Docker nginx reverse proxy configuration

Hello all. I just managed to install Mobilizon 3.1.3. via docker with an nginx reverse proxy configuration.

I was wondering if I’m missing anything with my reverse proxy configuration, as some things still look a bit weird, there are some margins missing and some buttons look unstyled (the button to upload an avatar image). As if certain CSS styles are missing. I configured mobilizon to use port 5000.

My nginx config derived from the configuration provided here:

I didn’t specify the location block for the css/js files as the git repo for the docker setup doesn’t seem to provide that (assuming this is coming from the docker image?).

Am I missing something?

server {
  listen 80;
  listen [::]:80;

  include snippets/letsencrypt.conf;
  location / {
    return 301 https://$host$request_uri;

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  ssl_trusted_certificate /etc/letsencrypt/live/; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
  ssl_session_timeout 5m;

  # Add TLSv1.3 if it's supported by your system
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ecdh_curve prime256v1;
  # ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
  ssl_stapling on;
  ssl_stapling_verify on;
  add_header Strict-Transport-Security "max-age=31536000";

  gzip on;
  gzip_disable "msie6";
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;

  # the nginx default is 1m, not enough for large media uploads
  client_max_body_size 16m;

  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

  location / {

  location ~ ^/(media|proxy) {
        etag off;
        access_log off;
        add_header Cache-Control "public, max-age=31536000, immutable";
        proxy_pass http://localhost:5000;

My snippets/letsencrypt.conf does the .well-known/acme-challenge/ stuff:

location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root         /var/www/letsencrypt;


I saw you used for location / whilst you used localhost for location ~ ^(media|proxy)

In the original support/nginx/mobilizon.conf, they are both using localhost.

Am I wrong to say that you changed localhost to in your configuration ?

Maybe doing the same with the other localhost for media and proxy parts…

Good catch, thank you :slight_smile:

I changed both back to localhost. The docker image is listening on something like (:: in ipv6) by default. I could change that to localhost ( or ::1 in ipv6). That way I wouldn’t expose that port publicly and limit communication through the nginx reverse proxy only. But I’m also using IPTables to close ports from the outside.