I'm trying to dockerise a symfony2 application. The container is up and running without any errors. However, I'm getting 'An error occurred during a connection to localhost' when I hit http://localhost:8081 in the browser
docker-compose.yml
version: "3.8"
services:
app:
container_name: "${PROJECT_NAME}"
build:
context: .
dockerfile: ./Dockerfile
restart: 'always'
ports:
- 8081:80
volumes:
- .:/var/www/html
- ${LOG_DIR-./logs/apache2}:/var/log/apache2
Dockerfile
FROM php:7.0-apache
RUN a2enmod rewrite
COPY ./000-default.conf /etc/apache2/sites-available/000-default.conf
// installing php extensions / libraries and composer ..
EXPOSE 80
CMD ["apache2-foreground"]
000-default.conf
Listen 80
<VirtualHost *:80>
ServerName localhost
DocumentRoot /var/www/html/web
<Directory /var/www/html/web>
EnableSendfile Off
AllowOverride None
Order Allow,Deny
Allow from All
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app_dev.php [QSA,L]
</IfModule>
</Directory>
</VirtualHost>
I generated ssl certificates(referred to https://medium.com/#nh3500/how-to-create-self-assigned-ssl-for-local-docker-based-lamp-dev-environment-on-macos-sierra-ab606a27ba8a) and updated the files as below
000-default.conf
// added this to my existing 000-default.conf (pls refer to the question)
<VirtualHost *:443>
DocumentRoot "/var/www/html/web"
ServerName localhost
SSLEngine on
SSLCertificateFile "/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/server.key"
<Directory /var/www/html/web>
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app_dev.php [QSA,L]
</IfModule>
</Directory>
</VirtualHost>
docker-compose.yml
ports:
- "8081:80"
- "8082:443"
Dockerfile
FROM php:7.0-apache
COPY server.crt /etc/apache2/ssl/server.crt
COPY server.key /etc/apache2/ssl/server.key
COPY 000-default.conf /etc/apache2/sites-available/000-default.conf
COPY php.ini /usr/local/etc/php/php.ini
RUN a2enmod rewrite
RUN a2enmod ssl
// installing php libraries
// composer install
// EXPOSE ports
CMD ["apache2-foreground"]
Related
I am pretty new for the topic server configuration and now I got a problem with to reach a container with ssl certificate.
What is my setup:
I've got a raspberry pi with docker on it. The container which is connected to port 80 and 443 is a reverse proxy which is directing incoming subdomains to different other container.
Example:
webserver.my-domain.com is leading to IP 192.168.178.69:8080. I archived this through this config in the folder sites-enabled:
<VirtualHost *:80>
ServerName webserver.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:8080/
ProxyPassReverse / http://192.168.178.69:8080/
RewriteEngine on
RewriteCond %{SERVER_NAME} =webserver.my-domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I also created a let's encrypt certificate inside of the reverse proxy container. This created an additional file webserver-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName webserver.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:8080/
ProxyPassReverse / http://192.168.178.69:8080/
SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
So far so good. My content is available if I try the URL https://webserver.my-domain.com.
What is my Problem
I use Portainer to manage my docker container and I want Portainer to be available through portainer.my-domain.com.
So this is the portainer config inside of sites-enabled:
<VirtualHost *:80>
ServerName portainer.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:9443/
ProxyPassReverse / http://192.168.178.69:9443/
RewriteEngine on
RewriteCond %{SERVER_NAME} =portainer.my-domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And also the ssl config for this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName portainer.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:9443/
ProxyPassReverse / http://192.168.178.69:9443/
SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
If I call 192.168.178.69:9443/ I can reach the container without problems.
But if I try to reach the URL portainer.my-domain.com I just got the Message:
Client sent an HTTP request to an HTTPS server.
But in the URL shows: https://portainer.my-domain.com/.
So I don't understand why there is an HTTP request, even if my browser shows me that the connection is with https.
Can someone explain this to me and show me how to fix this?
Update: My solution
With a lot of tries I found a solution:
As I run the reverse proxy and the portainer as docker containers, I put both containers into a network with docker-compose:
version: "3.4"
services:
apache:
build:
context: .
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- /home/pi/reverse-proxy/:/etc/apache2
networks:
- homeserver
portainer:
image: portainer/portainer-ce:latest
ports:
- "8000:8000"
- "9000:9000"
- "9443:9443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
- homeserver
networks:
homeserver:
volumes:
portainer_data:
The volume of the apache2 is the complete config folder of /etc/apache2. After that I changed the IP of the ProxyPass to the name of the container:
ProxyPass / http://reverse-proxy_portainer_1:9000/
ProxyPassReverse / http://reverse-proxy_portainer_1:9000/
After this changes it worked.
I had the same problem with Portainer 2.13.1 behind an Apache2 proxy. I solved it by running the image with the option enabling port 9000 which is Portainer's HTTP port. This assumes that you will block port 9000 externally and access it only via the proxy which is protected by HTTPS. This is my command:
docker run -d -p 9000:9000 -p 8000:8000 -p 9443:9443 \
--name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data
portainer/portainer-ce:latest
My VirtualHost file then points to port 9000 like so:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
Proxyrequests Off
ServerName docker.<domain.tld>
ServerAdmin admin#<domain.tld>
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
ErrorLog ${APACHE_LOG_DIR}/portainer-error.log
CustomLog ${APACHE_LOG_DIR}/portainer-access.log combined
SSLCertificateFile /etc/letsencrypt/live/docker.<domain.tld>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/docker.<domain.tld>/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Make sure ports 8000, 9000 and 9443 are not accessible externally using a tool like ufw in Linux.
So based on your question it seems that this works
ProxyPass / http://192.168.178.69:8080/
But this does not:
ProxyPass / http://192.168.178.69:9443/
Note that in both cases a plain http:// protocol is used, even though different port are involved. And a port number of 9443 suggests that you are expected https:// and not http:// here. If this is the case this would explain the error message you got: a plain HTTP request is send because of setting the protocol to http:// instead of https://.
But in the URL shows: https://portainer.my-domain.com/
This protocol here is relevant for the connection between client and nginx, not between nginx and the inner server. The latter one depends on the protocol given in the ProxyPass URL.
I'm using docker to run an app built with laravel, everything was working fine until for some reason I did a reset to factory default and then built the image again and ran the container but now I'm getting this warning
AH00112: Warning: DocumentRoot [/var/www/html/kh/public] does not exist
though this root does exist and it was working fine before I resetted docker to the factory default.
this is docker-compose.yml file
services:
kh:
build:
context: ./
dockerfile: Dockerfile
args:
uid: ${UID}
container_name: kh
environment:
- APACHE_RUN_USER=#${UID}
- APACHE_RUN_GROUP=#${UID}
depends_on:
- khdb
ports:
- 3000:80
- 8443:443
volumes:
- ./:/var/www/html/kh
networks:
backend:
aliases:
- kh
vhost.config file
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
SSLHonorCipherOrder on
#SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384::ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:RSA-WITH-AES-256-GCM-SHA384:DHE-RSA-WITH-AES-256-GCM-SHA384
<VirtualHost *:80>
ServerName schooling.test
ServerAlias www.schooling.test
ServerAdmin info#schooling.test
DocumentRoot ${APACHE_DOCUMENT_ROOT}
<Directory ${APACHE_DOCUMENT_ROOT}>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/apache2/schooling-error.log
CustomLog /var/log/apache2/schooling-access.log combined
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/key.pem
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
SSLCACertificateFile /etc/apache2/ssl/key.pem
SSLUseStapling On
SSLProtocol TLSv1.2
SSLProxyProtocol TLSv1.2
ServerName schooling.test
ServerAlias www.schooling.test
ServerAdmin info#schooling.test
DocumentRoot ${APACHE_DOCUMENT_ROOT}
<Directory ${APACHE_DOCUMENT_ROOT}>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/apache2/schooling-error.log
CustomLog /var/log/apache2/schooling-access.log combined
</VirtualHost>
Problem was solved by running:
docker image prune -a
docker-compose up -d --build
I am trying to containerize all things related to my web app (Vue.js) using Docker Compose, including Nginx & SSL Certificates (Certbot) on a VPS OVH Debian+Apache.
I have this error :
"The proxy server could not handle the request
Reason: Error during SSL Handshake with remote server"
If anyone can spot where I am going wrong, I would be extremely grateful!
Docker-compose.yml
services:
my-app-prod:
container_name: my-app-prod
build:
context: .
dockerfile: Dockerfile-prod
ports:
- '8080:80'
- '4567:443'
Dockerfile-prod
FROM node:12.2.0-alpine as build
WORKDIR /app
ENV PATH /app/node_modules/.bin:$PATH
COPY package.json /app/package.json
RUN npm install --silent
RUN npm install #vue/cli#3.7.0 -g
COPY . /app
RUN npm run build
# production environment
FROM nginx:1.16.0-alpine
COPY --from=build /app/dist /usr/share/nginx/html
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]
sites-avalaibles/nom-de-domaine.fr.conf
ServerName nom-de-domaine.fr
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPassReverseCookieDomain 127.0.0.1 nom-de-domaine.fr
RewriteEngine on
RewriteCond %{SERVER_NAME} = nom-de-domaine.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
sites-avalaibles/nom-de-domaine.fr-le-ssl.conf
<VirtualHost *:443>
ServerName nom-de-domaine.fr
# ProxyPreserveHost On
# SSLProxyEngine On
# SSLProxyVerify none
# SSLProxyCheckPeerCN off
# SSLProxyCheckPeerName off
# SSLProxyCheckPeerExpire off
# SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass / https://127.0.0.1:4567/
ProxyPassReverse / https://127.0.0.1:4567/
ProxyPassReverseCookieDomain 127.0.0.1 nom-de-domaine.fr
SSLCertificateFile /etc/letsencrypt/live/ nom-de-domaine.fr /fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ nom-de-domaine.fr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ nom-de-domaine.fr /chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
CustomLog "/var/log/apache2/ nom-de-domaine.fr _log" "%h %l %u %t \"%r\" %>s %b"
</VirtualHost>
</IfModule>
As I see from the post tag and the config files, you are using Apache, not nginx (on the host at least).
Between the host and your container you don't need http over ssl since it's in the localhost (== 127.0.0.1) network, your ProxyPass should be pointing on the port 8080, you don't need to expose the 443 port of your container.
Typically this is how I make my config files:
default.conf:
<VirtualHost *:80>
ServerName nom-de-domaine.fr
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
default-le-ssl.conf:
<VirtualHost *:443>
ServerName nom-de-domaine.fr
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# From certbot:
SSLCertificateFile /etc/letsencrypt/live/nom-de-domaine.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nom-de-domaine.fr/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
The virtual host for port 80 (http) is only there to make a permanent redirection to port 443 (http over ssl - https) which prevent visitors to request your app through the non encrypted http.
I'm having trouble setting up SSL with custom port in docker (without redirection).
This is my files:
docker-compose.yml
version: "3.6"
services:
apache-php:
container_name: apache-php
image: php:7.4.8-apache
restart: unless-stopped
volumes:
- ./web:/var/www/html
- ./ssl:/etc/apache2/ssl
- ./sites-enabled:/etc/apache2/sites-enabled
- ./ports.conf:/etc/apache2/ports.conf
working_dir: /var/www/html
ports:
- 80:80
- 443:443
- 2805:2805
sites-enabled/example.com.conf
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Listen 2805
Listen 443
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
ErrorLog /var/www/logs/error.log
CustomLog /var/www/logs/access.log combined
</VirtualHost>
<VirtualHost *:2805>
ServerName example.com
DocumentRoot /var/www/manage
ErrorLog /var/www/logs/manage-error.log
CustomLog /var/www/logs/manage-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
SSLProxyEngine On
<Location />
ProxyPass http://example.com:2805/
ProxyPassReverse http://example.com:2805/
</Location>
</VirtualHost>
I generated certificate files using the command of lynxman at https://serverfault.com/a/224127
openssl genrsa 2048 > ssl/example.com.key
chmod 400 ssl/example.com.key
openssl req -new -x509 -nodes -sha256 -days 365 -key ssl/example.com.key -out ssl/example.com.crt
Then I run docker-compose up command, everything works fine
I can access to http://example.com:2805 but can't access to domain with SSL https://example.com:2805
And I have received the message of the browser:
This site can't provide a secure connection
example.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Any help is much appreciated as I am really struggling here.
I have a apache/RoR server running on 8080 port and redbird forwarding from port 80 (because I have a nodejs website running on the same machine). The problem is that when I try to connect my RoR website from http, it gives me 500 error or the GET fails. Below is my apache setup.
<VirtualHost *:8080>
DocumentRoot /home/ffit/gsatech/production/current/public
ServerName cobranca.gsatech.com.br
ServerAlias www.cobranca.gsatech.com.br
RailsEnv production
<Directory "/home/ffit/gsatech/production/current/public">
#Options -MultiViews
#Allow from all
Options Indexes FollowSymLinks
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error-gsatech-production.log
CustomLog ${APACHE_LOG_DIR}/access-gsatech-production.log combined
PassengerRuby /usr/share/rvm/gems/ruby-2.1.5/wrappers/ruby
LoadModule passenger_module /usr/share/rvm/gems/ruby-2.1.5/gems/passenger-5.1.8/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/share/rvm/gems/ruby-2.1.5/gems/passenger-5.1.8
PassengerDefaultRuby /usr/share/rvm/gems/ruby-2.1.5/wrappers/ruby
</IfModule>
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =cobranca.gsatech.com.br
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteEngine on
RewriteCond %{SERVER_NAME} =cobranca.gsatech.com.br [OR]
RewriteCond %{SERVER_NAME} =www.cobranca.gsatech.com.br
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And here is my app.js for my redbird forwarding to apache.
var proxy = require('redbird')({port: 80, xfwd: false});
proxy.register("dicoop.ffit.com.br", "http://dicoop.ffit.com.br:3030");
proxy.register("http://cobranca.gsatech.com.br", "https://cobranca.gsatech.com.br:8080");
proxy.register("www.cobranca.gsatech.com.br", "https://cobranca.gsatech.com.br:8080");
Apache is running port 81 while my Redbird module is running on port 80 to do the routing through my websites and I have certbot doing my https certificate for my RoR website.