Nginx in docker can't find cert files - docker

I generated certificates on my host machine, they are located in /etc/letsencrypt
Then, in my docker-compose.yml I have following configuration
frontend:
build: ./frontend
container_name: frontend
ports:
- 8080:80
networks:
- not-exposed
- exposed
volumes:
- /etc/letsencrypt:/etc/letsencrpt
For testing purposes, I stopped at this point and I started container to see if I can access those files and they are inside my container
However, moving to my nginx default.conf file, I have following code there
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
Unfortunatelly, when I run docker-compose up, it fails with
2022/10/26 13:51:38 [emerg] 1#1: cannot load certificate
"/etc/letsencrypt/live/domain.com/fullchain.pem": BIO_new_file()
failed (SSL: error:02001002:system library:fopen:No such file or
directory:fopen('/etc/letsencrypt/live/domain.com/fullchain.pem','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
Any idea why? Like I mentioned, this file is there on container that holds nginx and my frontend, why it can't be opened?

Related

Error 504 Gateway Time-out when running nginx in docker through docker-compose

I'm using nginx in docker-compose file for handling my frontend and backend website.
I had no problems for a long time but once I've got the error "504 Gateway Time-out" when I try to access my project through localhost and it's port
http://localhost:8080
when I type docker Ip and its port
http://172.18.0.1:8080
I can access the project and nginx works correctly.
I'm sure my config file is correct because It was working for 6 months and I don't know what happened for it.
what should I check to find the problem?
docker-compose file:
.
.
.
nginx:
container_name: nginx
image: nginx:1.19-alpine
restart: unless-stopped
ports:
- '8080:80'
volumes:
- ./frontend:/var/www/html/frontend
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
networks:
- backend_appx
networks:
backend_appx :
external: true
.
.
nginx config file:
upstream nextjs_upstream {
server next_app:3000;
}
server {
listen 80 default_server;
server_name _;
server_tokens off;
# set root
root /var/www/html/frontend;
# set log
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location /_next/static {
proxy_cache STATIC;
proxy_pass http://nextjs_upstream;
add_header X-Cache-Status $upstream_cache_status;
}
}

Nginx container can't find plotly dash javascript within mounted volume

I have a web service powered via plotly dash running in a docker container reverse proxied by an nginx container, all coordinated via docker compose.
docker-compose.yaml
services:
reverse_proxy:
image: nginx:1.17.10
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:Z,ro # nginx configuration
- ../../resources:/usr/share/nginx/html/:Z,ro # static assets, 404.html etc
- /etc/pki/tls/certs/:/etc/pki/tls/certs/:Z,ro # SSL stuff
ports:
- "80:80"
- "443:443"
depends_on:
- my_server
my_server:
image: my_server:v1.2.3
command: --config /app/configs/prod.yaml --port 8050 8051
nginx.conf
upstream my_server {
ip_hash;
server my_server:8050;
server my_server:8051;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
server_name my-server.com;
root /usr/share/nginx/html; # I assume this has something to do with it!
ssl_certificate /etc/pki/tls/certs/2022/my-server.crt;
ssl_certificate_key /etc/pki/tls/certs/2022/my-server.key;
ssl_password_file /etc/pki/tls/certs/2022/my-server.txt;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /prod/app/ {
proxy_pass http://my_server/;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = / {
root /usr/share/nginx/html; # or this...?
index index.html;
}
Upon running docker compose up --remove-orphans --force-recreate --renew-anon-volumes
I see the success message that my Dash server is running:
Dash is running on http://0.0.0.0:8050/
and the nginx container starts without error. However when I query my service via https://my-server.com/prod/app/
nginx fails to (cache?) and load plotly Dash javascript within its specified root directory:
# the location seems to be found and routed correctly
10.10.193.8 - - [28/Oct/2022:15:31:21 +0000] "GET /prod/app/ HTTP/1.1" 200 5324 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:106.0) Gecko/20100101 Firefox/106.0" "-"
# fails due to css file not found
my-server-reverse_proxy-1 | 2022/10/28 15:31:21 [error] 7#7: *1 open() "/usr/share/nginx/html/assets/styles.css" failed (2: No such file or directory), client: 10.10.193.8, server: my-server.com, request: "GET /assets/styles.css?m=1666209805.0 HTTP/1.1", host: "my-server.com", referrer: "https://my-server.com/prod/app/"
# fails due to javascript not found
my-server-reverse_proxy-1 | 2022/10/28 15:31:21 [error] 7#7: *1 open() "/usr/share/nginx/html/_dash-component-suites/dash/dcc/dash_core_components.v2_6_2m1666209805.js" failed (2: No such file or directory), server: my-server.com, request: "GET /_dash-component-suites/dash/dcc/dash_core_components.v2_6_2m1666209805.js HTTP/1.1", host: "my-server.com", referrer: "https://my-server.com/prod/app/"
To debug I examined the contents of my nginx container the root directory does exist:
root#4c7190ea055a:/usr/share/nginx/html# ls
404.html 40x.html 50x.html bg.jpg index.html
I am not sure which of the following is causing this error:
nginx mis-configuration (I need to specify the server block root dir somewhere else?)
plotly Dash mis-configuration (I need to tell it to cache / load somewhere else?)
nginx docker volume issue (Doesnt seem to be the issue since I can view the folder inside the container?)
Any help is greatly appreciated!

docker nginx - 404 not found

I followed these steps to setup nginx in docker at my server:
I create a nginx/ folder and put all the docker-compose.yml and conf.d/ with conf.d/default.conf accordingly.
docker-compose.yml:
version: "3.8"
services:
web:
image: nginx:latest
restart: always
volumes:
- ./public:/var/www/html
- ./conf.d:/etc/nginx/conf.d
- ./certbot/conf:/etc/nginx/ssl
- ./certbot/data:/var/www/certbot
ports:
- 80:80
- 443:443
certbot:
image: certbot/certbot:latest
command: certonly --webroot --webroot-path=/var/www/certbot --email abc#xyz.com --agree-tos --no-eff-email -d example.com -d www.example.com
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/logs:/var/log/letsencrypt
- ./certbot/data:/var/www/certbot
and my cond.f/default.conf:
server {
listen [::]:80;
listen 80;
server_name example.com www.example.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
# redirect http to https www
return 301 https://www.example.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name example.com;
# SSL code
ssl_certificate /etc/nginx/ssl/live/example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/example.com/privkey.pem;
root /var/www/html;
location / {
index index.html;
}
return 301 https://www.example.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name www.example.com;
# SSL code
ssl_certificate /etc/nginx/ssl/live/example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/example.com/privkey.pem;
root /var/www/html/example/public;
location / {
index index.html;
}
}
I am sure the SSL is working because I can access https://example.com with no problem.
But I always get 404 not found.
I do have a public/ folder in nginx/ folder with index.html. But somehow I always get 404.
I am using Ubuntu 20.
How can I resolve this?

Ok, after #Amin's comments, I read carefully on my config file, and found out that with all the rerouting of the port 80 to port 443, the root folder actually change to /var/www/html/example/public. so I just have to change my docker-compose volume binding from:
volumes:
- ./public:/var/www/html
to
volumes:
- ./public:/var/www/html/example/public
Now it works.

docker-compose up fails for nginx container

I am getting the following error when I run docker-compose up:
backend_1_a5b5a2caf6fc | 2019/04/28 21:40:49 [emerg] 1#1: no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:4
backend_1_a5b5a2caf6fc | nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:4
...
...
production_backend_1_a5b5a2caf6fc exited with code 1
Here is my Dockerfile for nginx:
FROM nginx
COPY nginx.conf /etc/nginx/conf.d/default.conf
default.conf:
fastcgi_cache_path /dev/shm levels=1:2 keys_zone=laravel:100m;
fastcgi_cache_key "$scheme$request_method$host$request_uri$query_string";
server {
listen 80 default_server;
root /var/www/public;
index index.php index.html;
client_max_body_size 5M;
...
...
docker-compose.yml:
version: '3'
services:
backend:
build: ./nginx
depends_on:
- db
- redis
working_dir: /var/www
volumes:
- ../../src:/var/www
ports:
- 80:80
...
...

This means that you have not setup ssl correctly (you're missing a server certificate). Since you have mapped port 80 and not 443 in your docker-compose i assume you're not going to use SSL.
Simply remove the following line in your nginx.conf to disable ssl:
listen 443 ssl http2;
be sure to rebuild and restart your nginx container.

Do you have any other server listening on port 443.Try to delete all symbolic links from /etc/nginx/sites-enabled except this one server you want to make work

But, if someone need to use SSL, this error means that your server section is missing ssl_certificate and ssl_certificate_key declarations. You need to have a .crt and a .key file to run with ssl.
It should looks like
server {
listen 80;
listen 443 default_server ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
... other declarations
}

Set up https access to nginx docker container

I want to be able to access an nginx docker container via the https at https://192.168.99.100. By now I have done the following:
Dockerfile:
FROM nginx
COPY certs/nginx-selfsigned.crt /etc/ssl/certs/
COPY certs/nginx-selfsigned.key /etc/ssl/private/
COPY default-ssl.conf /etc/nginx/sites-available/default
EXPOSE 443
I have the correspondent certificate files in folder certs.
The default-ssl.conf:
server {
listen 80;
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
docker-compose.yaml
version: '3'
services:
nginx:
image: mynamespace/nginx_pma
container_name: nginx_pma
build:
context: .
ports:
- 443:443
- 80:80
So, when I run this, I am able to access: 192.168.99.100 which shows NGINX welcome page, but I am unable to make it work on https://192.168.99.100.
The host is Windows 7 with docker toolbox.
Any sugestions?

The reason for your error is because your copying the nginx SSL configuration to a folder nginx does not load by default.
After changing this line in the Dockerfile -
COPY default-ssl.conf /etc/nginx/sites-available/default
To this -
COPY default-ssl.conf /etc/nginx/conf.d/default-ssl.conf
I'm able to reach Nginx with https.

Resources