Hello, I created my test app in Python django and used whitenoise for serving staticfiles.
Does anybody know if I can use nginx web server only for reverseproxy and serving ssl certs, without serving static files by nginx? Now with this compose and nginx.conf hitting my domain I only get index.html page that I created. At beginning when I build nginx image for the first time I saw in docker-compose logs that there is no index.html file and default.conf file so I created them by the hand and builded new containers with this files. Can someone help? Any help is appreciated.

docker-compose.yml

version: '3.8'

services:
  web:
    image: pykrepo/testapp:latest
    entrypoint: ./entrypoint.sh
    container_name: web
    expose:
      - 8000
    volumes:
      - ./mediavolume/media/blog-pics:/home/app/mypersonalsite/media/blog-pics 
    environment:
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=pass
      - POSTGRES_DB=user

  nginx:
    image: nginx:latest
    container_name: nginx
    ports:
      - 80:80
      - 443:443
    restart: always
    volumes:
      - ./nginx/conf/:/etc/nginx/conf.d
      - ./nginx/html/:/etc/nginx/html/
      - ./certbot/www:/var/www/certbot/
      - ./certbot/conf/:/etc/nginx/ssl/

  certbot:
    image: certbot/certbot:latest
    container_name: certbot
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw
      - ./certbot/conf/:/etc/letsencrypt/:rw
    command:
      - certonly
      - --expand
      - --email
      - example@example.com
      - --non-interactive
      - --agree-tos
      - --standalone
      - --preferred-challenges
      - http-01
      - --http-01-port
      - '8000'
      - --cert-name
      - 'testappcert'
      - -d
      - 'testapp.com'

volumes:
  mediafiles:

nginx.conf

upstream mytestapp {
    server web:8000;
}

server {
    listen 80;

    location / {
        proxy_pass http://mytestapp;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
        return 301 https://example.com$request_uri;
    }

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

}

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;

    server_name example.com www.example.com;

    ssl_certificate /etc/nginx/ssl/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/example.com/privkey.pem;
    
}

Of corse it works.

Is it safe to assume that your nginx.conf example is incomplete? As I understand you want to redirect http traffic from port 80 to port 443 and use the https server as reverse proxy to your container.

Shouldn’t it look more like this?

upstream mytestapp {
    server web:8000;
}

server {
    listen 80;

    location / {
        return 301 https://example.com$request_uri;
    }

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

}

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;

    server_name example.com www.example.com;

    ssl_certificate /etc/nginx/ssl/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/example.com/privkey.pem;
 
    location / {
        proxy_pass http://mytestapp;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }   
}

I haven’t sanity checked the syntax. I just reorganized your config to do what I think that you want it to do. Also is the web service realy listending on port 8000 inside the container? The expose statement you added to the services configuration has no effect at all.

You might want to take a look at this post about dns-caching issue with nginx, as nginx will cache resolved ip’s until restart, unless you force it to dynamicly resolve it every time. Just think about what happens, if you change the config of the web service. Docker-compose would only re-create the web container (which will have a new ip), but the nginx server would still try to forward traffic to the ip it knows from before.

Thank you so much @meyay ! It works like a charm now! Regards