Search code examples
dockernginxssldocker-composesubdomain

SSL not working in Nginx docker container


I have a project structure like this:

├── docker-compose.dev.yml
├── docker-compose.prod.yml
├── docker-compose.yml
├── homeid
│             ├── Dockerfile
│             ├── nginx.conf
│             └── website
├── reverse-proxy
│             ├── Dockerfile
│             ├── dev.homebooker.conf
│             ├── homebooker.conf
│             └── nginx.conf

and I have a domain homebooker.fr and a subdomain dev.homebooker.fr, and I want to add https, so I got a certificate from letsencrypt and I mouted it into Nginx container, but https is not working, do not know what I am doing wrong.

Here is the content of the files:

docker-compose.yml

version: '3'

services:
  reverse_proxy:
    build:
      context: ./reverse-proxy
      dockerfile: Dockerfile
    container_name: reverse_proxy
    restart: always
    volumes:
      - ~/letsencrypt:/etc/letsencrypt
    networks:
      - dev_network
      - prod_network
    ports:
      - "80:80"
      - "433:433"

networks:
  dev_network:
  prod_network:

docker-compose.dev.yml

version: '3'

services:
  homeid_dev:
    build:
      context: ./homeid
      dockerfile: Dockerfile
    container_name: homeid_dev
    restart: always
    networks:
      - dev_network
    ports:
      - '8001:80'

networks:
  dev_network:

docker-compose.prod.yml

version: '3'

services:
  homeid_prod:
    build:
      context: ./homeid
      dockerfile: Dockerfile
    container_name: homeid_prod
    restart: always
    networks:
      - prod_network
    ports:
      - "8002:80"
networks:
  prod_network:

homeid Dockerfile:

FROM nginx:1.21.6-alpine

RUN apk --update --no-cache upgrade
RUN apk add python3 python3-dev py3-pip build-base libressl-dev musl-dev libffi-dev rust cargo
RUN pip3 install pip --upgrade
RUN pip3 install certbot-nginx
RUN mkdir /etc/letsencrypt

WORKDIR /usr/share/nginx/html

COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY ./website package.json package-lock.json ./

RUN npm install

reverse-proxy Dockerfile:

FROM nginx:1.21.6-alpine

RUN apk --update --no-cache upgrade
RUN apk add python3 python3-dev py3-pip build-base libressl-dev musl-dev libffi-dev rust cargo
RUN pip3 install pip --upgrade
RUN pip3 install certbot-nginx
RUN mkdir /etc/letsencrypt

COPY nginx.conf /etc/nginx/nginx.conf

WORKDIR /etc/nginx/sites-available
COPY homebooker.conf /etc/nginx/sites-available/homebooker.fr.conf

WORKDIR /etc/nginx/sites-available
COPY dev.homebooker.conf /etc/nginx/sites-available/dev.homebooker.fr.conf

WORKDIR /etc/nginx/sites-enabled
RUN ln -s /etc/nginx/sites-available/homebooker.fr.conf . \
    && ln -s /etc/nginx/sites-available/dev.homebooker.fr.conf .

dev.homebooker.fr.conf

server {
    listen       80;
    listen  [::]:80;
    server_name dev.homebooker.fr www.dev.homebooker.fr;

    location = /status {
        access_log off;
        default_type text/plain;
        add_header Content-Type text/plain;
        return 200 "alive";
    }

    location / {
        proxy_pass http://homeid_dev;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

homebooker.fr.conf

server {
    listen 80 ;
    listen [::]:80 ;
    server_name homebooker.fr www.homebooker.fr;
    return 301 https://homebooker.fr;
}

server {
    listen 443 ssl;

    server_name homebooker.fr www.homebooker.fr;

    # RSA certificate
    ssl_certificate /etc/letsencrypt/live/homebooker.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/homebooker.fr/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

    location = /status {
        access_log off;
        default_type text/plain;
        add_header Content-Type text/plain;
        return 200 "alive";
    }

    location / {
        proxy_pass http://homeid_prod/;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

reverse-proxy/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include /etc/nginx/sites-enabled/*;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

homeid/nginx.conf

server {
    listen       80;
    listen  [::]:80;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}


Solution

  • Issue was a wrong port for https, I should have exposed port number 443 instead of 433 in docker-compose.yml