traffic routing. My Nginx configuration is set up to redirect and handle SSL for two subdomains, auth.example.de and support.example.de. Here is the Nginx configuration snippet:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name auth.example.de;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name auth.example.de;
ssl_certificate [PATH TO CRT];
ssl_certificate_key [PATH TO KEY];
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name support.example.de;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name support.example.de;
ssl_certificate [PATH TO CRT];
ssl_certificate_key [PATH TO KEY];
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8088;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
In my hosts file, I have overridden the DNS entries for auth.example.com and support.example.com to point to 127.0.0.1. The issue arises when Hesk attempts to connect to auth.example.com for authentication via OIDC but is unable to reach it. My suspicion is that since the DNS resolution returns 127.0.0.1, the request is not routed through the Nginx on the host system, leading to it returning the index page from within its container instead of reaching the Keycloak authentication page.
Has anyone encountered a similar issue, or does anyone have suggestions on how to properly route these internal requests through Nginx to allow container-to-container communication via the host?
Edit: Just to mention I'm on Windows 11 using WSL 2 with Ubuntu as Docker Backend
I fixed it by adding the following entry to /etc/hosts inside of the hesk container:
// host.docker.internal resolves to: 192.168.65.2
192.168.65.2 auth.example.de
Maybe adding extra_hosts in docker-compose.yml would work as well but I didn't tried it yet.