I have docker containers up and my jrcs/letsencrypt-nginx-proxy-companion does not show me or generate the token, how can I see or generate the token, then create my _acme-challange txt file.
letsencrypt:
container_name: ${COMPOSE_PROJECT_NAME}_letsencrypt
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- dhparam:/etc/nginx/dhparam:ro
- acme:/etc/acme.sh
environment:
- NGINX_PROXY_CONTAINER=${COMPOSE_PROJECT_NAME}_nginx-proxy
depends_on:
- nginx-proxy
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
Related
Good day. Can I ask for some help? I just started to learn docker and create my local set. All of my containers(nginx, app, mysql) are running ok but I can't access my test app in browser.
Here's my docker-compose.yml file
version: '3'
services:
nginx:
image: nginx:stable-alpine
container_name: nginx
ports:
- "8088:80"
volumes:
- ./src:/var/www/html
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
depends_on:
- mysql
- php
mysql:
image: mysql:5.7.22
container_name: mysql
tty: true
ports:
- "3306:3306"
volumes:
- ./mysql:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: localdb
php:
build:
context: .
dockerfile: Dockerfile
container_name: php
volumes:
- ./src:/var/www/html
ports:
- "9000:9000"
And here's my default.conf for nginx
server {
listen 80;
index index.html index.html;
servername localhost;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
location / {
try_files $uri $uri/ /index.html?$query_string;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.html;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
According to your comment, the problem is located at your docker-compose file. You want to access your nginx server on port 81, but you bind your nginx on port 8088.
So simply change the port binding from 8088:80 to 81:80. This should fix your problem.
If you want to learn more about port binding, just have a look at the documentation: https://docs.docker.com/compose/compose-file/compose-file-v3/#ports
Here is a fixed example:
nginx:
image: nginx:stable-alpine
container_name: nginx
ports:
- "81:80"
volumes:
- ./src:/var/www/html
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
depends_on:
- mysql
- php
It's because containers can't access your host (That is your main os) you have to use -p for connecting the ports of your container to your computer (main os)
For example you use docker run npm
and imagine by your setup npm runs at port 3000
now you have to do networking of your container
use docker run -p 3000:3000 npm
The -p 3000:3000 says that your 3000 port of your container now attach to the 3000 port of your main os and now you can see your site (that is run on your container in your main os web browser in the specific port (3000))
I am new to this and I don't really know what I did, but it worked without running docker run -p [port:port] [container] command. I did some changes on my docker-compose.yml and default.conf
I was so happy that it is running now, but it would be great if someone could just explain how it worked. Thanks for all the response.
docker-compose.yml
version: '3'
services:
nginx:
image: nginx:stable-alpine
container_name: nginx
ports:
- "80:80"
volumes:
- ./src:/var/www/html
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
depends_on:
- mysql
- php
mysql:
image: mysql:5.7.22
container_name: mysql
tty: true
ports:
- "3306:3306"
volumes:
- ./mysql:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: localdb
php:
build:
context: .
dockerfile: Dockerfile
container_name: php
volumes:
- ./src:/var/www/html
ports:
- "9000:9000"
default.config
server {
listen 80;
index index.html index.html;
server_name localhost;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
location / {
try_files $uri $uri/ /index.html?$query_string;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.html;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
I have a nginx.conf in which I am running an application on localhost. I need to redirect the application from HTTP to HTTPS. In the nginx.conf, I have a configuration as below:
http {
error_log /etc/nginx/error/error.log warn; #./nginx/error.log warn;
client_max_body_size 20m;
proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m;
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name localhost;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
location / {
proxy_pass http://localhost:80;
proxy_ssl_certificate /etc/nginx/ssl.crt;
proxy_ssl_certificate_key /etc/nginx/ssl.key;
proxy_ssl_verify off;
allow all;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
#access_log /var/log/nginx/access.log;
#error_log /var/log/nginx/error.log;
client_max_body_size 0;
client_body_buffer_size 128k;
proxy_connect_timeout 1200s;
proxy_send_timeout 1200s;
proxy_read_timeout 1200s;
proxy_buffers 32 4k;
}
}
And docker-compose.yml as below:-
version: '2'
services:
mysql:
image: mysql:5.7.21
restart: always
environment:
- MYSQL_ROOT_PASSWORD=admin
- MYSQL_DATABASE=bookstack
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=admin
volumes:
- ./mysql:/var/lib/mysql
networks:
- bookstack-bridge
bookstack:
image: solidnerd/bookstack:latest
container_name: bookstack
restart: always
depends_on:
- mysql
environment:
- APP_URL=http://localhost:8080
volumes:
- ./uploads:/var/www/bookstack/public/uploads
- ./storage-uploads:/var/www/bookstack/public/storage
ports:
- 8080:8080
networks:
- bookstack-bridge
nginx:
image: nginx:latest
container_name: bookstack-nginx
restart: always
And in the docker-compose.yml, I do have APP_URL=http://localhost:8080 env variable.
Does anybody have an idea, what needs to be changed to redirect from HTTP to HTTPS?
Thanks in advance.
I customized your docker-compose-yml.
Your docker-compose.yml would not work for https because some parts are wrong or missing.
To use HTTPS you have to create the certificates with Openssl. These must be in the folder /etc/nginx/certs in the container.
When you put the certificates in the folder you have to set - VIRTUAL_PORT=8080 to 443 and change the APP_URL from http to https
When you start a service and assign it to the network "web" nginx automatically sees that a new service is registered. It automatically maps to the port specified in the image. This happens with the volume command "/tmp/docker.sock:ro". ":ro" stands for Readonly
If you assign a service to the network "internal" it is not accessible from the outside and Nginx ignores it. See "mysql" service.
With "depends_on:" i say that all services have to start before bookstack starts. This is important! First Nginx, then MySql and finally bookstack.
I prefer to use VIRTUAL_HOST on its own local domain. You can also use localhost there, the only important thing is that your "hosts" file in the operating system points to your external Docker IP. Example: "192.168.5.121 bookstack.local"
My tip! I would store the service "nginx--proxy" in a sepparate docker-compose file. Then you can easily register further services with the nginx.
Good luck with that and if you want to use Bookstack only locally HTTPS might not be that urgent now. Otherwise search for "Create Certs for Nginx local"
Before you start create the network "web":
docker network create web
version: '2.4'
services:
mysql:
image: mysql:5.7.21
container_name: bookstack-mysql
restart: unless-stopped
networks:
- "internal"
healthcheck:
test: "exit 0"
environment:
- MYSQL_ROOT_PASSWORD=admin
- MYSQL_DATABASE=bookstack
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=admin
volumes:
- ./docker/data/mysql:/var/lib/mysql
bookstack:
image: solidnerd/bookstack:0.29.3
container_name: bookstack
restart: unless-stopped
networks:
- "web"
- "internal"
depends_on:
nginx--proxy:
condition: service_started
mysql:
condition: service_healthy
environment:
- VIRTUAL_HOST=bookstack.local
- VIRTUAL_PORT=8080
- DB_HOST=mysql:3306
- DB_DATABASE=bookstack
- DB_USERNAME=bookstack
- DB_PASSWORD=admin
- APP_URL=http://bookstack.local
volumes:
- ./docker/data/uploads:/var/www/bookstack/public/uploads
- ./docker/data/storage-uploads:/var/www/bookstack/storage/uploads
nginx--proxy:
image: jwilder/nginx-proxy:latest
container_name: nginx--proxy
restart: always
environment:
DEFAULT_HOST: default.vhost
ports:
- "80:80"
- "443:443"
volumes:
- ./docker/data/certs:/etc/nginx/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- "web"
- "internal"
networks:
web:
external: true
internal:
external: false
The solution worked for me:-
In the docker-compose.yml, in nginx service section added networks tag-
networks:
- bookstack-bridge
And in the nginx.conf added proxy_pass as-
proxy_pass http://bookstack:8080;
Thanks you guys for your help.
I am trying to set up a Dockerised Mern app secured with ssl. So far i have managed to serve my react app via nginx container, but am now having issues with my api backend.
if my web page sends a https request to my nginx container, how can i take that request, downgrade it to http, and send it to the api container, and securely return the response? it this even the preferred approach?
my Nginx conf
server {
listen 80;
server_name example.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com;
root /var/www/html/build;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
index index.html
try_files $uri $uri/ #backend;
}
location /login {
return 301 https://$host;
}
location #backend {
proxy_pass https://example.com;
}
my docker-compose.yml
version: '3.7'
services:
nginx:
image: nginx:1.15-alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./data/build:/var/www/html/build
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
certbot:
image: certbot/certbot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
backend:
container_name: backend
restart: unless-stopped
build: ./api
ports:
- '3001:3001'
env_file: ./api/.env
environment:
- NODE_ENV=production
I managed to find a solution to my problem.
i changed by docker-compose.yml to:
version: '3.7'
services:
nginx:
image: nginx:1.15-alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./data/build:/var/www/html/build
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
links:
- backend
certbot:
image: certbot/certbot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
backend:
container_name: backend
restart: unless-stopped
build: ./api
ports:
- '3001:3001'
env_file: ./api/.env
environment:
- NODE_ENV=production
and my nginx conf to:
server {
listen 80;
server_name example.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com;
root /var/www/html/build;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
index index.html
try_files $uri $uri/ #backend;
}
location /login {
return 301 https://$host;
}
location #backend {
proxy_pass https://example.com;
}
location /api/ {
proxy_pass http://backend:3001/api/;
}
When I start de Project with php artisan serve everything works fine, but when I start my project with docker-compose up -d there is an error: 403 Forbidden nginx/1.10.3
Nginx default file:
listen [::]:80;
listen 80;
root /var/www/html/public;
index index.html index.htm index.php;
server_name {{getenv "NGINX_SERVER_NAME"}};
server_tokens off;
charset utf-8;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/usr/local/var/run/php-fpm.sock;
}
error_page 404 /index.php;
location ~ /\.ht {
deny all;
}
add_header X-Served-By Bitpress.io;
include h5bp/basic.conf;
}
and here is my docker-compose File
docker-compose.yml
version: "3"
networks:
app-tier:
driver: bridge
services:
app:
image: test
container_name: site
build:
context: .
dockerfile: docker/Dockerfile
networks:
- app-tier
env_file:
- .docker.env
ports:
- 5050:80
volumes:
- .:/var/www/html
environment:
APP_ENV: local
CONTAINER_ROLE: app
scheduler:
image: test
container_name: scheduler
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
environment:
CONTAINER_ROLE: scheduler
queue:
image: test
container_name: queue
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
environment:
CONTAINER_ROLE: queue
I've seen, that the Permissions from the Directories is root.
I have tried to change it with the commandRUN chown -R www-data:www-data /var/www/html but it not works.
I just update what you have, but won't fix 100% your issues, some stuff have ot be done too, but without all information I cannot do more.
You may need to add php-fpm into your docker-compose.yml
nginx.conf
server {
listen [::]:80;
listen 80;
# will be remove if you run everything inside container
root /var/www/html/public;
# will be remove if you run everything inside container
index index.html index.htm index.php;
server_name {{getenv "NGINX_SERVER_NAME"}};
server_tokens off;
charset utf-8;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
# will be remove
# location / {
# try_files $uri $uri/ /index.php$is_args$args;
# }
# Add this, now nginx only redirect request to expose socket from docker
location / {
proxy_pass http://localhost:5050
proxy_ser_header X-Served-By Bitpress.io;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/usr/local/var/run/php-fpm.sock;
}
# will be remove if you run everything inside container
error_page 404 /index.php;
location ~ /\.ht {
deny all;
}
# will be remove if you run everything inside container
add_header X-Served-By Bitpress.io;
include h5bp/basic.conf;
}
docker-compose.yml
version: "3"
networks:
app-tier:
driver: bridge
services:
app:
image: test
container_name: site
build:
context: .
dockerfile: docker/Dockerfile
networks:
- app-tier
env_file:
- .docker.env
ports:
- 5050:80
volumes:
- .:/var/www/html
# - /absolute/path/better:/var/www/html
environment:
APP_ENV: local
CONTAINER_ROLE: app
scheduler:
image: test
container_name: scheduler
networks: # <-- add thisadd this
- app-tier # <-- add thisadd this
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
# - /absolute/path/better:/var/www/html
environment:
CONTAINER_ROLE: scheduler
queue:
image: test
container_name: queue
networks: # <-- add thisadd this
- app-tier # <-- add thisadd this
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
# - /absolute/path/better:/var/www/html
environment:
CONTAINER_ROLE: queue
You may have an issues between env_file: and CONTAINER_ROLE who have the priority: your 3 containers share the shame .docker.env it may be an issues. it may be a good idead to have:
.docker.app.env
.docker.scheduler.env
.docker.queue.env
I have one node.js application (web-app) and two lumen applications (api, customer-api) that are load balanced by an nginx container listening on port 80.
My docker-compose.yml file:
version: '2'
services:
nginx:
build:
context: ../
dockerfile: posbytz-docker/nginx/dockerfile
volumes:
- api
- customer-api
ports:
- "80:80"
networks:
- network
depends_on:
- web-app
- api
- customer-api
web-app:
build:
context: ../
dockerfile: posbytz-docker/web-app-dockerfile
volumes:
- ../web-app:/posbytz/web-app
- /posbytz/web-app/node_modules
ports:
- "3004:3004"
networks:
- network
api:
build:
context: ../
dockerfile: posbytz-docker/api-dockerfile
volumes:
- ../api:/var/www/api
networks:
- network
customer-api:
build:
context: ../
dockerfile: posbytz-docker/customer-api-dockerfile
volumes:
- ../customer-api:/var/www/customer-api
networks:
- network
redis:
image: redis
ports:
- "6379:6379"
networks:
- network
memcached:
image: memcached
ports:
- "11211:11211"
networks:
- network
mysql:
image: mysql:5.7
volumes:
- ./db-data:/var/lib/mysql
ports:
- "3306:3306"
networks:
- network
adminer:
image: adminer
restart: always
ports:
- "9001:8080"
networks:
- network
networks:
network:
driver: bridge
Since I am using a bridged network, I am able to access each container from another container using the container names. But what I want instead is, access the containers using the server_name of their nginx configuation.
Below are the nginx configuration of each application,
web-app.conf:
server {
listen 80;
server_name posbytz.local;
resolver 127.0.0.11 valid=10s;
location / {
proxy_pass http://web-app:3004;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
api.conf:
server {
listen 80;
index index.php index.html;
root /var/www/api/public;
server_name api.posbytz.local;
resolver 127.0.0.11 valid=10s;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass api:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
customer-api.conf
server {
listen 80;
index index.php index.html;
root /var/www/customer-api/public;
server_name customer-api.posbytz.local;
resolver 127.0.0.11 valid=10s;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass customer-api:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
The problem
I want to access both api and customer-api containers from web-app container. The problem is when I try curl http://nginx I'am only getting response from the api container. Is there any way to access the customer-api container through the nginx container?
What I tried
When I manually mapped the IP of nginx container (172.21.0.9) with their respective server_name in the /etc/hosts file on the web-app container it seems to work.
What I added on /etc/hosts file on web-app container:
172.21.0.9 api.posbytz.local
172.21.0.9 customer-api.posbytz.local
Is there any other way to achieve this without manual intervention?
Finally made it to work by changing the nginx configuration on customer-api.conf to listen on port 81 ie. listen 80; to listen 81;. Now http://nginx resolves to http://api:9000 and http://nginx:81 resolves to http://customer-api:9000
You can use aliases:
networks:
some-network:
aliases:
- api.posbytz.local
- customer-api.posbytz.local