I'm pretty new with docker and docker-compose.
I'm trying to host multiple websites with HTTPS on a single server.
SSL certs can t be generated because locahost it is not a valid host ok normal.
And i'm getting a 502 bad gateway error.
It seems nginx-proxy can't stream to the container correctly.
This is my docker-compose
version: '3'
services:
nginx-proxy:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx-proxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:ro
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: nginx-gen
restart: unless-stopped
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
NGINX_PROXY_CONTAINER: "nginx-proxy"
networks:
webproxy:
external: true
At the website level i have the following docker-compose where i m running two conainers, php-fpm (including my wordpress files), and nginx container. I'm using this nginx container to add my own nginx config files.
version: '3.1'
services:
php:
build: ./docker/php/
restart: unless-stopped
volumes:
- wordpress:/var/www/html
nginx:
image: nginx:1-alpine
restart: unless-stopped
expose:
- 80
- 443
volumes:
- wordpress:/var/www/html
- ./docker/nginx/site.conf:/etc/nginx/conf.d/default.conf
- ./docker/nginx/wordpress.conf:/etc/nginx/wordpress.conf
environment:
- LETSENCRYPT_HOST=
- VIRTUAL_HOST=localhost
- VIRTUAL_PORT=80
volumes:
wordpress: {}
networks:
default:
external:
name: webproxy
This is the generated /etc/nginx/conf.d/default.conf in the nginx-proxy container
# localhost
upstream localhost {
# Cannot connect to network of this container
server 127.0.0.1 down;
}
server {
server_name localhost;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/localhost.crt;
ssl_certificate_key /etc/nginx/certs/localhost.key;
ssl_dhparam /etc/nginx/certs/localhost.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/localhost.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://localhost;
}
And the nginx-proxy logs
nginx-proxy | localhost 172.22.0.1 - - [10/May/2018:17:52:40 +0000] "GET / HTTP/2.0" 502 173 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx-proxy | 2018/05/10 17:54:47 [error] 7#7: *4 no live upstreams while connecting to upstream, client: 172.22.0.1, server: localhost, request: "GET / HTTP/2.0", upstream: "http://localhost/", host: "localhost"
Since i first posted, i added VIRTUAL_PORT=80 but it didn't help.
I have also tried to proxy directly the php container, but without success.
docker inspect on the nginx container been proxied shows
"Config": {
"Hostname": "4859d3794982",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"443/tcp": {},
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"VIRTUAL_PORT=80",
"LETSENCRYPT_HOST=localhost",
"VIRTUAL_HOST=localhost",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.13.1"
],
"Networks": {
"webproxy": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"nginx",
"4859d3794982"
],
"NetworkID": "6ac6af1b951c780c1334c55862025bd7916643dd13dc02976f2ed176a7ed7619",
"EndpointID": "3e379cd7a020e65f5ea6db8dbafe144d5b6ad5575b183dee64487f7046f0e3a2",
"Gateway": "172.23.0.1",
"IPAddress": "172.23.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:17:00:05",
"DriverOpts": null
I think your networks command is wrong in the first compose file
networks:
webproxy:
external: true
That specifies a network named webproxy that must exist. (Presumably you created it?). However, you don't attach any containers to that network.
The other compose file has
networks:
default:
external:
name: webproxy
Which does the same thing, except that all the containers are attached to the default network automatically. So making the first file match this may clear up your issue (though I haven't looked into what that magic nginx config generator does ;) )