1

I've been experimenting with Docker and nginx-proxy so I can host two web apps (gophish and unms) on the same machine using ssl. When I get things set up and I try to access the sites I get the ERR_SSL_PROTOCOL_ERROR in my browser. I look in my certs folder and it looks like they are being generated correctly as this article says they should be, and it looks like it's adding the SSL info into the nginx-proxy default.conf file. Can you all give some suggestions as where to look for the issue?

sudo docker run -d --name site-b -e 'LETSENCRYPT_EMAIL=test@minnesota-title.com' -e 'LETSENCRYPT_HOST=phish.minnesota-title.com' -e 'VIRTUAL_PORT=3333' -e 'VIRTUAL_HOST=phish.minnesota-title.com' matteoggl/gophish

sudo docker run -d --name site-a -e 'LETSENCRYPT_EMAIL=dpicray@minnesota-title.com' -e 'LETSENCRYPT_HOST=unms.minnesota-title.com' -e 'VIRTUAL_HOST=unms.minnesota-title.com' httpd

Those are the two commands I used to create my app containers. I subbed the actual unms app out for httpd so that I'm not introducing other variables and once I have this working I should be able to fiddle and get unms working.

This is my nginx-proxy containers default.conf file

    # phish.minnesota-title.com
upstream phish.minnesota-title.com {
                                ## Can be connected with "bridge" network
                        # site-b
                        server 172.17.0.6:3333;
}
server {
        server_name phish.minnesota-title.com;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        return 301 https://$host$request_uri;
}
server {
        server_name phish.minnesota-title.com;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/phish.minnesota-title.com.crt;
        ssl_certificate_key /etc/nginx/certs/phish.minnesota-title.com.key;
        ssl_dhparam /etc/nginx/certs/phish.minnesota-title.com.dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/certs/phish.minnesota-title.com.chain.pem;
        add_header Strict-Transport-Security "max-age=31536000" always;
        include /etc/nginx/vhost.d/default;
        location / {
                proxy_pass http://phish.minnesota-title.com;
        }
}
# unms.minnesota-title.com
upstream unms.minnesota-title.com {
                                ## Can be connected with "bridge" network
                        # site-a
                        server 172.17.0.5:80;
}
server {
        server_name unms.minnesota-title.com;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        return 301 https://$host$request_uri;
}
server {
        server_name unms.minnesota-title.com;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/unms.minnesota-title.com.crt;
        ssl_certificate_key /etc/nginx/certs/unms.minnesota-title.com.key;
        ssl_dhparam /etc/nginx/certs/unms.minnesota-title.com.dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/certs/unms.minnesota-title.com.chain.pem;
        add_header Strict-Transport-Security "max-age=31536000" always;
        include /etc/nginx/vhost.d/default;
        location / {
                proxy_pass http://unms.minnesota-title.com;
        }
}

Any assistance you folks can provide would be a godsend! If you need to see something I haven't posted just let me know and I can grab it!

Ginkozard
  • 11
  • 2

0 Answers0