Nginx reverse proxy: *30 an upstream response is buffered to a temporary file /var/lib/nginx/proxy/6/99/0038162996 while reading upstream

[alex9434]

I am trying stalwart mailserver but have problems using nginx as reverse proxy for the webmin interface: I use the follwing nginx location inside a https server block to proxy the webinterface to docker:

	location / {
		proxy_set_header Connection "upgrade";
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_pass  http://127.0.0.1:8080/;
	}

when I open the website https://webadmin.example.com/login I get an empty page. Nginx shows the following errors:

2024/10/23 13:04:52 [warn] 3363379#3363379: *30 an upstream response is buffered to a temporary file /var/lib/nginx/proxy/5/99/0038162995 while reading upstream, client: 127.0.0.1, server: ***, request: "GET /webadmin-18420740387b40bb_bg.wasm HTTP/2.0", upstream: "http://127.0.0.1:8080/webadmin-18420740387b40bb_bg.wasm", host: "***", referrer: "https://***/login"

(I have replaced the actual website with *** in that error message for privacy reasons) What is the right location block in nginx to proxy the webinterface?

Access works with http://localhost:8080/login

As I understand the documentation, port 443 should be used to access the webadmin after the initial configuration. Is there a way to use SSL-offloading with nginx so that nginx does the actual SSL encryption in the reverse proxy instead of encryption in Stalwart. How do I configure Stalwart to not encrypt 443 and instead use nginx for that? Since nginx can proxy IMAP, POP3 and SMTP protocols an upstream mail server, i would like to use nginx for all encryption so that I only have to update certificates there.

And I would also like to add a related feature request: Could you make the base-url configurable so that I can use a subdirectory as location to access the webadmin with a subdirectory, e.g. example.com/webadmin/login instead of webadmin.example.com/login

[mdecimus]

2024/10/23 13:04:52 [warn] 3363379#3363379: 30 an upstream response is buffered to a temporary file /var/lib/nginx/proxy/5/99/0038162995 while reading upstream, client: 127.0.0.1, server: , request: "GET /webadmin-18420740387b40bb_bg.wasm HTTP/2.0", upstream: "http://127.0.0.1:8080/webadmin-18420740387b40bb_bg.wasm", host: "", referrer: "https://**/login"

You should ask the Nginx community why you're seeing this error.

As I understand the documentation, port 443 should be used to access the webadmin after the initial configuration. Is there a way to use SSL-offloading with nginx so that nginx does the actual SSL encryption in the reverse proxy instead of encryption in Stalwart. How do I configure Stalwart to not encrypt 443 and instead use nginx for that? Since nginx can proxy IMAP, POP3 and SMTP protocols an upstream mail server, i would like to use nginx for all encryption so that I only have to update certificates there.

Yes, you can create a new plain-text listener bound to a port of your choice.

And I would also like to add a related feature request: Could you make the base-url configurable so that I can use a subdirectory as location to access the webadmin with a subdirectory, e.g. example.com/webadmin/login instead of webadmin.example.com/login

This is not yet possible, but you can host the webadmin on a separate hostname and then specify your Stalwart server URL using the ?remote= parameter.

[alex9434]

Thank you very much