I'm using docker to run an app built with laravel, everything was working fine until for some reason I did a reset to factory default and then built the image again and ran the container but now I'm getting this warning
AH00112: Warning: DocumentRoot [/var/www/html/kh/public] does not exist
though this root does exist and it was working fine before I resetted docker to the factory default.
this is docker-compose.yml file
services:
kh:
build:
context: ./
dockerfile: Dockerfile
args:
uid: ${UID}
container_name: kh
environment:
- APACHE_RUN_USER=#${UID}
- APACHE_RUN_GROUP=#${UID}
depends_on:
- khdb
ports:
- 3000:80
- 8443:443
volumes:
- ./:/var/www/html/kh
networks:
backend:
aliases:
- kh
vhost.config file
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
SSLHonorCipherOrder on
#SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384::ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:RSA-WITH-AES-256-GCM-SHA384:DHE-RSA-WITH-AES-256-GCM-SHA384
<VirtualHost *:80>
ServerName schooling.test
ServerAlias www.schooling.test
ServerAdmin info#schooling.test
DocumentRoot ${APACHE_DOCUMENT_ROOT}
<Directory ${APACHE_DOCUMENT_ROOT}>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/apache2/schooling-error.log
CustomLog /var/log/apache2/schooling-access.log combined
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/key.pem
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
SSLCACertificateFile /etc/apache2/ssl/key.pem
SSLUseStapling On
SSLProtocol TLSv1.2
SSLProxyProtocol TLSv1.2
ServerName schooling.test
ServerAlias www.schooling.test
ServerAdmin info#schooling.test
DocumentRoot ${APACHE_DOCUMENT_ROOT}
<Directory ${APACHE_DOCUMENT_ROOT}>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/apache2/schooling-error.log
CustomLog /var/log/apache2/schooling-access.log combined
</VirtualHost>
Problem was solved by running:
docker image prune -a
docker-compose up -d --build
Related
I'm trying to dockerise a symfony2 application. The container is up and running without any errors. However, I'm getting 'An error occurred during a connection to localhost' when I hit http://localhost:8081 in the browser
docker-compose.yml
version: "3.8"
services:
app:
container_name: "${PROJECT_NAME}"
build:
context: .
dockerfile: ./Dockerfile
restart: 'always'
ports:
- 8081:80
volumes:
- .:/var/www/html
- ${LOG_DIR-./logs/apache2}:/var/log/apache2
Dockerfile
FROM php:7.0-apache
RUN a2enmod rewrite
COPY ./000-default.conf /etc/apache2/sites-available/000-default.conf
// installing php extensions / libraries and composer ..
EXPOSE 80
CMD ["apache2-foreground"]
000-default.conf
Listen 80
<VirtualHost *:80>
ServerName localhost
DocumentRoot /var/www/html/web
<Directory /var/www/html/web>
EnableSendfile Off
AllowOverride None
Order Allow,Deny
Allow from All
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app_dev.php [QSA,L]
</IfModule>
</Directory>
</VirtualHost>
I generated ssl certificates(referred to https://medium.com/#nh3500/how-to-create-self-assigned-ssl-for-local-docker-based-lamp-dev-environment-on-macos-sierra-ab606a27ba8a) and updated the files as below
000-default.conf
// added this to my existing 000-default.conf (pls refer to the question)
<VirtualHost *:443>
DocumentRoot "/var/www/html/web"
ServerName localhost
SSLEngine on
SSLCertificateFile "/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/server.key"
<Directory /var/www/html/web>
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app_dev.php [QSA,L]
</IfModule>
</Directory>
</VirtualHost>
docker-compose.yml
ports:
- "8081:80"
- "8082:443"
Dockerfile
FROM php:7.0-apache
COPY server.crt /etc/apache2/ssl/server.crt
COPY server.key /etc/apache2/ssl/server.key
COPY 000-default.conf /etc/apache2/sites-available/000-default.conf
COPY php.ini /usr/local/etc/php/php.ini
RUN a2enmod rewrite
RUN a2enmod ssl
// installing php libraries
// composer install
// EXPOSE ports
CMD ["apache2-foreground"]
I am pretty new for the topic server configuration and now I got a problem with to reach a container with ssl certificate.
What is my setup:
I've got a raspberry pi with docker on it. The container which is connected to port 80 and 443 is a reverse proxy which is directing incoming subdomains to different other container.
Example:
webserver.my-domain.com is leading to IP 192.168.178.69:8080. I archived this through this config in the folder sites-enabled:
<VirtualHost *:80>
ServerName webserver.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:8080/
ProxyPassReverse / http://192.168.178.69:8080/
RewriteEngine on
RewriteCond %{SERVER_NAME} =webserver.my-domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I also created a let's encrypt certificate inside of the reverse proxy container. This created an additional file webserver-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName webserver.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:8080/
ProxyPassReverse / http://192.168.178.69:8080/
SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
So far so good. My content is available if I try the URL https://webserver.my-domain.com.
What is my Problem
I use Portainer to manage my docker container and I want Portainer to be available through portainer.my-domain.com.
So this is the portainer config inside of sites-enabled:
<VirtualHost *:80>
ServerName portainer.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:9443/
ProxyPassReverse / http://192.168.178.69:9443/
RewriteEngine on
RewriteCond %{SERVER_NAME} =portainer.my-domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And also the ssl config for this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName portainer.my-domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.69:9443/
ProxyPassReverse / http://192.168.178.69:9443/
SSLCertificateFile /etc/letsencrypt/live/my-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my-domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
If I call 192.168.178.69:9443/ I can reach the container without problems.
But if I try to reach the URL portainer.my-domain.com I just got the Message:
Client sent an HTTP request to an HTTPS server.
But in the URL shows: https://portainer.my-domain.com/.
So I don't understand why there is an HTTP request, even if my browser shows me that the connection is with https.
Can someone explain this to me and show me how to fix this?
Update: My solution
With a lot of tries I found a solution:
As I run the reverse proxy and the portainer as docker containers, I put both containers into a network with docker-compose:
version: "3.4"
services:
apache:
build:
context: .
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- /home/pi/reverse-proxy/:/etc/apache2
networks:
- homeserver
portainer:
image: portainer/portainer-ce:latest
ports:
- "8000:8000"
- "9000:9000"
- "9443:9443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
- homeserver
networks:
homeserver:
volumes:
portainer_data:
The volume of the apache2 is the complete config folder of /etc/apache2. After that I changed the IP of the ProxyPass to the name of the container:
ProxyPass / http://reverse-proxy_portainer_1:9000/
ProxyPassReverse / http://reverse-proxy_portainer_1:9000/
After this changes it worked.
I had the same problem with Portainer 2.13.1 behind an Apache2 proxy. I solved it by running the image with the option enabling port 9000 which is Portainer's HTTP port. This assumes that you will block port 9000 externally and access it only via the proxy which is protected by HTTPS. This is my command:
docker run -d -p 9000:9000 -p 8000:8000 -p 9443:9443 \
--name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data
portainer/portainer-ce:latest
My VirtualHost file then points to port 9000 like so:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
Proxyrequests Off
ServerName docker.<domain.tld>
ServerAdmin admin#<domain.tld>
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
ErrorLog ${APACHE_LOG_DIR}/portainer-error.log
CustomLog ${APACHE_LOG_DIR}/portainer-access.log combined
SSLCertificateFile /etc/letsencrypt/live/docker.<domain.tld>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/docker.<domain.tld>/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Make sure ports 8000, 9000 and 9443 are not accessible externally using a tool like ufw in Linux.
So based on your question it seems that this works
ProxyPass / http://192.168.178.69:8080/
But this does not:
ProxyPass / http://192.168.178.69:9443/
Note that in both cases a plain http:// protocol is used, even though different port are involved. And a port number of 9443 suggests that you are expected https:// and not http:// here. If this is the case this would explain the error message you got: a plain HTTP request is send because of setting the protocol to http:// instead of https://.
But in the URL shows: https://portainer.my-domain.com/
This protocol here is relevant for the connection between client and nginx, not between nginx and the inner server. The latter one depends on the protocol given in the ProxyPass URL.
I'm having trouble setting up SSL with custom port in docker (without redirection).
This is my files:
docker-compose.yml
version: "3.6"
services:
apache-php:
container_name: apache-php
image: php:7.4.8-apache
restart: unless-stopped
volumes:
- ./web:/var/www/html
- ./ssl:/etc/apache2/ssl
- ./sites-enabled:/etc/apache2/sites-enabled
- ./ports.conf:/etc/apache2/ports.conf
working_dir: /var/www/html
ports:
- 80:80
- 443:443
- 2805:2805
sites-enabled/example.com.conf
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Listen 2805
Listen 443
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
ErrorLog /var/www/logs/error.log
CustomLog /var/www/logs/access.log combined
</VirtualHost>
<VirtualHost *:2805>
ServerName example.com
DocumentRoot /var/www/manage
ErrorLog /var/www/logs/manage-error.log
CustomLog /var/www/logs/manage-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
SSLProxyEngine On
<Location />
ProxyPass http://example.com:2805/
ProxyPassReverse http://example.com:2805/
</Location>
</VirtualHost>
I generated certificate files using the command of lynxman at https://serverfault.com/a/224127
openssl genrsa 2048 > ssl/example.com.key
chmod 400 ssl/example.com.key
openssl req -new -x509 -nodes -sha256 -days 365 -key ssl/example.com.key -out ssl/example.com.crt
Then I run docker-compose up command, everything works fine
I can access to http://example.com:2805 but can't access to domain with SSL https://example.com:2805
And I have received the message of the browser:
This site can't provide a secure connection
example.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Any help is much appreciated as I am really struggling here.
I am trying to setup SSL for rails 4 app. I have successfully setup the SSL which i bought from rapidSSL.
this is my configuration file used in apache2 and rails
<VirtualHost *:80>
ServerName example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
ServerName example.com
ServerAlias example.com
RequestHeader set X-FORWARDED-PROTO "https"
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt
ServerPath /www
<Directory "/var/www">
</Directory>
</VirtualHost>
config/application.rb
config.force_ssl = true
However, when i run rails s -p 80, it just list the file structure of the folder instead of running the app. I have tried googling around and it seems that i need to use force WEBrick to use SSL but the guide i found here is only for rails 3. Hope someone could help me. Thanks in advance.
Take a look at this blog. Looks perry good and works for me
http://www.napcsweb.com/blog/2013/07/21/rails_ssl_simple_wa/
I just need some clarification on a couple of files.
My site has an admin subdomain and SSL in addition to the normal *:80 details found in the virtual hosts.
My question(s): Do I need to specify a 1) ServerName and 2) DocumentRoot in: /etc/apache2/apache2.conf?
I currently enable my site from this directory: /etc/apache2/sites-available/site
Here are the contents of my site file in the above directory (/etc/apache2/sites-available/site):
<VirtualHost *:80>
ServerName www.site.com
ServerAlias www.site.com
DocumentRoot /home/user/public_html/site/current/public
RailsAllowModRewrite off
<directory "/home/user/public_html/site/current/public">
Order allow,deny
Allow from all
</directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.site.com
ServerAlias admin.site.com
DocumentRoot /home/user/public_html/site/current/public
RailsAllowModRewrite off
<directory "/home/user/public_html/site/current/public">
Order allow,deny
Allow from all
</directory>
</VirtualHost>
<VirtualHost *:443>
ServerName www.site.com
ServerAlias www.site.com
# SSL releated
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /path/to/site.com.crt
SSLCertificateChainFile /path/to/bundle.crt
SSLCertificateKeyFile /path/to/site.key
# Used by rails
RequestHeader set X_FORWARDED_PROTO "https"
</VirtualHost>
Do you see anything wrong?
Looks like I was missing a DocumentRoot in my SSL VirtualHost. Fixed! (also cleaned up those aliases)