Home > Enterprise >  trying ssl to docker nginx container
trying ssl to docker nginx container

Time:09-05

When I raise the container, I get the following errors:

nginx    | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx    | /docker-entrypoint.sh: Configuration complete; ready for start up
nginx    | 2022/09/04 23:08:42 [emerg] 1#1: cannot load certificate "/etc/ssl/5master.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/5master.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx    | nginx: [emerg] cannot load certificate "/etc/ssl/5master.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/5master.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx exited with code 1

Although in the DockerFile I copied the certificate files that are in the command invocation folder.

nginx conf:

server {
    listen              80;
    listen              443 ssl;
    server_name         5master.com;
    ssl_certificate     /etc/ssl/5master.crt;
    ssl_certificate_key /etc/ssl/5master.key;
}

DockerFile:

FROM python:3.8

WORKDIR /usr/src/app
ADD . /usr/src/app

COPY requirements.txt ./

RUN pip install --upgrade pip
RUN pip install -r requirements.txt

COPY . .

EXPOSE 5000

CMD ["uwsgi", "app.ini"]
COPY nginx.conf /etc/nginx/conf.d
COPY 5master.crt /etc/ssl/5master.crt
COPY 5master.key /etc/ssl/5master.key

docker-compose:

version: "3.8"
services:
  api:
    build: .
    restart: "always"
    environment:
      FLASK_APP: run.py
    volumes:
      - .:/usr/src/app


  nginx:
    build: ./nginx
    container_name: nginx
    restart: always
    volumes:
      - /application/static/:/static
    depends_on:
      - api
    ports:
      - "80:80"
      - "443:443"

What could be the problem?

CodePudding user response:

You are installing the certificates into your Python API image, not into your nginx image. That is, in your docker-compose.yaml you are building two images:

  1. api:
      build: .
    
  2. nginx:
      build: ./nginx
    

The Dockerfile in your question appears to be for the Python API image. Since that image isn't used by nginx, it doesn't make any sense to install the certificates there.

You need to modify your nginx/Dockerfile to install the certificates.

  • Related