I need some help figuring out to connect my web services using Docker.
Sorry If I chose the wrong category, just let me know and I will move.
I am trying to use Docker for my existing web services on Raspberry Pi, which is served like “myweb dot com”, “sub1.myweb dot com” and “sub2.myweb dot com”
They were originally served with Apache and all set SSL. It’s frustrating to dockerize everything but I want to achieve this.
So far, I was able to build and run my web services as Docker containers. Then tried to use Nginx proxy to connect their original domain and lets-encrypt for SSL with this article.
https://web.vnappmob.com/page/hosting-multiple-sites-or-applications-using-docker-and-nginx-reverse-proxy-with-letsencrypt-ssl-139
So now I can reach my services via HTTP, but not HTTPS.
There are error logs like below.
2023/05/01 05:58:34 [error] 98#98: *123 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 192.168.219.1, server: 0.0.0.0:443
I googled about this for hours, but couldn’t figure it out for my situation.
I feel like almost giving up. Hope someone guides me to get through.
First, these are my web services. (The addresses are not real, only to show what it looks like)
- myweb : it’s just a static HTML.
- sub1 : it’s a web service with PHP, MySQL.
- sub2 : it’s a web service using Laravel (but I won’t bring this here)
And I set port forwarding at my router like 80 to 8090, 443 to 8091 to my Raspberry Pi. (nothing related with Docker. Just my preference.)
Here are my docker-compose files and nginx.conf for each web service.
docker-compose.yaml for myweb
version: '3.9'
services:
nginx:
image: 'nginx:stable-alpine'
expose:
- "80"
- "443"
environment:
- VIRTUAL_HOST=myweb.com
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=myweb.com
volumes:
- ./nginx:/etc/nginx/conf.d
- /home/me/public_html/main:/var/www/html
networks:
- mynetwork
networks:
mynetwork:
external: true
nginx.conf file for myweb
server {
# listen 80;
index index.html;
server_name myweb.com;
root /var/www/html;
location / {
autoindex off;
}
}
docker-compose.yaml for sub1
version: '3.9'
services:
nginx:
image: 'nginx:stable-alpine'
expose:
- "80"
environment:
- VIRTUAL_HOST=sub1.myweb.com
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=sub1.myweb.com
volumes:
- ./nginx:/etc/nginx/conf.d
- /home/me/public_html/sub1:/var/www/html
- ./log:/var/log/nginx
networks:
- mynetwork
php:
build:
context: ./dockerfiles
dockerfile: php.dockerfile
volumes:
- /home/me/public_html/sub1:/var/www/html
networks:
- mynetwork
mysql:
image: 'linuxserver/mariadb'
env_file:
- ./env/sub1.env
restart: unless-stopped
ports:
- '3306:3306'
networks:
- mynetwork
networks:
mynetwork:
external: true
nginx.conf file for sub1
server {
index index.php index.html;
server_name sub1.myweb.com;
root /var/www/html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
Finally, this is the docker-compose file for nginx-proxy and letsencrypt.
version: '3.9'
services:
nginx-proxy:
image: 'jwilder/nginx-proxy:latest'
ports:
- '8090:80'
- '8091:443'
volumes:
- ./nginx:/etc/nginx/conf.d
- ./dhparam:/etc/nginx/dhparam
- ./vhost:/etc/nginx/vhost.d
- ./certs:/etc/nginx/certs
- ./log:/var/log/nginx
- /var/run/docker.sock:/tmp/docker.sock:ro
restart: always
networks:
- mynetwork
letsencrypt:
image: "jrcs/letsencrypt-nginx-proxy-companion:latest"
volumes_from:
- nginx-proxy
volumes:
- ./certs:/etc/nginx/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
environment:
NGINX_PROXY_CONTAINER: "nginx-proxy"
DEFAULT_EMAIL: "admin_me@myweb.com"
restart: always
depends_on:
- "nginx-proxy"
networks:
- mynetwork
networks:
mynetwork:
external: true
All containers are up and running fine. However like I said before, I can only reach them through HTTP, not HTTPS.
Could anyone tell me what’s wrong with this?
It certainly looks like getting the SSL certification has failed but I don’t know which part caused it.
Please help me. Even guesses or tips would be appreciated.