1

What I have : a VPS with an its IPV4 IPADRESS and a valid domain name binded to it with an A record in my provider DNS control panel. Lets call my domain name : mydomain.com and my IPV4 ip adress denoted as IPADRESS for debugging purposes.

What I want : a nextcloud instance and django-based blog running in parallel on my VPS and being able to acces to them respectfully by accessing cloud.mydomain.com for my nextcloud instance and blog.mydomain.com for my django-based blog throught HTTPS.

What i've done :

I've tried to use nginx-proxy + its letsencrypt companion with a docker framework.

First of all, here my working directory is /home/ubuntu/.

Here is tree /home/ubuntu/ -L 2 output :

.
├── mywebsite-django
│   └── mysite
│       ├── Dockerfile
│       ├── blog
│       ├── config
│       ├── db.sqlite3
│       ├── docker-compose.yml
│       ├── manage.py
│       ├── mywebsite
│       ├── nginx
│       ├── requirements.txt
│       └── staticfiles
├── nextcloud_setup
│   ├── app
│   │   ├── config
│   │   ├── custom_apps
│   │   ├── data
│   │   └── themes
│   ├── docker-compose.yml
│   └── proxy
│       ├── certs
│       ├── conf.d
│       ├── html
│       └── vhost.d
└── nginx_setup
    ├── certs
    │   ├── mydomain.com
    │   ├── blog.mydomain.com
    │   ├── default.crt
    │   ├── default.key
    │   └── dhparam.pem
    ├── conf.d
    │   └── default.conf
    ├── docker-compose.yml
    ├── html
    ├── nginx.tmpl
    ├── templates
    │   └── nginx.tmpl
    └── vhost.d
        └── default

26 directories, 14 files

Then i create a docker network :

So i run sudo docker network create nginx-proxy.

Then i run my nginx-proxy+letsencrypt container :

cd nginx_setup + sudo docker-compose up -d

where nginx_setup/docker-compose.ymlis :

version: '3'
services:
  nginx:
    image: nginx
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    container_name: nginx
    restart: unless-stopped
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /home/ubuntu/nginx_setup/conf.d:/etc/nginx/conf.d
      - /home/ubuntu/nginx_setup/vhost.d:/etc/nginx/vhost.d
      - /home/ubuntu/nginx_setup/html:/usr/share/nginx/html
      - /home/ubuntu/nginx_setup/certs:/etc/nginx/certs:ro
    environment:
      DEFAULT_HOST: "mydomain.com"
  nginx-gen:
    image: jwilder/docker-gen
    container_name: nginx-gen
    restart: unless-stopped
    volumes:
      - /home/ubuntu/nginx_setup/conf.d:/etc/nginx/conf.d
      - /home/ubuntu/nginx_setup/vhost.d:/etc/nginx/vhost.d
      - /home/ubuntu/nginx_setup/html:/usr/share/nginx/html
      - /home/ubuntu/nginx_setup/certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:rw
      - /home/ubuntu/nginx_setup/templates/:/etc/docker-gen/templates:ro
    command: -notify-sighup nginx -watch -only-exposed /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf

  nginx-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    restart: unless-stopped
    volumes:
      - /home/ubuntu/nginx_setup/conf.d:/etc/nginx/conf.d
      - /home/ubuntu/nginx_setup/vhost.d:/etc/nginx/vhost.d
      - /home/ubuntu/nginx_setup/html:/usr/share/nginx/html
      - /home/ubuntu/nginx_setup/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:rw
    environment:
      NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
      NGINX_PROXY_CONTAINER: "nginx"

networks:
  default:
    external:
      name: nginx-proxy

The nginx.tmpl is defined as follow :

server {
    listen 80 default_server;
    server_name _; # This is just an invalid value which will never trigger on a real hostname.
    error_log /proc/self/fd/2;
    access_log /proc/self/fd/1;
    return 503;
}

{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
upstream {{ $host }} {

{{ range $index, $value := $containers }}

    {{ $addrLen := len $value.Addresses }}
    {{ $network := index $value.Networks 0 }}

    {{/* If only 1 port exposed, use that */}}
    {{ if eq $addrLen 1 }}
        {{ with $address := index $value.Addresses 0 }}
            # {{$value.Name}}
            server {{ $network.IP }}:{{ $address.Port }};
        {{ end }}

    {{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var */}}
    {{ else if $value.Env.VIRTUAL_PORT }}
        {{ range $i, $address := $value.Addresses }}
            {{ if eq $address.Port $value.Env.VIRTUAL_PORT }}
            # {{$value.Name}}
            server {{ $network.IP }}:{{ $address.Port }};
            {{ end }}
        {{ end }}

    {{/* Else default to standard web port 80 */}}
    {{ else }}
        {{ range $i, $address := $value.Addresses }}
            {{ if eq $address.Port "80" }}
            # {{$value.Name}}
            server {{ $network.IP }}:{{ $address.Port }};
            {{ end }}
        {{ end }}
    {{ end }}
{{ end }}
}

server {
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    server_name {{ $host }};
    proxy_buffering off;
    error_log /proc/self/fd/2;
    access_log /proc/self/fd/1;

    location / {
        proxy_pass http://{{ trim $host }};
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # HTTP 1.1 support
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}
{{ end }}

got from here

Note : Once running, when i run sudo docker-compose logs from /home/ubuntu/nginx_setup/, nothing appears to be wrong..

Then i run my django container :

cd /home/ubuntu/mywebsite-django/mysite/ + sudo docker-compose up -d

My file /home/ubuntu/mywebsite-django/mysite/docker-compose.ymlis defined by :

version: '3'

services:
  gunicorn:
    container_name: myblog
    build: .
    command: sh -c "python manage.py makemigrations &&
                     python manage.py migrate &&
                     python manage.py collectstatic --noinput &&
                     gunicorn --bind 0.0.0.0:8000 --workers 2 mywebsite.wsgi:application"
    volumes:
      - ./staticfiles:/static
    environment:
      VIRTUAL_HOST: blog.mydomain.com
      VIRTUAL_PORT: 8000
      LETSENCRYPT_HOST: mydomain.com
      LETSENCRYPT_EMAIL: mymail@forletsecrypt.com
    ports:
      - "8000:8000"


networks:
  default:
    external:
      name: nginx-proxy

Note : Once running, when i run sudo docker-compose logs from /home/ubuntu/mywebsite-django/mysite/, nothing appears to be wrong..

What i get :

  • curl blog.mydomain.com output :

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.23.2</center>
</body>
</html>

Note : i did not try to launch my nextcloud instance since even my django app does not work

Whats wrong here ?

Here some details on my machine :

  • sudo docker network ls output:
NETWORK ID     NAME          DRIVER    SCOPE
ce90ed81eade   bridge        bridge    local
c6325fd6c267   host          host      local
834d9a715380   nginx-proxy   bridge    local
78c28ce57f15   none          null      local

and

  • sudo ufw status verbose output
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80,443/tcp (Nginx Full)    ALLOW IN    Anywhere
22/tcp                     ALLOW IN    Anywhere
80,443/tcp (Nginx Full (v6)) ALLOW IN    Anywhere (v6)
22/tcp (v6)                ALLOW IN    Anywhere (v6)
ar_ma_cs
  • 11
  • 2

0 Answers0