Skip to content
AIV

Nginx + Docker Reverse Proxy Setup Guide (Production)

This guide provides step-by-step instructions for setting up Nginx as a reverse proxy for AIV running in Docker containers.

1. Architecture

Internet -> Nginx (80/443) -> Docker (127.0.0.1:8080) -> App (/aiv)

2. Install

Update your system and install required packages:

sudo apt update
sudo apt install nginx docker.io docker-compose certbot python3-certbot-nginx -y

3. Application Configuration

To ensure the application correctly interprets forwarded headers (for SSL and IP tracking), add the following property in your <location>/aiv/repository/econfig/application.yml:

server:
   forward-headers-strategy: native

4. DNS Check

Ensure your domain points to your server IP:

nslookup xxxx.com

5. Nginx Site Management

In Nginx, configurations are created in sites-available and then “enabled” by creating a symbolic link to sites-enabled.

Create the configuration

Create the file /etc/nginx/sites-available/aiv (see Section 6 for content).

Enable the site

sudo ln -s /etc/nginx/sites-available/aiv /etc/nginx/sites-enabled/

Disable the default site (Optional)

If the default Nginx page interferes with your domain, disable it:

sudo unlink /etc/nginx/sites-enabled/default

Test and Restart

sudo nginx -t
sudo systemctl restart nginx

6. Nginx Config

Create the configuration file at /etc/nginx/sites-available/aiv.conf

Note: Replace xxxx.com with your actual domain.

server {
    listen 80;
    server_name xxxx.com;

    # Redirect all HTTP traffic to HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name xxxx.com;

    # SSL Certificates (Managed by Certbot)
    ssl_certificate /etc/letsencrypt/live/xxxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxx.com/privkey.pem;

    # Proxy Settings for AIV
    location /aiv/ {
        proxy_pass http://127.0.0.1:8080/aiv/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Optimization for file uploads
        client_max_body_size 100M;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

7. SSL Setup

Use Certbot to obtain and automatically configure SSL:

sudo certbot --nginx -d xxxx.com

Test auto-renewal:

sudo certbot renew --dry-run

8. Verification Commands

Nginx Status

sudo nginx -t
sudo systemctl status nginx

Port Check

sudo ss -tulpn | grep -E ':80|:443'

Backend Check (Internal)

curl -I http://127.0.0.1:8080/aiv/

9. Common Issues & Fixes

(1) 502 Bad Gateway

Cause: Nginx cannot reach the Docker container.

Fix:

  • Check if Docker is running: docker ps
  • Ensure the port in proxy_pass (8080) matches your docker-compose.yml mapping.

(2) 413 Request Entity Too Large

Cause: You are trying to upload a file larger than Nginx’s default limit.

Fix: Increase client_max_body_size in the Nginx config (as shown in Section 6).

(3) Mixed Content / CSS not loading

Cause: The app thinks it is running on HTTP while the user is on HTTPS.

Fix:

  • Ensure X-Forwarded-Proto $scheme is in the Nginx config.
  • Ensure forward-headers-strategy: native is in the AIV application.yml.

10. Final Working Flow

User -> https://xxxx.com/aiv/
Nginx -> (Terminates SSL, adds Headers) -> Proxy
Docker -> http://127.0.0.1:8080/aiv/
App -> (Processes request) -> Response