Configuring SSL on ELB: No Luck

Docker for AWS
1

Expected behavior

https://[my elb dns name] works when I configure it following the examples here https://docs.docker.com/docker-for-aws/load-balancer/#examples (although in my case I am using the docker-compose.yml equivalent:


ports:
- “80:3001”
- "443:3001"
labels:
com.docker.aws.lb.arn: “arn:aws:acm:us-east-1…”

Actual behavior

https is not active, although my web app does listen on :443 and :80

Additional Information

I am using version 3.3 of the docker-compose file as described here: https://docs.docker.com/compose/compose-file/#labels

Looking at the “Listeners” tab on my ELB in the AWS console, no SSL cert is described.

Steps to reproduce the behavior

  1. scp my docker-compose.yml file to a manager node

  2. ssh to that manager node

  3. run docker login

  4. run docker stack deploy -c docker-compose.yml --with-registry-auth MY_STACK_NAME

  5. visit the cnamed elb using the https protocol
    observe: "This site can’t be reached

2

I had to re-start my Swarm for the SSL cert to get picked up by the ELB. Hope that helps!

3

Hi @jjmata, thanks for the reply. I just attempted this by re-running docker stack deploy, and by docker service rm [ the service that has the cert label ] then re-deploying, to no avail.

What commands did you run to restart your swarm?

4

I actually did nothing special the first time around (a simple rm followed by a new deploy did it for me I believe) but it since has stopped working. I’ve resorted to creating the 2 listeners that fail consistently (ports 80 and 443) by hand, and now watch the Github issue where this is being tracked:

Sorry I couldn’t be of more help!

5

@jjmata that thread was actually super helpful. Turns out I had the labels key at the wrong level in docker-compose (it wasn’t under deploy). I moved it and the cert attached first time. I’ll follow that bug in case there are further issues, though.

1 Like
6

Thanks your comment saved my morning.

7

Thanks @tomlancaster, had the same issue!!