Home > Blockchain >  SSL It does not work properly Docker nginx
SSL It does not work properly Docker nginx

Time:10-09

I have a problem that I don't know why ? I went on to explain how to "How To Secure a Containerized Node.js Application with Nginx, Let's Encrypt, and Docker Compose" from url . All the steps ran for me, but when I open the site, it appears that there is an ssl problem. https://bgcar-egy.com/

my code nginx.conf

upstream loadbalancer {
  server app1:6901;
}

server {
  listen 80;
  listen [::]:80;
  server_name bgcar-egy.com;
  root /var/www/html;
  
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }
  location ~* \.(js|css|png|jpg|jpeg|gif|ico|txt|html)$ {
    expires max;
    log_not_found off;
  }

  location / {
    proxy_pass http://loadbalancer;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_read_timeout 3600;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

  }
  
}


server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name bgcar-egy.com;
  root /var/www/html;

  server_tokens off;

  ssl_certificate /etc/letsencrypt/live/bgcar-egy.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/bgcar-egy.com/privkey.pem;

  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }

  location ~* \.(js|css|png|jpg|jpeg|gif|ico|txt|html)$ {
    expires max;
    log_not_found off;
  }

    location / {
          proxy_pass https://loadbalancer;
  proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
          #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
          # enable strict transport security only if you understand the implications
  }
}

docker-compose.yml

services:
  app1:
    depends_on:
      - database
      - redis
    build: ./node
    restart: always
    env_file: ./.env
    ports:
      - $NODE_DOCKER_PORT:$NODE_LOCAL_PORT
    stdin_open: true
    tty: true
    volumes: 
      - ./node:/src/app
      - ./html:/public
  nginx2:
    build: ./nginx
    ports:
      - '80:80'
      - '443:443'
    volumes:
    - ./html:/var/www/html
    - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
    - ./certbot/etc:/etc/letsencrypt
    - ./certbot/lib:/var/lib/letsencrypt
    - ./certbot/dhparam:/etc/ssl/certs
    depends_on:
      - app1
    stdin_open: true
    tty: true
  certbot:
    image: certbot/certbot
    container_name: certbot
    volumes:
      - ./certbot/etc:/etc/letsencrypt
      - ./certbot/lib:/var/lib/letsencrypt
      - ./html:/var/www/html
    depends_on:
      - nginx2
    command: certonly --webroot --webroot-path=/var/www/html --email [email protected] --agree-tos --no-eff-email --staging -d bgcar-egy.com  -d www.bgcar-egy.com
volumes:
  web-root:
    driver: local
    driver_opts:
      type: none
      device: /home/website/node/views/
      o: bind

CodePudding user response:

you run certbot with --staging which generate test certificate not trusted by any browser, remove that option, clean files and try again.

  • Related