Hello friends,
When I build and run the docker-compose file, I get an error like the following.
I want to do ssl with letsencrypt on nginx.
thank you in advance for your help.
Thank you
RUN code: sudo docker-compose -f docker-compose.prod.yml up --build
docker-compose.prod.yml
version: '3'
services:
nginxproxy:
build:
context: .
dockerfile: Dockerfile.nginx
networks:
private: {}
ports:
- "443:443"
- "80:80"
environment:
DOMAIN: mywebsite.net
EMAIL: mymailaddress@hotmail.com
RENEW_INTERVAL: 12h
volumes:
- ./certificates:/usr/share/nginx/certificates
networks:
private: {}
Dockerfile.nginx
FROM nginx:alpine
WORKDIR /opt
RUN apk add --no-cache inotify-tools certbot openssl ca-certificates
COPY entrypoint.sh nginx-letsencrypt
COPY certbot.sh certbot.sh
COPY ./nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY ssl-options/ /etc/ssl-options
RUN chmod +x nginx-letsencrypt && \
chmod +x certbot.sh && \
mkdir -p /usr/share/nginx/certificates
EXPOSE 80
VOLUME ["/usr/share/nginx/certificates"]
ENTRYPOINT ["./nginx-letsencrypt"]
./nginx/nginx.conf
upstream upstream_server{
server app:3000;
}
server {
listen 80;
# docker dsn resolver for private networks
# resolver 127.0.0.11;
server_name localhost;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
set $target http://upstream_server;
proxy_pass $target;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/share/nginx/certificates/fullchain.pem;
ssl_certificate_key /usr/share/nginx/certificates/privkey.pem;
include /etc/ssl-options/options-nginx-ssl.conf;
ssl_dhparam /etc/ssl-options/ssl-dhparams.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
set $target http://upstream_server;
proxy_pass $target;
}
}
OUTPUT ERROR
Successfully tagged testfiles_nginxproxy:latest
Creating testfiles_nginxproxy_1 … done
Attaching to testfiles_nginxproxy_1
nginxproxy_1 | + ‘[[’ ‘!’ -f /usr/share/nginx/certificates/cert.crt ]]
nginxproxy_1 | + openssl genrsa -out /usr/share/nginx/certificates/privkey.pem 4096
nginxproxy_1 | Generating RSA private key, 4096 bit long modulus (2 primes)
nginxproxy_1 | …++++
nginxproxy_1 | …++++
nginxproxy_1 | e is 65537 (0x010001)
nginxproxy_1 | + openssl req -new -key /usr/share/nginx/certificates/privkey.pem -out /usr/share/nginx/certificates/cert.csr -nodes -subj ‘/C=PT/ST=World/L=World/O=localhost/OU=Myebsite/CN=localhost/EMAIL=mymailaddress@hotmail.com’
nginxproxy_1 | req: Skipping unknown attribute “EMAIL”
nginxproxy_1 | + openssl x509 -req -days 365 -in /usr/share/nginx/certificates/cert.csr -signkey /usr/share/nginx/certificates/privkey.pem -out ‘/usr$’
nginxproxy_1 | Signature ok
nginxproxy_1 | subject=C = PT, ST = World, L = World, O = localhost, OU = Mywebsite, CN = localhost
nginxproxy_1 | Getting Private key
nginxproxy_1 | + nginx -g ‘daemon off;’
nginxproxy_1 | + inotifywait -e close_write /usr/share/nginx/certificates
nginxproxy_1 | + :
nginxproxy_1 | + /opt/certbot.sh
nginxproxy_1 | + Setting up watches.
nginxproxy_1 | Watches established.
nginxproxy_1 | ‘[[’ ‘!’ -f /var/www/certbot ]]
nginxproxy_1 | + mkdir -p /var/www/certbot
nginxproxy_1 | + certbot certonly --config-dir /etc/letsencrypt --agree-tos --domains localhost --email mymailaddress@hotmail.com --expand --noninteractive --webroot --webroot-path /var/www/certbot
nginxproxy_1 | 2019/11/16 20:36:30 [emerg] 11#11: no “ssl_certificate” is defined for the “listen … ssl” directive in /etc/nginx/conf.d/default.conf:35
nginxproxy_1 | nginx: [emerg] no “ssl_certificate” is defined for the “listen … ssl” directive in /etc/nginx/conf.d/default.conf:35
testfiles_nginxproxy_1 exited with code 1