docker - Nginx reverse proxy to apache server serving php

Question

i have a nginx installed on the host and apache2 server running in docker with isolated bridge network. Below is my configuration file for nginx, everything works properly accessing http://example.com.

server {
    index index.php index.htm index.html;
    server_name example.com;

    location / {
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_pass http://127.0.0.1:7777;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $remote_addr;
    }
}

But when i install the certificates using certbot --nginx, the new nginx configuration file is created:

server {
    index index.php index.htm index.html;
    server_name example.com;

    location / {
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_pass http://127.0.0.1:7777;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $remote_addr;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name example.com;
    return 404; # managed by Certbot
}

When i access https://example.com with this new configuration file the php files are not executed, like just css and js are not executed, the content of the php files are just exibited. The only way that a solved the issue is adding the add_header Content-Security-Policy upgrade-insecure-requests; line in my configuration file, but this causes slowness and some browsers apparetly do not support this configuration. Any workaround to solve this problem without harm website performance?

question from:https://stackoverflow.com/questions/66065486/nginx-reverse-proxy-to-apache-server-serving-php

Answer 1

Waitting for answers