Develop Reference

Redirect Odoo 8069 to HTTPS without VPC config (AWS/VPS)

I created a Github repo weeks ago with Docker Compose, Odoo, PostgreSQL, Certbot, Nginx as a proxy server, and a little bit of PHP stuff (Symfony) -> https://github.com/Inushin/dockerOdooSymfonySSL When I was trying the config I found that NGINX worked as it was supposed to and you get the correct HHTP -> HTTPS redirect, BUT if you put the port 8069, the browser goes to HTTP. One of the solutions should be configured de another VPC, but I was thinking about using this repo for other "minimal VPS services" and not needing another VPC, so... how could I solve this? Maybe from Odoo config? Is something missing in the NGINX conf?
NGINX
#FOR THE ODOO DOMAIN
server {
listen 80;
server_name DOMAIN_ODOO;
server_tokens off;
location / {
return 301 https://$server_name$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
server_name DOMAIN_ODOO;
server_tokens off;
location / {
proxy_pass http://web:8069;
proxy_set_header Host DOMAIN_ODOO;
proxy_set_header X-Forwarded-For $remote_addr;
}
ssl_certificate /etc/letsencrypt/live/DOMAIN_ODOO/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN_ODOO/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
docker-compose.yml
nginx:
image: nginx:1.15-alpine
expose:
- "80"
- "443"
ports:
- "80:80"
- "443:443"
networks:
- default
volumes:
- ./data/nginx:/etc/nginx/conf.d/:rw
- ./data/certbot/conf:/etc/letsencrypt/:rw
- ./data/certbotSymfony/conf:/etc/letsencrypt/symfony/:rw
- ./data/certbotSymfony/www:/var/www/certbot/:rw
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
web:
image: odoo:13.0
depends_on:
- db
ports:
- "8069:8069/tcp"
volumes:
- web-data:/var/lib/odoo
- ./data/odoo/config:/etc/odoo
- ./data/odoo/addons:/mnt/extra-addons

502 Error on Production Deployment Django & Nginx using a docker compose file

I am using docker-compose to build containers and to serve the frontend of my website at https:// example.com and the backend at a subdomain, https:// api.example.com. The SSL certificates for both the root and subdomain are working properly, and I can access the live site (static files served by Nginx) at https:// example.com so at least half of the configuration is working properly. The problem occurs when the frontend tries to communicate with the backend. All calls are met with a "No 'Access-Control-Allow-Origin'" 502 Error in the console logs. In the logs of the docker container, this is the error response.
Docker Container Error
2022/03/09 19:01:21 [error] 30#30: *7 connect() failed (111: Connection refused) while connecting
to upstream, client: xxx.xx.xxx.xxx, server: api.example.com, request: "GET /api/services/images/
HTTP/1.1", upstream: "http://127.0.0.1:8000/api/services/images/",
host: "api.example.com", referrer: "https://example.com/"
I think it's likely that something is wrong with my Nginx or docker-compose configuration. When setting the SECURE_SSL_REDIRECT, SECURE_HSTS_INCLUDE_SUBDOMAINS, and the SECURE_HSTS_SECONDS to False or None (in the Django settings) I am able to hit http:// api.example.com:8000/api/services/images/ and get the data I am looking for. So it is running and hooked up, just not taking requests from where I want it to be. I've attached the Nginx configuration and the docker-compose.yml. Please let me know if you need more info, I would greatly appreciate any input, and thanks in advance for the help.
Nginx-custom.conf
# Config for the frontend application under example.com
server {
listen 80;
server_name example.com www.example.com;
if ($host = www.example.com) {
return 301 https://$host$request_uri;
}
if ($host = example.com) {
return 301 https://$host$request_uri;
}
return 404;
}
server {
server_name example.com www.example.com;
index index.html index.htm;
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers $http_access_control_request_headers;
add_header Access-Control-Allow-Methods $http_access_control_request_method;
location / {
root /usr/share/nginx/html;
try_files $uri /index.html =404;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
##### Config for the backend server at api.example.com
server {
listen 80;
server_name api.example.com;
return 301 https://$host$request_uri;
}
server {
server_name api.example.com;
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers $http_access_control_request_headers;
add_header Access-Control-Allow-Methods $http_access_control_request_method;
location / {
proxy_pass http://127.0.0.1:8000/; #API Server
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
Docker-Compose File
version: '3.9'
# services that make up the development env
services:
# DJANGO BACKEND
backend:
container_name: example-backend
restart: unless-stopped
image: example-backend:1.0.1
build:
context: ./backend/src
dockerfile: Dockerfile
command: gunicorn example.wsgi:application --bind 0.0.0.0:8000
ports:
- 8000:8000
environment:
- SECRET_KEY=xxx
- DEBUG=0
- ALLOWED_HOSTS=example.com,api.example.com,xxx.xxx.xxx.x
- DB_HOST=postgres-db
- DB_NAME=xxx
- DB_USER=xxx
- DB_PASS=xxx
- EMAIL_HOST_PASS=xxx
# sets a dependency on the db container and there should be a network connection between the two
networks:
- db-net
- shared-network
links:
- postgres-db:postgres-db
depends_on:
- postgres-db
# POSTGRES DATABASE
postgres-db:
container_name: postgres-db
image: postgres
restart: always
volumes:
- example-data:/var/lib/postgresql/data
ports:
- 5432:5432
environment:
- POSTGRES_DB=exampledb
- POSTGRES_USER=user
- POSTGRES_PASSWORD=pass
networks:
- db-net
# ANGULAR & NGINX FRONTEND
frontend:
container_name: example-frontend
build:
context: ./frontend
ports:
- "80:80"
- "443:443"
networks:
- shared-network
links:
- backend
depends_on:
- backend
networks:
shared-network:
driver: bridge
db-net:
volumes:
example-data:

Why is https not working for my site hosted in docker?

I have a site running in docker with 4 containers, a react front end, .net backend, sql database and nginx server. My docker compose file looks like this:
version: '3'
services:
sssfe:
image: mydockerhub:myimage-fe-1.3
ports:
- 9000:9000
volumes:
- sssfev:/usr/share/nginx/html
depends_on:
- sssapi
sssapi:
image: mydockerhub:myimage-api-1.3
environment:
- SQL_CONNECTION=myconnection
ports:
- 44384:44384
depends_on:
- jbdatabase
jbdatabase:
image: mcr.microsoft.com/mssql/server:2019-latest
environment:
- ACCEPT_EULA=Y
- SA_PASSWORD=mypass
volumes:
- dbdata:/var/opt/mssql
ports:
- 1433:1433
reverseproxy:
build:
context: ./nginx
dockerfile: Dockerfile
ports:
- "80:80"
- "443:443"
volumes:
- example_certbot-etc:/etc/letsencrypt
links :
- sssfe
certbot:
depends_on:
- reverseproxy
image: certbot/certbot
container_name: certbot
volumes:
- example_certbot-etc:/etc/letsencrypt
- sssfev:/usr/share/nginx/html
command: certonly --webroot --webroot-path=/usr/share/nginx/html --email myemail --agree-tos --no-eff-email --force-renewal -d example.com -d www.example.com
volumes:
example_certbot-etc:
external: true
dbdata:
sssfev:
I was following this link and am using cerbot and letsencrypt for the certificate. My nginx conf file is this:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com www.example.com;
index index.html index.htm;
root /usr/share/nginx/html;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/nginx/conf.d/options-ssl-nginx.conf;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
My issue is that https doesn't work for my site. When I hit https://example.com, I get ERR_CONNECTION_REFUSED. The non https site resolves and works fine however. Can't figure out what's going on. It looks like the ssl port is open and nginx is listening to it:
ss -tulpn | grep LISTEN
tcp LISTEN 0 128 *:9000 *:* users:(("docker-proxy",pid=18336,fd=4))
tcp LISTEN 0 128 *:80 *:* users:(("docker-proxy",pid=18464,fd=4))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=420,fd=4))
tcp LISTEN 0 128 *:1433 *:* users:(("docker-proxy",pid=18152,fd=4))
tcp LISTEN 0 128 *:443 *:* users:(("docker-proxy",pid=18452,fd=4))
tcp LISTEN 0 128 *:44384 *:* users:(("docker-proxy",pid=18243,fd=4))
And my containers:
reverseproxy 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp
sssfe 80/tcp, 0.0.0.0:9000->9000/tcp
sssapi 0.0.0.0:44384->44384/tcp
database 0.0.0.0:1433->1433/tcp
I'm assuming it's an issue with my nginx config, but I'm new to this and not sure where to go from here.

If you need to support SSL, please do this:
mkdir /opt/docker/nginx/conf.d -p
touch /opt/docker/nginx/conf.d/nginx.conf
mkdir /opt/docker/nginx/cert -p
then
vim /opt/docker/nginx/conf.d/nginx.conf
If you need to force the redirection to https when accessing http:
server {
listen 443 ssl;
server_name example.com www.example.com; # domain
# Pay attention to the file location, starting from /etc/nginx/
ssl_certificate 1_www.example.com_bundle.crt;
ssl_certificate_key 2_www.example.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#Intranet address
proxy_pass http://172.17.0.8:9090; #change it
}
}
server {
listen 80;
server_name example.com www.example.com; # The domain name of the binding certificate
#HTTP domain name request is converted to https
return 301 https://$host$request_uri;
}
docker run -itd --name nginx -p 80:80 -p 443:443 -v /opt/docker/nginx/conf.d/nginx.conf:/etc/nginx/conf.d/nginx.conf -v /opt/docker/nginx/cert:/etc/nginx -m 100m nginx
After startup, enter docker ps to see if the startup is successful
docker logs nginx view logs.

docker-compose up fails for nginx container

I am getting the following error when I run docker-compose up:
backend_1_a5b5a2caf6fc | 2019/04/28 21:40:49 [emerg] 1#1: no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:4
backend_1_a5b5a2caf6fc | nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:4
...
...
production_backend_1_a5b5a2caf6fc exited with code 1
Here is my Dockerfile for nginx:
FROM nginx
COPY nginx.conf /etc/nginx/conf.d/default.conf
default.conf:
fastcgi_cache_path /dev/shm levels=1:2 keys_zone=laravel:100m;
fastcgi_cache_key "$scheme$request_method$host$request_uri$query_string";
server {
listen 80 default_server;
root /var/www/public;
index index.php index.html;
client_max_body_size 5M;
...
...
docker-compose.yml:
version: '3'
services:
backend:
build: ./nginx
depends_on:
- db
- redis
working_dir: /var/www
volumes:
- ../../src:/var/www
ports:
- 80:80
...
...

This means that you have not setup ssl correctly (you're missing a server certificate). Since you have mapped port 80 and not 443 in your docker-compose i assume you're not going to use SSL.
Simply remove the following line in your nginx.conf to disable ssl:
listen 443 ssl http2;
be sure to rebuild and restart your nginx container.

Do you have any other server listening on port 443.Try to delete all symbolic links from /etc/nginx/sites-enabled except this one server you want to make work

But, if someone need to use SSL, this error means that your server section is missing ssl_certificate and ssl_certificate_key declarations. You need to have a .crt and a .key file to run with ssl.
It should looks like
server {
listen 80;
listen 443 default_server ssl;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
... other declarations
}

Set up https access to nginx docker container

I want to be able to access an nginx docker container via the https at https://192.168.99.100. By now I have done the following:
Dockerfile:
FROM nginx
COPY certs/nginx-selfsigned.crt /etc/ssl/certs/
COPY certs/nginx-selfsigned.key /etc/ssl/private/
COPY default-ssl.conf /etc/nginx/sites-available/default
EXPOSE 443
I have the correspondent certificate files in folder certs.
The default-ssl.conf:
server {
listen 80;
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
docker-compose.yaml
version: '3'
services:
nginx:
image: mynamespace/nginx_pma
container_name: nginx_pma
build:
context: .
ports:
- 443:443
- 80:80
So, when I run this, I am able to access: 192.168.99.100 which shows NGINX welcome page, but I am unable to make it work on https://192.168.99.100.
The host is Windows 7 with docker toolbox.
Any sugestions?

The reason for your error is because your copying the nginx SSL configuration to a folder nginx does not load by default.
After changing this line in the Dockerfile -
COPY default-ssl.conf /etc/nginx/sites-available/default
To this -
COPY default-ssl.conf /etc/nginx/conf.d/default-ssl.conf
I'm able to reach Nginx with https.