1

I 'am trying to get to run two services in a docker environment. One is an Angular application and the other is my small python server. I have added the jwilder nginx reverse proxy for authentication and ssl configuration with my self signed certificate. All the containers are running on the same virtual host, that I am able to access them from another host. I've added the certificates like in the documentation from jwilder and there is written that this will happen (likely w/ a warning) and subsequently receive a 500 (https://hub.docker.com/r/jwilder/nginx-proxy) I need to find a solution to access my services threw the nginx proxy with SSL somebody knows how to do this better?

version: "3"
services:

  controller:
    build: ./controller
    expose:
      - "5080" #This port should be accessible from the frontend but as they are running on the same host I am not able to distinguish the services 
    restart: always

  frontend:
    build: ./frontend
    expose:
      - "4200"
    environment:
      - DEFAULT_HOST=my-ip-address #to make it accessible from outside
      - VIRTUAL_HOST=my-ip-address
   #   - VIRTUAL_PORT 4200
   #   - VIRTUAL_PROTO=https
      - PROXY_ADDRESS_FORWARDING=true
      - NODE_END = production
    depends_on:
      - controller
    restart: always

  nginx-reverse-proxy:
    image: jwilder/nginx-proxy #budry/jwilder-nginx-proxy-arm # This will run later on the raspberryPi
    ports:
       - "80:80"
       - "443:443"
    volumes:
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - ./nginx.htpasswd:/etc/nginx/htpasswd/my-ip-address
       # My self signed certificates
       - ./ssl/server.crt:/etc/nginx/certs/default.crt
       - ./ssl/server.key:/etc/nginx/certs/default.key
    restart: always

So I found out somehow in the nginx configuration file from jwilder he is running in this case 

{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server {
    server_name {{ $host }};
    listen 443 ssl http2 {{ $default_server }};
    {{ if $enable_ipv6 }}
    listen [::]:443 ssl http2 {{ $default_server }};
    {{ end }}
    access_log /var/log/nginx/access.log vhost;
    return 500;

    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
}

Why is he doing this and how can I fix this ?

I am able to access my frontend with http://my-ip-address (should be forwarded to https) but on https://my-ip-address I am getting a "500 Internal Server Error"

carl7681
  • 11
  • 5
  • Do not use IP addresses in HTTPS URLs, you will get problems. While technically you can have IP addresses in the SAN extension of a certificate, this is not common, and often done wrong. This will also be hard to get signed by a reputable CA. – Patrick Mevzek Sep 04 '19 at 16:07
  • "500 Internal Server Error" should trigger some messages in your webserver logfiles. Did you look at them? – Patrick Mevzek Sep 04 '19 at 16:08
  • I found a solution for it, I know it is not not good to use my ip address but its fine for my small project. I justed added my-ip-address instead of the default in the certificate. Now it is working! – carl7681 Sep 05 '19 at 11:49

0 Answers0