Hello,

The YAML file is as follows:

services: nginx: container_name: Nginx build: context: /home/containers/nginx dockerfile: Dockerfile ports: - '80:80' - '443:443' volumes: - /home/containers/nginx/nginx.conf:/etc/nginx/nginx.conf - "/var/run/docker.sock:/var/run/docker.sock" links: - user depends_on: - user user: container_name: User hostname: User build: context: /home/containers/user dockerfile: Dockerfile expose: - "3000" ports: - "3000:3000" environment: - PORT=3000 volumes: - /home/containers/user:/usr/src/app - "/var/run/docker.sock:/var/run/docker.sock" command: npm start

The Node.js is running on port 3000 and the Nginx configuration file is as follows:

user www-data; worker_processes auto; worker_cpu_affinity auto; pid /run/nginx.pid; pcre_jit on; events { worker_connections 16384; multi_accept on; use epoll; } worker_rlimit_nofile 33268; http { access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; server { server_name _; listen 80; # listen [::]:443 ssl default_server; # listen 443 ssl default_server; error_log /var/log/nginx/error.system-default.log; access_log /var/log/nginx/access.system-default.log; charset utf-8; return 403; # ssl_certificate /etc/ssl/certs/ssl.pem; # ssl_certificate_key /etc/ssl/private/ssl.key; location / { proxy_pass http://User:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } server_names_hash_bucket_size 64; include /etc/nginx/mime.types; default_type application/octet-stream; # root /var/www/empty-webroot/; resolver 127.0.0.53; resolver_timeout 60s; # include /etc/nginx/conf.d/*.conf; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ecdh_curve X25519:X448:secp256r1:secp384r1:secp521r1:sect571r1; # ssl_session_timeout 1d; # ssl_session_cache shared:SSL:50m; # ssl_session_tickets off; # ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-> # ssl_prefer_server_ciphers on; # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # ssl_stapling on; # ssl_stapling_verify on; # ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; server_tokens off; proxy_hide_header X-Powered-By; proxy_hide_header X-AspNet-Version; proxy_hide_header X-AspNetMvc-Version; proxy_hide_header X-Runtime; proxy_hide_header X-Redirect-By; # more_set_headers "Server : "; # more_set_headers "X-XSS-Protection : 0"; # more_set_headers "X-Content-Type-Options : nosniff" # more_set_headers "X-Download-Options : noopen"; # more_set_headers "X-Permitted-Cross-Domain-Policies : none" gzip on; gzip_min_length 1499; gzip_disable "msie6"; gzip_vary on; gzip_static on; gzip_proxied any; gzip_comp_level 4; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml image/bmp image/svg+xml image/x-icon font/opentype text/cache-manifest text/css text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml application/xml+rss; limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m; limit_conn limit_per_ip 130; limit_req_zone $binary_remote_addr zone=allips:10m rate=500r/s; limit_req zone=allips burst=400 nodelay; limit_req_status 429; limit_conn_status 429; open_file_cache max=5000 inactive=240s; open_file_cache_valid 60s; open_file_cache_min_uses 5; open_file_cache_errors off; client_max_body_size 20M; client_header_buffer_size 5k; large_client_header_buffers 2 2k; client_body_buffer_size 32k; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 10; send_timeout 10; # sendfile on; tcp_nopush on; tcp_nodelay on; }

I got following error:

# curl localhost:80 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>nginx</center> </body> </html>

The log file is as follows:

# cat access.system-default.log 172.21.50.67 - - [01/Jun/2024:07:37:22 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.21.50.67 - - [01/Jun/2024:07:37:22 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET / HTTP/1.1" 403 548 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.21.50.67 - - [01/Jun/2024:07:37:23 +0000] "GET /favicon.ico HTTP/1.1" 403 548 "http://172.20.2.103/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 172.18.0.1 - - [01/Jun/2024:07:37:41 +0000] "GET / HTTP/1.1" 403 146 "-" "curl/7.88.1"

Where is the configuration wrong?

Thank you.