We're setting up a few applications (Moodle, MediaWiki, Gitlab, etc.) in the following Docker environment:
Nginx is in a container and is serving as a Reverse Proxy to the applications in other containers on the same host. They share MariaDB in one container and openLDAP in another container. The internal DNS name for the Moodle container is: "classrooms".
For the Moodle container, I started with a stock Ubuntu 14.04 container and manually installed required services, then pulled Moodle 3.1 stable using Git. I followed reverse proxy configuration instructions from these two sources:
https://docs.moodle.org/22/en/Reverse_proxy_frontend
https://www.nginx.com/resources/wiki/start/topics/examples/likeapache
The relevant settings in the Moodle config.php are:
$CFG->wwwroot =[removed to avoid triggering the community spam filters. it’s: https : // classrooms .authenticity .ac ]
$CFG->reverseproxy = true;
$CFG->sslproxy = true;
I've noticed that instructions for using a reverse proxy with Moodle 2.X also include this variable: $CFG->loginhttps=1; However, it isn't included in the 3.x config.php file. I've tried with and without: it doesn't seem to make a difference, so this has been left out.
With those settings, I get this error:
“Reverse proxy enabled, server can not be accessed directly, sorry.
Please contact server administrator.”
If I remove the https:// from wwwroot, then I get Moodle without CSS. So, I know that I'm close to having this correct. Any idea why the "correct" setting would not work?
$CFG->wwwroot = 'classrooms.authenticity.ac';
Here's the http configuration for Nginx (I've checked for a trailing space):
server \{
listen 80;
server_name classrooms.authenticity.ac;
set $backend "[removed to avoid triggering the community spam filters]";
set $backendPort "80";
location / \{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $backend:$backendPort;
proxy_set_header X-Forwarded-Server $backend;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $backend;
\}
# return 301 [removed to avoid triggering the community spam filters]; # enforce https
}
And, here’s the https configuration:
server \{
resolver 172.17.42.1;
listen 443 ssl;
server_name classrooms.authenticity.ac;
#ssl_certificate [redacted]
#ssl_certificate_key [redacted]
ssl_certificate [redacted]
ssl_certificate_key [redacted]
set $backend "[removed to avoid triggering the community spam filters: it’s: http : // classrooms]”;
set $backendPort "80";
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $backend:$backendPort;
proxy_set_header X-Forwarded-Server $backend;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $backend;
}
}