3

I'm pretty new with docker and docker-compose.

I'm trying to host multiple websites with HTTPS on a single server.

SSL certs can t be generated because locahost it is not a valid host ok normal.

And i'm getting a 502 bad gateway error.

It seems nginx-proxy can't stream to the container correctly.

This is my docker-compose

version: '3'

services:
  nginx-proxy:
    image: nginx
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro

  nginx-gen:
    image: jwilder/docker-gen
    command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    container_name: nginx-gen
    restart: unless-stopped
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    restart: unless-stopped
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - ./vhost.d:/etc/nginx/vhost.d
      - ./html:/usr/share/nginx/html
      - ./certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
      NGINX_PROXY_CONTAINER: "nginx-proxy"


networks:
  webproxy:
    external: true

At the website level i have the following docker-compose where i m running two conainers, php-fpm (including my wordpress files), and nginx container. I'm using this nginx container to add my own nginx config files.

version: '3.1'

services:

  php:
    build: ./docker/php/
    restart: unless-stopped
    volumes:
       - wordpress:/var/www/html

  nginx:
    image: nginx:1-alpine
    restart: unless-stopped
    expose:
      - 80
      - 443
    volumes:
      - wordpress:/var/www/html
      - ./docker/nginx/site.conf:/etc/nginx/conf.d/default.conf
      - ./docker/nginx/wordpress.conf:/etc/nginx/wordpress.conf
    environment:
     - LETSENCRYPT_HOST=
     - VIRTUAL_HOST=localhost
     - VIRTUAL_PORT=80

volumes:
  wordpress: {}


networks:
  default:
    external:
      name: webproxy

This is the generated /etc/nginx/conf.d/default.conf in the nginx-proxy container

# localhost
upstream localhost {
                # Cannot connect to network of this container
                server 127.0.0.1 down;
}
server {
    server_name localhost;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    return 301 https://$host$request_uri;
}
server {
    server_name localhost;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/localhost.crt;
    ssl_certificate_key /etc/nginx/certs/localhost.key;
    ssl_dhparam /etc/nginx/certs/localhost.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/localhost.chain.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://localhost;
    }

And the nginx-proxy logs

nginx-proxy          | localhost 172.22.0.1 - - [10/May/2018:17:52:40 +0000] "GET / HTTP/2.0" 502 173 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
nginx-proxy          | 2018/05/10 17:54:47 [error] 7#7: *4 no live upstreams while connecting to upstream, client: 172.22.0.1, server: localhost, request: "GET / HTTP/2.0", upstream: "http://localhost/", host: "localhost"

Since i first posted, i added VIRTUAL_PORT=80 but it didn't help.

I have also tried to proxy directly the php container, but without success.

docker inspect on the nginx container been proxied shows

"Config": {
            "Hostname": "4859d3794982",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "443/tcp": {},
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "VIRTUAL_PORT=80",
                "LETSENCRYPT_HOST=localhost",
                "VIRTUAL_HOST=localhost",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.13.1"
            ],

"Networks": {
                "webproxy": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "nginx",
                        "4859d3794982"
                    ],
                    "NetworkID": "6ac6af1b951c780c1334c55862025bd7916643dd13dc02976f2ed176a7ed7619",
                    "EndpointID": "3e379cd7a020e65f5ea6db8dbafe144d5b6ad5575b183dee64487f7046f0e3a2",
                    "Gateway": "172.23.0.1",
                    "IPAddress": "172.23.0.5",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:17:00:05",
                    "DriverOpts": null
Bigbenny
  • 243
  • 1
  • 3
  • 10
  • In the nginx container, you would access the php process at `php`, not `localhost`. I am VERY unclear on what you are trying to accomplish :) – Paul Becotte May 10 '18 at 23:55
  • Paul, thank you for your reply. – Bigbenny May 11 '18 at 15:35
  • I'm trying to achieve [link](https://medium.com/@francoisromain/host-multiple-websites-with-https-inside-docker-containers-on-a-single-server-18467484ab95). At the website level, i mount my wordpress source code in php container /var/www/html using named volume wordpress. Then i mount the name volume in the nginx container. VIRTUAL_HOST is used by nginx-proxy container. – Bigbenny May 11 '18 at 15:43

1 Answers1

1

I think your networks command is wrong in the first compose file

networks:
  webproxy:
    external: true

That specifies a network named webproxy that must exist. (Presumably you created it?). However, you don't attach any containers to that network.

The other compose file has 

networks:
  default:
    external:
      name: webproxy

Which does the same thing, except that all the containers are attached to the default network automatically. So making the first file match this may clear up your issue (though I haven't looked into what that magic nginx config generator does ;) )

Paul Becotte
  • 9,767
  • 3
  • 34
  • 42
  • Paul you saved me. I didn't understand correctly the networks lines. Thank you. I now have the following on both docker-compose files `networks: default: external: name: webproxy` – Bigbenny May 11 '18 at 16:35