I have a problem that I don't know why ? I went on to explain how to "How To Secure a Containerized Node.js Application with Nginx, Let's Encrypt, and Docker Compose" from url . All the steps ran for me, but when I open the site, it appears that there is an ssl problem. https://bgcar-egy.com/
my code nginx.conf
upstream loadbalancer {
server app1:6901;
}
server {
listen 80;
listen [::]:80;
server_name bgcar-egy.com;
root /var/www/html;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|txt|html)$ {
expires max;
log_not_found off;
}
location / {
proxy_pass http://loadbalancer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bgcar-egy.com;
root /var/www/html;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/bgcar-egy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bgcar-egy.com/privkey.pem;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|txt|html)$ {
expires max;
log_not_found off;
}
location / {
proxy_pass https://loadbalancer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
}
docker-compose.yml
services:
app1:
depends_on:
- database
- redis
build: ./node
restart: always
env_file: ./.env
ports:
- $NODE_DOCKER_PORT:$NODE_LOCAL_PORT
stdin_open: true
tty: true
volumes:
- ./node:/src/app
- ./html:/public
nginx2:
build: ./nginx
ports:
- '80:80'
- '443:443'
volumes:
- ./html:/var/www/html
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./certbot/etc:/etc/letsencrypt
- ./certbot/lib:/var/lib/letsencrypt
- ./certbot/dhparam:/etc/ssl/certs
depends_on:
- app1
stdin_open: true
tty: true
certbot:
image: certbot/certbot
container_name: certbot
volumes:
- ./certbot/etc:/etc/letsencrypt
- ./certbot/lib:/var/lib/letsencrypt
- ./html:/var/www/html
depends_on:
- nginx2
command: certonly --webroot --webroot-path=/var/www/html --email [email protected] --agree-tos --no-eff-email --staging -d bgcar-egy.com -d www.bgcar-egy.com
volumes:
web-root:
driver: local
driver_opts:
type: none
device: /home/website/node/views/
o: bind
CodePudding user response:
you run certbot with --staging
which generate test certificate not trusted by any browser, remove that option, clean files and try again.