Understand a reverse proxy in combination with docker

Leave your 80–>443 redirect you have with NGINX doing the SSL termination, then sending to backend over http.

Change these to listen on the LAN IP or docker DNS name:

web_listen_uri = http://docker-graylog:9000/graylogrest_listen_uri = http://docker-graylog:9000/api

Note: The problem with your current config is it is only listening on localhost, and a request coming in externally will never make it to the app, because it’s not listening for external connections. It’s only listening for connections within the graylog container. NGINX can’t reach graylog on localhost:9000 across the LAN.

The bad gateway indicates that your proxy is probably working, but no connections to app can be made.

More details on that:https://forums.docker.com/t/access-to-localhost-from-bridge-network/22948/2

This config is basically what you already have, but copied it from graylog documentation. Your current proxy config might work as is.

upstream docker-graylog {server graylog:9000;}server{listen      443 ssl spdy;server_name mySite.de;# <- your SSL Settings here!location /graylog{  proxy_set_header Host $http_host;  proxy_set_header X-Forwarded-Host $host;  proxy_set_header X-Forwarded-Server $host;  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  proxy_set_header X-Graylog-Server-URL https://$server_name/api;  proxy_pass       http://docker-graylog/graylog;}}