I’m having an issue trying to proxy request from my server to my Digital Ocean App Platform application.
I have a .NET 6 app running in a Docker container on Digital Ocean App Platform. This is running fine. I can successfully hit my API from my REST client using the domain given to my app by App Platform.
What I’m trying to do now is add an entry to my server running Nginx to proxy requests from my domain to the application on App Platform.
This is my initial Nginx configuration.
server {
listen 443 ssl;
server_name ~^(?<subdomain>[w-]+).mydomain.com$ mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
location /api {
proxy_pass https://my-app-platform-app.ondigitalocean.app;
proxy_http_version 1.1;
}
}
This initial config works fine, my api receives the request but the Host header of the request in my docker container is the Digital Ocean App Platform assigned domain (my-app-platform-app.ondigitalocean.app) but want my domain from my proxy server (mydomain.com) as the Host header. So what I did was set the Host header with proxy_set_header in my Nginx config like below.
server {
listen 443 ssl;
server_name ~^(?<subdomain>[w-]+).mydomain.com$ mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
location /api {
proxy_set_header Host $host;
proxy_pass https://my-app-platform-app.ondigitalocean.app;
proxy_http_version 1.1;
}
}
Now when I try to access my API from mydomain.com/api I get a 403 Permission Denied – Cloudflare error. I believe this is coming from the Digital Ocean App Platform and not my proxy server but not sure how to find the root cause.
Has anyone encountered this issue with Digital Ocean App Platform, or know what I’m doing wrong?
Thank you.
2
Answers
Update
I was unable to find a solutions to the original error with the 403 Permission Denied Cloudflare error. I posted on the Digital Ocean Community board but didn't have any luck there either. There isn't much details as to why Cloudflare is returning the 403 (returns a blank white page with 403 error, no details) nor could I find anything in Digital Ocean. I did find one questions on the Digital Ocean Community board with the same error but there wasn't any solution for it either.
I figured I'd post a temporary solution that I'm using as a workaround until I can troubleshoot this further. Instead of setting the
Hostheader I simply just added a new custom headerX-Hostand set it to$host. This gets passed properly to my API running in a docker container.In my .NET 6 app I check for the
X-Hostheader first to see if it's set and use theHostheader as a fallback if it isn't.My Nginx config looks like this now...
If this is a CORS request you might have to setup a CORS policy in Digital Ocean. You can follow their guide below for setting that up.
https://docs.digitalocean.com/products/app-platform/how-to/configure-cors-policies/
Digital Ocean Community Question
https://www.digitalocean.com/community/questions/nginx-proxy-server-to-app-platform-app-is-getting-a-403-access-denied-cloudflare-error
I wasn’t using nginx but rather haproxy, but saw this same behavior. The way I got it working was to first set the
X-Forwarded-Forheader to theHostheader value. I then set theHostheader value to the digital ocean app platform host.This got my application to respond as expected.