I want to build anycable with my application but I get this error:
ActionController::RoutingError (No route matches [GET] "/cable")
and this is error in the browser:
action_cable.js:241 WebSocket connection to 'wss://portal.comp-moto.com/cable' failed:
This is my docker-compose.yml
version: "3"
volumes:
data-uploads:
packs:
services:
app:
build:
context: .
dockerfile: ./dockers/app/Dockerfile
container_name: comp_moto_app
restart: unless-stopped
ports:
- 3000:3000
volumes:
- .:/app
- /app/node_modules
- /app/public/assets
- /app/public/packs
depends_on:
- redis
environment:
- REDIS_URL_CACHING=redis://redis#redis:6379/0
db:
image: "postgres:14.1-alpine"
container_name: comp_moto_db
environment:
POSTGRES_USER: ${DOCKER_DB_USER}
POSTGRES_PASSWORD: ${DOCKER_DB_PASSWORD}
POSTGRES_DB: ${DOCKER_DB_NAME}
volumes:
- /docker_data/comp_moto_app/postgres:/var/lib/postgresql/data
ports:
- 5432:5432
nginx:
build:
context: .
dockerfile: ./dockers/web/Dockerfile
container_name: comp_moto_web
restart: unless-stopped
ports:
- 80:80
- 443:443
depends_on:
- app
volumes:
- ./dockers/web/nginx.conf:/etc/nginx/conf.d/default.conf
- ./public:/app/public
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
redis:
image: redis:6.2.6-alpine
container_name: comp_moto_redis
command: redis-server --requirepass ${REDIS_PASSWORD}
volumes:
- /docker_data/comp_moto/production/redis:/data
- ./dockers/redis/redis.conf:/usr/local/etc/redis/redis.conf
ports:
- 6379:6379
delayed_job:
build:
context: .
dockerfile: ./dockers/delayed_job/Dockerfile
container_name: comp_moto_delayed_job
command: bundle exec rails jobs:work
depends_on:
- db
volumes:
- .:/app
anycable:
build:
context: .
dockerfile: ./dockers/cable/Dockerfile
container_name: comp_moto_anycable
command: bundle exec anycable
environment:
ANYCABLE_REDIS_URL: redis://redis#redis:6379/0
ANYCABLE_RPC_HOST: 0.0.0.0:50051
ANYCABLE_DEBUG: 1
ports:
- '50051'
depends_on:
- redis
- db
ws:
image: anycable/anycable-go:latest-alpine
container_name: comp_moto_ws
ports:
- '8080:8080'
environment:
ANYCABLE_HOST: "0.0.0.0"
ANYCABLE_REDIS_URL: redis://redis#redis:6379/0
ANYCABLE_RPC_HOST: anycable:50051
ANYCABLE_DEBUG: 1
depends_on:
- redis
- anycable
sidekiq:
build:
context: .
dockerfile: ./dockers/sidekiq/Dockerfile
container_name: comp_moto_sidekiq
command: bundle exec sidekiq
depends_on:
- db
- redis
volumes:
- data-uploads:/app/public/uploads
this is my Dockerfile for anycale service
FROM ruby:3.0.1-alpine
RUN apk add --no-cache --update build-base \
linux-headers \
postgresql-dev \
tzdata \
git \
nodejs \
yarn \
libc6-compat
COPY Gemfile Gemfile.lock package*.json yarn.lock ./
RUN gem install bundler && bundle install --jobs 3
COPY . ./
EXPOSE 50051
ENTRYPOINT ["bundle", "exec"]
CMD ["anycable"]
I also add these to production.rb
config.after_initialize do
config.action_cable.url = ActionCable.server.config.url = ENV.fetch("CABLE_URL", "wss://portal.comp-moto.com/cable") if AnyCable::Rails.enabled?
end
config.action_cable.url = 'wss://portal.comp-moto.com/cable'
config.action_cable.allowed_request_origins = [ 'https://portal.comp-moto.com', /https:\/\/portal.comp-moto.com.*/ ]
this is anycale.yml
development:
redis_url: redis://localhost:6379/1
production:
redis_url: redis://:redis#redis:6379/0
access_logs_disabled: false
I use nginx, here is nginx
upstream rails_app {
server app:3000;
}
server {
# define your domain
listen 80;
server_name portal.comp-moto.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
server_name portal.comp-moto.com;
server_tokens off;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_send_timeout 1800;
client_max_body_size 20M;
client_body_buffer_size 20M;
client_body_timeout 1800;
client_header_timeout 1800;
keepalive_timeout 1800;
send_timeout 1800;
# define the public application root
root /app/public;
index index.html;
# serve static (compiled) assets directly if they exist (for rails production)
location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/ {
try_files $uri #rails;
access_log off;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
break;
}
# send non-static file requests to the app server
location / {
try_files $uri #rails;
}
ssl_certificate /etc/letsencrypt/live/portal.comp-moto.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.comp-moto.com/privkey.pem;
location #rails {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_redirect off;
proxy_pass http://rails_app;
}
location /wss {
proxy_pass https://portal.comp-moto.com:8080;
include proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Related
Hey I am trying to build a root for a personal portfolio. All containers are running except Streamlit. Streamlit should be accessible via mydomain.com/streamlit. Locally everything works without problems. After calling the homepage and running containers I get a white screen.
Streamlit Config:
[server]
headless=true
port=8501
enableCORS=false
enableXsrfProtection=false
enableWebsocketCompression=false
[browser]
serverAddress="0.0.0.0"
serverPort=8501
NGINX Config :
server {
listen 80;
server_name domain.de;
server_tokens off;
client_max_body_size 20M;
include /etc/nginx/mime.types;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name domain.de;
ssl_certificate /etc/nginx/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/certs/ss-bundle.key;
server_tokens off;
include /etc/nginx/mime.types;
client_max_body_size 20M;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /streamlit {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
proxy_pass http://streamlit:8501;
}
location /api {
try_files $uri #proxy_api;
}
location /admin {
try_files $uri #proxy_api;
}
location #proxy_api {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://backend:8000;
}
location /django_static/ {
autoindex on;
alias /app/backend/django_static/;
}
}
The Docker-Compose file:
version: '2'
services:
nginx:
restart: unless-stopped
build:
context: .
dockerfile: ./docker/nginx/Dockerfile
ports:
- 80:80
- 443:443
volumes:
- static_volume:/app/backend/django_static
- ./docker/nginx/production:/etc/nginx/conf.d
- ./docker/nginx/certs:/etc/nginx/certs
depends_on:
- backend
environment:
- COMPOSE_HTTP_TIMEOUT=200
backend:
restart: unless-stopped
build:
context: .
dockerfile: ./docker/backend/Dockerfile
entrypoint: /app/docker/backend/wsgi-entrypoint.sh
volumes:
- static_volume:/app/backend/django_static
environment:
- POSTGRES_NAME=postgres
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
- COMPOSE_HTTP_TIMEOUT=200
expose:
- 8000
depends_on:
- db
db:
image: postgres:13.0-alpine
volumes:
- postgres_data:/var/lib/postgresql/data/
ports:
- 5432:5432
environment:
- POSTGRES_USER=hello_django
- POSTGRES_PASSWORD=hello_django
- POSTGRES_DB=hello_django
- DB_ENGINE=django.db.backends.postgresql
- DB_HOST=db
- DB_PORT=5432
- DEBUG=1
redis:
image: redis:6.2
command: redis-server
ports:
- 6379:6379
restart: unless-stopped
environment:
- COMPOSE_HTTP_TIMEOUT=200
streamlit:
build:
context: .
dockerfile: ./docker/streamlit/Dockerfile
ports:
- 8501:8501
environment:
- COMPOSE_HTTP_TIMEOUT=200
entrypoint: /app/docker/streamlit/entrypoint.sh
volumes:
static_volume: {}
postgres_data:
And the Dockerfile for Streamlit:
# docker/streamlit/Dockerfile
FROM python:3.10.5
WORKDIR /app
ADD ./streamlit/portfolio-streamlit-wrapper/requirements.txt /app/streamlit/
RUN pip install --upgrade pip
RUN pip install -r streamlit/requirements.txt
ADD ./docker /app/docker
ADD ./streamlit/portfolio-streamlit-wrapper/ /app/streamlit
EXPOSE 8501
RUN chmod +x /app/docker/streamlit/entrypoint.sh
The whole project builds up normally. I have access to the Django Admin Dashboard and all containers are running. The regular home page is also displayed. Does anyone have any idea what the reason could be that the homepage changes the HTML - title but the streamlit dashboard is not visible?
Edit:
Streamlit is started due an entryscript: Which I cant explain why I created it.
#!/bin/sh
until cd /app/streamlit/
do
echo "Waiting for server volume..."
done
streamlit run welcome.py
My app structure is like this:
.
├── src
│ └── some go files
├── templates
├── static
|── images
|── js
└── styles
And here is my Dockerfile:
FROM golang:1.18
WORKDIR /usr/src/app
COPY go.mod .
COPY go.sum .
RUN go mod download
COPY . .
CMD ["go", "run", "src/cmd/main.go"]
And here is my docker-compose.yml:
version: "3.8"
services:
pgsql:
image: postgres
ports:
- "5432:5432"
volumes:
- todo_pg_db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=todo
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
app:
build: .
ports:
- "8080"
restart: always
depends_on:
- pgsql
nginx:
image: nginx
restart: always
ports:
- 801:801
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
volumes:
todo_pg_db:
And here is the nginx.conf:
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
server {
listen 801;
server_name 127.0.0.1;
charset utf-8;
keepalive_timeout 5;
location / {
# checks for static file, if not found proxy to app
try_files $uri #backend;
}
location #backend {
# client_max_body_size 10m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app:8080;
}
}
}
My problem is that nginx can't find static files.
Here is some example logs:
open() "/usr/src/app/static/styles/bootstrap.min.css" failed (2: No such file or directory)
But there is such directory.
when I exec to my docker container using this commad: sudo docker exec -it todo_app_1 bash.
Then I cat contents of the file, and it works fine!!!
cat /usr/src/app/static/styles/bootstrap.min.css
# output: file content...
I don't know what is wrong in here.
What am I missing?
I have fixed that using volumes:
nginx:
image: nginx
restart: always
ports:
- 801:801
volumes:
- ./static:/var/www
- ./nginx.conf:/etc/nginx/nginx.conf
and in nginx.conf:
location /static {
alias /var/www;
}
I hope one of you can help me.
I have a website running Strapi in Docker as Backend. I use Nginx as a server. For now, I have used it with the original URL, but I want to run it over HTTPS with an upstream URL like dashboard.website.com.
My problem is that I don’t know how to create the server.js file to tell Strapi that it should allow another URL instead of the standard one. There are many guides but none showing how to create it with docker-compose.
Can one of you explain how I can create the server.js file for Strapi and make Strapi aware of it when I run Docker-compose?
Here is a copy of my docker-compose.yml file:
version: '3'
services:
nodejs:
build:
context: .
dockerfile: Dockerfile
image: nodejs
container_name: nodejs
ports:
- 8081:8081
restart: unless-stopped
networks:
- app-network
webserver:
image: nginx:stable-perl
container_name: webserver
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- web-root:/var/www/html
- ./server/nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
depends_on:
- nodejs
networks:
- app-network
certbot:
image: certbot/certbot
container_name: certbot
volumes:
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
- web-root:/var/www/html
depends_on:
- webserver
command: certonly --webroot --webroot-path=/var/www/html --email [EMAIL ADDRESS] --agree-tos --no-eff-email --force-renewal -d [DOMAIN]
strapi:
container_name: strapi
image: strapi/strapi:3.6-alpine
environment:
- APP_NAME=strapi-app
- DATABASE_CLIENT=mongo
- DATABASE_HOST=db
- DATABASE_PORT=27017
- DATABASE_NAME=strapi
- DATABASE_USERNAME=
- DATABASE_PASSWORD=
- AUTHENTICATION_DATABASE=strapi
ports:
- 1337:1337
volumes:
- strapi-app:/srv/app
depends_on:
- db
restart: unless-stopped
networks:
- app-network
db:
container_name: mongo
image: mongo:4.4.5-bionic
environment:
- MONGO_INITDB_DATABASE=strapi
volumes:
- dbdata:/data/db
restart: unless-stopped
networks:
- app-network
networks:
app-network:
driver: bridge
volumes:
dbdata:
node_modules:
certbot-etc:
certbot-var:
strapi-app:
web-root:
driver: local
driver_opts:
type: none
device: /
o: bind
And here is a copy of my nginx configuration:
server {
listen 80;
listen [::]:80;
access_log off;
server_name [DOMAIN];
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
if ($http_user_agent ~ (LieBaoFast|UCBrowser|MQQBrowser|Mb2345Browser) ) {
return 403;
}
location / { return 301 https://[DOMAIN].org$request_uri; }
}
upstream dashboard {
server strapi:1337;
}
server {
listen 443 ssl;
server_name [DOMAINN];
access_log off;
ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem;
if ($http_user_agent ~ (LieBaoFast|UCBrowser|MQQBrowser|Mb2345Browser) ) {
return 403;
}
# WEBSITE
location / {
proxy_pass http://nodejs:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# STRAPI - ADMIN
location /d {
#rewrite ^/d/?(.*)$ /$1 break;
proxy_pass http://dashboard;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
}
I am trying to deploy a simple Django Rest Framework app to the production server using Docker. My aim is to install Nginx with a proxy and Certbot for a regular Let'sEncrypt SSL at the same time. I manage my dependencies in DockerFiles and docker-compose.
So the folder structure has the following view:
app
DockerFile
nginx
DockerFile
init-letsencrypt.sh
nginx.conf
docker-compose.yml
My idea is to hold all the configs in app/docker-compose.yml and start many different instances from the same source. But I do not have any nginx or certbot config in app/DockerFile - that's only for Django Rest Framework and that works well. But in docker-compose.yml I have the following code:
version: '3'
'services':
app:
container_name: djangoserver
command: gunicorn prototyp.wsgi:application --env DJANGO_SETTINGS_MODULE=prototyp.prod_settings --bind 0.0.0.0:8000 --workers=2 --threads=4 --worker-class=gthread
build:
context: ./api
dockerfile: Dockerfile
restart: always
ports:
- "8000:8000"
depends_on:
- otherserver
otherserver:
container_name: otherserver
build:
context: ./otherserver
dockerfile: Dockerfile
restart: always
nginx:
build: ./nginx
ports:
- 80:80
depends_on:
- app
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
This makes me to build "app", "otherserver", "nginx" and "certbot".
The most important parts are in "nginx" folder.
I used this manual and cloned file "init-letsencrypt.sh" from the source just the way it was described. Then I tried to bash it:
nginx/DockerFile:
FROM nginx:1.19.0-alpine
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/conf.d
RUN mkdir -p /usr/src/app
COPY init-letsencrypt.sh /usr/src/app
WORKDIR /usr/src/app
RUN chmod +x init-letsencrypt.sh
ENTRYPOINT ["/usr/src/app/init-letsencrypt.sh"]
In nginx/nginx.conf I have the following code:
upstream django {
server app:8000;
}
server {
listen 80;
server_name app.com www.app.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name app.com www.app.com;
access_log /var/log/nginx-access.log;
error_log /var/log/nginx-error.log;
ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location ^/static/rest_framework/((img/|css/|js/|fonts).*)$ {
autoindex on;
access_log off;
alias /usr/src/app/static/rest_framework/$1;
}
location / {
proxy_pass http://django;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_buffer_size 256k;
proxy_connect_timeout 120;
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 100M;
}
}
So, with this configuration when I do "docker-compose build", the build works without any errors and everything is successfully built. But as soon as I do "docker-compose up" I have the problem that certbot and nginx are not connect and the app is working only when I use http://app.com:8000 instead of https://app.com.
In console I do not have any errors.
What do I do wrong? What have I missed? Any help will be appreciated.
I see in your setup you try to run let's encrypt from within the nginx container. But I believe there are two better way that I describe in details here and here.
The idea behind the first method is to have a docker-compose file to initiate the letsencrypt certificate, and another docker-compose file to run the system and renew the certificate.
So without further ado, here is the file structure and content that is working really well for me (you still need to adapt the files to suit your needs)
./setup.sh
./docker-compose-initiate.yaml
./docker-compose.yaml
./etc/nginx/templpates/default.conf.template
./etc/nginx/templpates-initiation/default.conf.template
The setup in 2 phases:
In the first phase "the initiation phase" we will run an nginx container, and a certbot container just to obtain the ssl certificate for the first time and store it on the host ./etc/letsencrypt folder
I the second phase "the operation phase" we run all necessary services for the app including nginx that will use the letsencrypt folder this time to serve https on port 443, a certbot container will also run (on demand) to renew the certificate. We can add a cron job for that. So the setup.sh script is a simple convenience script that runs the commands one after another:
#!/bin/bash
# the script expects two arguments:
# - the domain name for which we are obtaining the ssl certificatee
# - the Email address associated with the ssl certificate
echo DOMAIN=$1 >> .env
echo EMAIL=$2 >> .env
# Phase 1 "Initiation"
docker-compose -f ./docker-compose-first.yaml up -d nginx
docker-compose -f ./docker-compose-first.yaml up certbot
docker-compose -f ./docker-compose-first.yaml down
# Phase 2 "Operation"
crontab ./etc/crontab
docker-compose -f ./docker-compose.yaml up -d
Phase 1: The ssl certificate initiation phase:
./docker-compose-initiate.yaml
version: "3"
services:
nginx:
container_name: nginx
image: nginx:latest
environment:
- DOMAIN
ports:
- 80:80
volumes:
- ./etc/nginx/templates-initiate:/etc/nginx/templates:ro
- ./etc/letsencrypt:/etc/letsencrypt:ro
- ./certbot/data:/var/www/certbot
certbot:
container_name: certbot
image: certbot/certbot:latest
depends_on:
- nginx
command: >-
certonly --reinstall --webroot --webroot-path=/var/www/certbot
--email ${EMAIL} --agree-tos --no-eff-email
-d ${DOMAIN}
volumes:
- ./etc/letsencrypt:/etc/letsencrypt
- ./certbot/data:/var/www/certbot
./etc/nginx/templates-initiate/default.conf.template
server {
listen [::]:80;
listen 80;
server_name $DOMAIN;
location ~/.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
}
Phase 2: The operation phase
./docker-compose.yaml
services:
app:
{{your_configurations_here}}
{{other_services...}}:
{{other_services_configuraitons}}
nginx:
container_name: nginx
image: nginx:latest
restart: always
environment:
- DOMAIN
depends_on:
- app
ports:
- 80:80
- 443:443
volumes:
- ./etc/nginx/templates:/etc/nginx/templates:ro
- ./etc/letsencrypt:/etc/letsencrypt
- ./certbot/data:/var/www/certbot
- /var/log/nginx:/var/log/nginx
certbot:
container_name: certbot
image: certbot/certbot:latest
depends_on:
- nginx
command: >-
certonly --reinstall --webroot --webroot-path=/var/www/certbot
--email ${EMAIL} --agree-tos --no-eff-email
-d ${DOMAIN}
volumes:
- ./etc/letsencrypt:/etc/letsencrypt
- ./certbot/data:/var/www/certbot
./etc/nginx/templates/default.conf.template
server {
listen [::]:80;
listen 80;
server_name $DOMAIN;
return 301 https://$host$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name $DOMAIN;
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://app:80;
}
}
The second method uses two docker images: http-proxy and http-proxy-acme-companion that were developed specifically for this reason. I suggest looking at the blog post for further details.
As I see, you havenot exposed port 443 for nginx container:
nginx:
build: ./nginx
ports:
- 80:80
- 443:443
depends_on:
Add more 443 port.
When I start de Project with php artisan serve everything works fine, but when I start my project with docker-compose up -d there is an error: 403 Forbidden nginx/1.10.3
Nginx default file:
listen [::]:80;
listen 80;
root /var/www/html/public;
index index.html index.htm index.php;
server_name {{getenv "NGINX_SERVER_NAME"}};
server_tokens off;
charset utf-8;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/usr/local/var/run/php-fpm.sock;
}
error_page 404 /index.php;
location ~ /\.ht {
deny all;
}
add_header X-Served-By Bitpress.io;
include h5bp/basic.conf;
}
and here is my docker-compose File
docker-compose.yml
version: "3"
networks:
app-tier:
driver: bridge
services:
app:
image: test
container_name: site
build:
context: .
dockerfile: docker/Dockerfile
networks:
- app-tier
env_file:
- .docker.env
ports:
- 5050:80
volumes:
- .:/var/www/html
environment:
APP_ENV: local
CONTAINER_ROLE: app
scheduler:
image: test
container_name: scheduler
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
environment:
CONTAINER_ROLE: scheduler
queue:
image: test
container_name: queue
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
environment:
CONTAINER_ROLE: queue
I've seen, that the Permissions from the Directories is root.
I have tried to change it with the commandRUN chown -R www-data:www-data /var/www/html but it not works.
I just update what you have, but won't fix 100% your issues, some stuff have ot be done too, but without all information I cannot do more.
You may need to add php-fpm into your docker-compose.yml
nginx.conf
server {
listen [::]:80;
listen 80;
# will be remove if you run everything inside container
root /var/www/html/public;
# will be remove if you run everything inside container
index index.html index.htm index.php;
server_name {{getenv "NGINX_SERVER_NAME"}};
server_tokens off;
charset utf-8;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
# will be remove
# location / {
# try_files $uri $uri/ /index.php$is_args$args;
# }
# Add this, now nginx only redirect request to expose socket from docker
location / {
proxy_pass http://localhost:5050
proxy_ser_header X-Served-By Bitpress.io;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/usr/local/var/run/php-fpm.sock;
}
# will be remove if you run everything inside container
error_page 404 /index.php;
location ~ /\.ht {
deny all;
}
# will be remove if you run everything inside container
add_header X-Served-By Bitpress.io;
include h5bp/basic.conf;
}
docker-compose.yml
version: "3"
networks:
app-tier:
driver: bridge
services:
app:
image: test
container_name: site
build:
context: .
dockerfile: docker/Dockerfile
networks:
- app-tier
env_file:
- .docker.env
ports:
- 5050:80
volumes:
- .:/var/www/html
# - /absolute/path/better:/var/www/html
environment:
APP_ENV: local
CONTAINER_ROLE: app
scheduler:
image: test
container_name: scheduler
networks: # <-- add thisadd this
- app-tier # <-- add thisadd this
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
# - /absolute/path/better:/var/www/html
environment:
CONTAINER_ROLE: scheduler
queue:
image: test
container_name: queue
networks: # <-- add thisadd this
- app-tier # <-- add thisadd this
depends_on:
- app
env_file:
- .docker.env
volumes:
- .:/var/www/html
# - /absolute/path/better:/var/www/html
environment:
CONTAINER_ROLE: queue
You may have an issues between env_file: and CONTAINER_ROLE who have the priority: your 3 containers share the shame .docker.env it may be an issues. it may be a good idead to have:
.docker.app.env
.docker.scheduler.env
.docker.queue.env