Search code examples
dockernginxdocker-composejwilder-nginx-proxy

Docker SSL for domain

I'm trying to run SSL for Docker using domain. I'm using the following docker-compose.yml for my project:

web:
  build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu
  volumes:
    - /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/
    - /c/Users/marcin/docker/projects/newdocker.app/nginx/conf.d/:/etc/nginx/conf.d/
    - /c/Users/marcin/docker/projects/newdocker.app/nginx/log/:/var/log/nginx/    
    - /c/Users/marcin/docker/projects/newdocker.app/php/config/:/usr/local/etc/php/
    - /c/Users/marcin/docker/projects/newdocker.app/supervisor/conf.d/:/etc/supervisor/conf.d/
    - /c/Users/marcin/docker/projects/newdocker.app/supervisor/log/:/var/log/supervisor/
    - /c/Users/marcin/docker/local_share/:/root/.local_share/
  working_dir: /usr/share/nginx/html/
  links:
    - db
  container_name: newdocker.php
  hostname: newdocker.app
  ports:
    - "280:22"
    - "8300:80"
    - "18300:443"
  environment:
    - VIRTUAL_HOST=newdocker.app   
    - VIRTUAL_PORT=443    
    - VIRTUAL_PROTO=https
db:
  build: /Users/marcin/docker/definitions/mysql/5.7
  environment:
     - MYSQL_ROOT_PASSWORD=pass
     - MYSQL_DATABASE=
     - MYSQL_USER=
     - MYSQL_PASSWORD=
  expose:
     - 3306
  volumes:
    - /c/Users/marcin/docker/projects/newdocker.app/mysql/data/:/var/lib/mysql/
    - /c/Users/marcin/docker/projects/newdocker.app/mysql/conf.d/:/etc/mysql/conf.d/source
    - /c/Users/marcin/docker/projects/newdocker.app/mysql/log/:/var/log/mysql/
  ports:
    - "33200:3306"
  container_name: newdocker.db
  hostname: newdocker.app

and I'm using also jwilder/nginx-proxy with the following docker-compose.yml file:

proxy:
   image: jwilder/nginx-proxy
   restart: always
   volumes:
     - /var/run/docker.sock:/tmp/docker.sock:ro
     - ./nginx/conf.d/proxy.conf:/etc/nginx/conf.d/proxy.conf:ro     
     - ./certs/default.crt:/etc/nginx/certs/default.crt:ro
     - ./certs/default.key:/etc/nginx/certs/default.key:ro     
   ports:
     - "80:80"    
     - "443:443"      
   container_name: proxy

And the problem is like this:

http://192.168.99.100:8300/ - is working fine
https://192.168.99.100:18300/ - is working fine
https://192.168.99.100/ - I'm getting 503 (this is probably fine - this port is not used for this container)
http://newdocker.app/ - is working fine
https://newdocker.app:18300/ - is working fine
https://newdocker.app/ - I'm getting 500

my nginx config file looks like this:

server {
    listen       80;
    listen       443  default ssl;
    server_name  localhost;

    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # set maximum request size to 20M
    client_max_body_size 20M;

    root /usr/share/nginx/html/public/;

    location / {
        root   /usr/share/nginx/html/public/;
        index  index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
    }

    sendfile off;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html/public/;
    }


    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
        fastcgi_param  SERVER_NAME $host;
    }
}

How can I set this to make it working with https://newdocker.app/ so without port?

Solution

  • After investigation my nginx config file was fine but I had to update my docker-composer.yaml like this:

    web:
  build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu
  volumes:
    - /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/
    - /c/Users/marcin/docker/projects/newdocker.app/nginx/conf.d/:/etc/nginx/conf.d/
    - /c/Users/marcin/docker/projects/newdocker.app/nginx/log/:/var/log/nginx/    
    - /c/Users/marcin/docker/projects/newdocker.app/php/config/:/usr/local/etc/php/
    - /c/Users/marcin/docker/projects/newdocker.app/supervisor/conf.d/:/etc/supervisor/conf.d/
    - /c/Users/marcin/docker/projects/newdocker.app/supervisor/log/:/var/log/supervisor/
    - /c/Users/marcin/docker/local_share/:/root/.local_share/
  working_dir: /usr/share/nginx/html/
  links:
    - db
  container_name: newdocker.php
  hostname: newdocker.app
  ports:
    - "280:22"
    - "8300:80"
    - "18300:443"
  environment:
    - VIRTUAL_HOST=newdocker.app
    - CERT_NAME=default
    - HTTPS_METHOD=noredirect

db:
  build: /Users/marcin/docker/definitions/mysql/5.7
  environment:
     - MYSQL_ROOT_PASSWORD=pass
     - MYSQL_DATABASE=
     - MYSQL_USER=
     - MYSQL_PASSWORD=
  expose:
     - 3306
  volumes:
    - /c/Users/marcin/docker/projects/newdocker.app/mysql/data/:/var/lib/mysql/
    - /c/Users/marcin/docker/projects/newdocker.app/mysql/conf.d/:/etc/mysql/conf.d/source
    - /c/Users/marcin/docker/projects/newdocker.app/mysql/log/:/var/log/mysql/
  ports:
    - "33200:3306"
  container_name: newdocker.db
  hostname: newdocker.app

    The most important thing was adding here - CERT_NAME=default to make it work (my certificates shared in jwilder/nginx-proxy has names default.crt and default.key as you can see in 2nd docker-compose.yaml put into question) and because I wanted to have both http and https working i had to add - HTTPS_METHOD=noredirect too.

    After restarting nginx now I can use https://newdocker.app without any port added and http://newdocker.app is working too.