Having problem with connecting HTTPS, no clue. Please help?

I need some help figuring out to connect my web services using Docker.
Sorry If I chose the wrong category, just let me know and I will move.

I am trying to use Docker for my existing web services on Raspberry Pi, which is served like “myweb dot com”, “sub1.myweb dot com” and “sub2.myweb dot com”
They were originally served with Apache and all set SSL. It’s frustrating to dockerize everything but I want to achieve this.

So far, I was able to build and run my web services as Docker containers. Then tried to use Nginx proxy to connect their original domain and lets-encrypt for SSL with this article.
https://web.vnappmob.com/page/hosting-multiple-sites-or-applications-using-docker-and-nginx-reverse-proxy-with-letsencrypt-ssl-139

So now I can reach my services via HTTP, but not HTTPS.
There are error logs like below.
2023/05/01 05:58:34 [error] 98#98: *123 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.219.1, server: 0.0.0.0:443
I googled about this for hours, but couldn’t figure it out for my situation.
I feel like almost giving up. Hope someone guides me to get through.

First, these are my web services. (The addresses are not real, only to show what it looks like)

  • myweb : it’s just a static HTML.
  • sub1 : it’s a web service with PHP, MySQL.
  • sub2 : it’s a web service using Laravel (but I won’t bring this here)
    And I set port forwarding at my router like 80 to 8090, 443 to 8091 to my Raspberry Pi. (nothing related with Docker. Just my preference.)

Here are my docker-compose files and nginx.conf for each web service.
docker-compose.yaml for myweb

version: '3.9'
services:
  nginx:
    image: 'nginx:stable-alpine'
    expose:
      - "80"
      - "443"
    environment:
      - VIRTUAL_HOST=myweb.com
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=myweb.com
    volumes:
      - ./nginx:/etc/nginx/conf.d
      - /home/me/public_html/main:/var/www/html
    networks:
      - mynetwork
networks:
  mynetwork:
    external: true

nginx.conf file for myweb

server {
    # listen 80;
    index index.html;
    server_name myweb.com;
    root /var/www/html;
    location / {
        autoindex off;
    }
}

docker-compose.yaml for sub1

version: '3.9'
services:
  nginx:
    image: 'nginx:stable-alpine'
    expose:
    - "80"
    environment:
      - VIRTUAL_HOST=sub1.myweb.com
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=sub1.myweb.com
    volumes:
      - ./nginx:/etc/nginx/conf.d
      - /home/me/public_html/sub1:/var/www/html
      - ./log:/var/log/nginx
    networks:
      - mynetwork
  php:
    build:
      context: ./dockerfiles
      dockerfile: php.dockerfile
    volumes:
      - /home/me/public_html/sub1:/var/www/html
    networks:
      - mynetwork
  mysql:
    image: 'linuxserver/mariadb'
    env_file:
      - ./env/sub1.env
    restart: unless-stopped
    ports:
      - '3306:3306'
    networks:
      - mynetwork
networks:
  mynetwork:
    external: true

nginx.conf file for sub1

server {
    index index.php index.html;
    server_name sub1.myweb.com;
    root /var/www/html;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

Finally, this is the docker-compose file for nginx-proxy and letsencrypt.

version: '3.9'
services:
  nginx-proxy:
    image: 'jwilder/nginx-proxy:latest'
    ports:
      - '8090:80'
      - '8091:443'
    volumes:
      - ./nginx:/etc/nginx/conf.d
      - ./dhparam:/etc/nginx/dhparam
      - ./vhost:/etc/nginx/vhost.d
      - ./certs:/etc/nginx/certs
      - ./log:/var/log/nginx
      - /var/run/docker.sock:/tmp/docker.sock:ro
    restart: always
    networks:
      - mynetwork
  letsencrypt:
    image: "jrcs/letsencrypt-nginx-proxy-companion:latest"
    volumes_from:
      - nginx-proxy
    volumes:
      - ./certs:/etc/nginx/certs
      - /var/run/docker.sock:/tmp/docker.sock:ro
    environment:
      NGINX_PROXY_CONTAINER: "nginx-proxy"
      DEFAULT_EMAIL: "admin_me@myweb.com"
    restart: always
    depends_on:
      - "nginx-proxy"
    networks: 
      - mynetwork
networks:
  mynetwork:
    external: true

All containers are up and running fine. However like I said before, I can only reach them through HTTP, not HTTPS.
Could anyone tell me what’s wrong with this?
It certainly looks like getting the SSL certification has failed but I don’t know which part caused it.

Please help me. Even guesses or tips would be appreciated.

somehow I solved it.
Apparently, I’ve followed incorrectly while I have little knowledge of Nginx and Networks.

1 Like