Problem in nginx "503 Service Temporarily Unavailable"

Question

i have docker running and nginx and my application running in seprate containers. im also using LetsEncrypt.

\

and i cant figure out what it is.

Nginx proxy- docker-compose.yaml

version: '3.5'
services:
nginx-proxy:
image: nginxproxy/nginx-proxy
container_name: nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./certs:/etc/nginx/certs
- ./htpasswd:/etc/nginx/htpasswd
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./custom.conf:/etc/nginx/conf.d/custom.conf:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: nginxproxy/acme-companion
container_name: nginx-letsencrypt
restart: always
depends_on:
- nginx-proxy
volumes_from:
- nginx-proxy:rw
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- acme:/etc/acme.sh
# Create network if it does not exist
networks:
proxy:
external: true
volumes:
acme:

Apps .env file

########################################################################################################################
# docker-compose supports environment variable interpolation/substitution in compose configuration file
# (more info: https://docs.docker.com/compose/environment-variables)
########################################################################################################################
# General settings
DOMAIN=pro.example.org
VERSION=2022.9
########################################################################################################################
# Database connection
DB_DSN=postgres://app:app@db:5432/app?sslmode=disable
########################################################################################################################
# Server settings
# Serve appwebapps alongside API
HTTP_WEBAPP_ENABLED=true
# Send action log to container logs as well
# ACTIONLOG_DEBUG=true
# Uncomment for extra debug info if something goes wrong
# LOG_LEVEL=debug
# Use nicer and colorful log instead of JSON
# LOG_DEBUG=true
########################################################################################################################
# Authentication
# Secret to use for JWT token
# Make sure you change it (>30 random characters) if
# you expose your deployment to outside traffic
# AUTH_JWT_SECRET=ffdfblahblah--30morekey
########################################################################################################################
# SMTP (mail sending) settings
# Point this to your local or external SMTP server if you want to send emails.
# In most cases, app can detect that SMTP is disabled and skips over sending emails without an error
#SMTP_HOST=smtp-server.example.tld:587
#SMTP_USER=postmaster@smtp-server.example.tld
#SMTP_PASS=this-is-your-smtp-password
#SMTP_FROM='"Demo" <info@your-demo.example.tld>'

Apps docker-compose.yaml

version: '3.5'
services:
server:
image: appname/appname:${VERSION}
networks: [ proxy, internal ]
restart: always
env_file: [ .env ]
depends_on: [ db ]
volumes: [ "./data/server:/data" ]
environment:
# VIRTUAL_HOST helps NginX proxy route traffic for specific virtual host to
# this container
# This value is also picked up by initial boot auto-configuration procedure
# If this is changed, make sure you change settings accordingly
VIRTUAL_HOST: pro.example.org
# This is needed only if you are using NginX Lets-Encrypt companion
# (see doc.sapp.org for details)
LETSENCRYPT_HOST: pro.example.org
db:
# PostgreSQL Database
# See https://hub.docker.com/_/postgres for details
image: postgres:13
networks: [ internal ]
restart: always
healthcheck: { test: ["CMD-SHELL", "pg_isready -U app"], interval: 10s, timeout: 5s, retries: 5 }
environment:
# Warning: these are values that are only used on 1st start
# if you want to change it later, you need to do that
# manually inside db container
POSTGRES_USER: app
POSTGRES_PASSWORD: app
networks:
internal: {}
proxy: { external: true }

Can anyone please help, im truly stuck and have tried everything i think at this point.

I did - $ docker network create proxy before i did nginx proxy

can some one ple help figuring out why is it not running

Logs- server

aroot@ip-172-31-1-29:/home/ubuntu/voltsapp# docker-compose logs --tail=1000 server
voltsapp-server-1 | {"level":"warn","ts":1688497869.867336,"msg":"no SMTP servers found, email sending will be disabled"}
voltsapp-server-1 | {"level":"warn","ts":1688497869.8783548,"logger":"http.apigw","msg":"profiler enabled only for routes with a profiler prefilter, use global setting to enable for all (APIGW_PROFILER_GLOBAL)"}
voltsapp-server-1 | {"level":"warn","ts":1688497869.8809729,"logger":"http.apigw","msg":"profiler enabled only for routes with a profiler prefilter, use global setting to enable for all (APIGW_PROFILER_GLOBAL)"}
voltsapp-server-1 | {"level":"warn","ts":1688497869.8819573,"logger":"http.apigw","msg":"profiler enabled only for routes with a profiler prefilter, use global setting to enable for all (APIGW_PROFILER_GLOBAL)"}

db

root@ip-172-31-1-29:/home/ubuntu/voltsapp# docker-compose logs --tail=1000 db
voltsapp-db-1 | The files belonging to this database system will be owned by user "postgres".
voltsapp-db-1 | This user must also own the server process.
voltsapp-db-1 |
voltsapp-db-1 | The database cluster will be initialized with locale "en_US.utf8".
voltsapp-db-1 | The default database encoding has accordingly been set to "UTF8".
voltsapp-db-1 | The default text search configuration will be set to "english".
voltsapp-db-1 |
voltsapp-db-1 | Data page checksums are disabled.
voltsapp-db-1 |
voltsapp-db-1 | fixing permissions on existing directory /var/lib/postgresql/data ... ok
voltsapp-db-1 | creating subdirectories ... ok
voltsapp-db-1 | selecting dynamic shared memory implementation ... posix
voltsapp-db-1 | selecting default max_connections ... 100
voltsapp-db-1 | selecting default shared_buffers ... 128MB
voltsapp-db-1 | selecting default time zone ... Etc/UTC
voltsapp-db-1 | creating configuration files ... ok
voltsapp-db-1 | running bootstrap script ... ok
voltsapp-db-1 | performing post-bootstrap initialization ... ok
voltsapp-db-1 | syncing data to disk ... ok
voltsapp-db-1 |
voltsapp-db-1 | initdb: warning: enabling "trust" authentication for local connections
voltsapp-db-1 | You can change this by editing pg_hba.conf or using the option -A, or
voltsapp-db-1 | --auth-local and --auth-host, the next time you run initdb.
voltsapp-db-1 |
voltsapp-db-1 | Success. You can now start the database server using:
voltsapp-db-1 |
voltsapp-db-1 | pg_ctl -D /var/lib/postgresql/data -l logfile start
voltsapp-db-1 |
voltsapp-db-1 | waiting for server to start....2023-07-04 19:07:58.484 UTC [46] LOG: starting PostgreSQL 13.11 (Debian 13.11-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
voltsapp-db-1 | 2023-07-04 19:07:58.489 UTC [46] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
voltsapp-db-1 | 2023-07-04 19:07:58.504 UTC [47] LOG: database system was shut down at 2023-07-04 19:07:58 UTC
voltsapp-db-1 | 2023-07-04 19:07:58.510 UTC [46] LOG: database system is ready to accept connections
voltsapp-db-1 | done
voltsapp-db-1 | server started
voltsapp-db-1 | CREATE DATABASE
voltsapp-db-1 |
voltsapp-db-1 |
voltsapp-db-1 | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
voltsapp-db-1 |
voltsapp-db-1 | 2023-07-04 19:07:58.826 UTC [46] LOG: received fast shutdown request
voltsapp-db-1 | waiting for server to shut down....2023-07-04 19:07:58.829 UTC [46] LOG: aborting any active transactions
voltsapp-db-1 | 2023-07-04 19:07:58.835 UTC [46] LOG: background worker "logical replication launcher" (PID 53) exited with exit code 1
voltsapp-db-1 | 2023-07-04 19:07:58.835 UTC [48] LOG: shutting down
voltsapp-db-1 | 2023-07-04 19:07:58.855 UTC [46] LOG: database system is shut down
voltsapp-db-1 | done
voltsapp-db-1 | server stopped
voltsapp-db-1 |
voltsapp-db-1 | PostgreSQL init process complete; ready for start up.
voltsapp-db-1 |
voltsapp-db-1 | 2023-07-04 19:07:58.960 UTC [1] LOG: starting PostgreSQL 13.11 (Debian 13.11-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
voltsapp-db-1 | 2023-07-04 19:07:58.961 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
voltsapp-db-1 | 2023-07-04 19:07:58.961 UTC [1] LOG: listening on IPv6 address "::", port 5432
voltsapp-db-1 | 2023-07-04 19:07:58.967 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
voltsapp-db-1 | 2023-07-04 19:07:58.975 UTC [61] LOG: database system was shut down at 2023-07-04 19:07:58 UTC
voltsapp-db-1 | 2023-07-04 19:07:58.982 UTC [1] LOG: database system is ready to accept connections

nginx proxy-

dockergen.1 | 2023/07/04 19:07:57 Received event start for container 7d17a206e80b
dockergen.1 | 2023/07/04 19:07:57 Generated '/etc/nginx/conf.d/default.conf' from 5 containers
dockergen.1 | 2023/07/04 19:07:57 Running 'nginx -s reload'
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: signal 1 (SIGHUP) received from 56, reconfiguring
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: reconfiguring
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: using the "epoll" event method
nginx.1 | 2023/07/04 19:07:57 [warn] 16#16: 10240 worker_connections exceed open file resource limit: 1024
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: start worker processes
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: start worker process 57
dockergen.1 | 2023/07/04 19:07:57 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx.1 | 2023/07/04 19:07:57 [notice] 54#54: gracefully shutting down
nginx.1 | 2023/07/04 19:07:57 [notice] 54#54: exiting
nginx.1 | 2023/07/04 19:07:57 [notice] 54#54: exit
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: signal 17 (SIGCHLD) received from 54
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: worker process 54 exited with code 0
nginx.1 | 2023/07/04 19:07:57 [notice] 16#16: signal 29 (SIGIO) received
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: signal 1 (SIGHUP) received from 68, reconfiguring
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: reconfiguring
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: using the "epoll" event method
nginx.1 | 2023/07/04 19:08:04 [warn] 16#16: 10240 worker_connections exceed open file resource limit: 1024
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: start worker processes
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: start worker process 69
nginx.1 | 2023/07/04 19:08:04 [notice] 57#57: gracefully shutting down
nginx.1 | 2023/07/04 19:08:04 [notice] 57#57: exiting
nginx.1 | 2023/07/04 19:08:04 [notice] 57#57: exit
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: signal 17 (SIGCHLD) received from 57
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: worker process 57 exited with code 0
nginx.1 | 2023/07/04 19:08:04 [notice] 16#16: signal 29 (SIGIO) received
dockergen.1 | 2023/07/04 19:09:18 Received event die for container 7d17a206e80b
dockergen.1 | 2023/07/04 19:09:18 Received event stop for container 7d17a206e80b
dockergen.1 | 2023/07/04 19:09:18 Generated '/etc/nginx/conf.d/default.conf' from 4 containers
dockergen.1 | 2023/07/04 19:09:18 Running 'nginx -s reload'
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: signal 1 (SIGHUP) received from 71, reconfiguring
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: reconfiguring
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: using the "epoll" event method
nginx.1 | 2023/07/04 19:09:18 [warn] 16#16: 10240 worker_connections exceed open file resource limit: 1024
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: start worker processes
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: start worker process 72
nginx.1 | 2023/07/04 19:09:18 [notice] 69#69: gracefully shutting down
nginx.1 | 2023/07/04 19:09:18 [notice] 69#69: exiting
nginx.1 | 2023/07/04 19:09:18 [notice] 69#69: exit
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: signal 17 (SIGCHLD) received from 69
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: worker process 69 exited with code 0
nginx.1 | 2023/07/04 19:09:18 [notice] 16#16: signal 29 (SIGIO) received
dockergen.1 | 2023/07/04 19:09:18 Received event start for container d762afd2374e
dockergen.1 | 2023/07/04 19:09:18 Generated '/etc/nginx/conf.d/default.conf' from 5 containers

lets encript


[Tue Jul 4 19:08:07 UTC 2023] Please check log file for more details: /dev/null
Sleep for 3600s
2023/07/04 19:09:18 Received event die for container 7d17a206e80b
2023/07/04 19:09:18 Received event stop for container 7d17a206e80b
2023/07/04 19:09:18 Received event start for container d762afd2374e
2023/07/04 19:09:23 Debounce minTimer fired
2023/07/04 19:09:24 Generated '/app/letsencrypt_service_data' from 5 containers
2023/07/04 19:09:24 Running '/app/signal_le_service'
Creating/renewal pro.example.org certificates... (pro.example.org)
[Tue Jul 4 19:09:25 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Jul 4 19:09:25 UTC 2023] Creating domain key
[Tue Jul 4 19:09:30 UTC 2023] The domain key is here: /etc/acme.sh/default/pro.example.org/pro.example.org.key
[Tue Jul 4 19:09:30 UTC 2023] Single domain='pro.example.org'
[Tue Jul 4 19:09:30 UTC 2023] Getting domain auth token for each domain
[Tue Jul 4 19:09:30 UTC 2023] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rejectedIdentifier",
"detail": "Error creating new order :: Cannot issue for \"pro.example.org\": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy",
"status": 400
}
[Tue Jul 4 19:09:30 UTC 2023] Please check log file for more details: /dev/null
Sleep for 3600s
2023/07/04 19:10:04 Received event die for container d762afd2374e
2023/07/04 19:10:09 Debounce minTimer fired
2023/07/04 19:10:09 Generated '/app/letsencrypt_service_data' from 4 containers
2023/07/04 19:10:09 Running '/app/signal_le_service'
Sleep for 3600s
2023/07/04 19:11:08 Received event start for container bd80f3dfe164
2023/07/04 19:11:13 Debounce minTimer fired
2023/07/04 19:11:13 Generated '/app/letsencrypt_service_data' from 5 containers
2023/07/04 19:11:13 Running '/app/signal_le_service'
Creating/renewal pro.example.org certificates... (pro.example.org)
[Tue Jul 4 19:11:14 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Jul 4 19:11:14 UTC 2023] Creating domain key
[Tue Jul 4 19:11:16 UTC 2023] The domain key is here: /etc/acme.sh/default/pro.example.org/pro.example.org.key
[Tue Jul 4 19:11:16 UTC 2023] Single domain='pro.example.org'
[Tue Jul 4 19:11:16 UTC 2023] Getting domain auth token for each domain
[Tue Jul 4 19:11:17 UTC 2023] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rejectedIdentifier",
"detail": "Error creating new order :: Cannot issue for \"pro.example.org\": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy",

sorry about the first part of the post- i formatted it wrong — Volts Con, Jul 04 '23 at 20:23

Problem in nginx "503 Service Temporarily Unavailable"

0 Answers0