I want to enable ssl for localhost, with nginx and a self signed certificate. I want to do this because I'm putting nginx as a reverse proxy in front of an application that redirects with https, and I don't want to modify the application
I have generated the certificate with the following command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt
This is my docker compose
version: '2.1'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./data/nginx/certs:/etc/nginx/certs
- ./data/nginx/nginx.conf:/etc/nginx/nginx.conf
networks:
- no-internet
- internet
depends_on:
- ap-service
back-service:
...
networks:
- no-internet
db-service:
...
networks:
- no-internet
- internet
networks:
internet:
driver: bridge
no-internet:
internal: true
driver: bridge
and this is my nginx.conf
events {
worker_connections 1024; ## Default: 1024
}
http{
server {
listen 80;
listen [::]:80;
server_name localhost;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8080/;
}
}
server {
listen 443;
listen [::]:443;
server_name localhost;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8080/;
}
}
server {
listen 8000;
listen [::]:8000;
server_name localhost;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8000/;
}
}
}
But when there is a redirect to https://localhost/ google chrome it shows a gray page that says ERR_SSL_PROTOCOL_ERROR
The nginx log shows the following
nginx-proxy | nginx.1 | 172.21.0.1 - - [02/Jun/2021:21:54:07 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xA4\xF3\xD75\xE13XqtL\xBF\xF5h\x11\x0B\x83\xB55P\xAF\xD1U\x9F\xD3\x17\x9A\xB3\x22}dZ\xE7 \x92\x89\x805\x14L\xE8=\xDAL\xF0\xA0\xBF\xE1\x9A \xC1\xAF\xB4\xC6\xFA\xC7n\xA5.\xBFxK\xAA\xFB\x050\x00\x22ZZ\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 158 "-" "-"
You must add the certificates inside server
block on nginx.conf
:
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/certs/nginx-selfsigned.key;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://back-service:8080/;
}
}