Nginx only sees one certificate?

Docker Engine Compose
1

hello, i have following compose configuration:

  huohuo:
    container_name: huohuo
    image: nginx
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./leconf:/etc/nginx/conf.d
      - /etc/letsencrypt:/etc/letsencrypt
      - ./web:/var/www/html

and following nginx configuration

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
# configuration file /etc/nginx/nginx.conf:

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

#nginx mime.types goes here, not relevant

# configuration file /etc/nginx/conf.d/critter.conf:
server {
server_name 7.tiffany.eu.org;
server_name 2a12-5e40-1-6dff-c13f-fe36-19c3-e562.sslip.io;
server_name 91-239-208-63.sslip.io;
server_name 91-239-208-63.nip.io;
server_name 5befd03f.nip.io;
server_name 91.239.208.63.16clouds.com;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/7.tiffany.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/7.tiffany.eu.org/privkey.pem;
add_header X-Robots-Tag noindex;
root /var/www/html;
index index.htm;
}
server {
server_name 7.tiffany.eu.org;
server_name 2a12-5e40-1-6dff-c13f-fe36-19c3-e562.sslip.io;
server_name 91-239-208-63.sslip.io;
server_name 91-239-208-63.nip.io;
server_name 5befd03f.nip.io;
server_name 91.239.208.63.16clouds.com;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}

# configuration file /etc/nginx/conf.d/tiff.conf:
server {
server_name tiffany.eu.org;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/7.tiffany.eu.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/7.tiffany.eu.org/privkey.pem;
root /var/www/html;
}
server {
server_name tiffany.eu.org;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}

# configuration file /etc/nginx/conf.d/tranz.conf:
server {
server_name tranzhex.net;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
ssl_certificate /etc/letsencrypt/live/tranzhex.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tranzhex.net/privkey.pem;
location /.well-known/acme-challenge {
root /var/www/html;
}
location / {
proxy_pass http://feixiao/;
}
}
server {
server_name tranzhex.net;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}

nginx: configuration file /etc/nginx/nginx.conf test is successful

so far only /tiffany.eu.org and /7.tiffany.eu.org works, not /tranzhex.net. so SNI is fine, but the fact that nginx have no problems reading /tranzhex.net certificate but it’s very reluctant to actually load it and give that certificate when requesting /tranzhex.net is absurd to me. how do I fix it?

4

Your issue seems to be an nginx configuration issue, or Let’s Encrypt issue not a Docker issue

To turn it into a Docker issue, I would recommend using an image specifically made for being a reverese proxy so you don’t have to deall with Nginx configuration.

https://hub.docker.com/r/jwilder/nginx-proxy#ssl-support-using-letsencrypt

Or you can use other images as well. I switched to Traefik.
After checking the second domain from a browser, I see the server loads the certificate for the other domain.

Have you checked the nginx logs?

docker compose logs huohuo
1 Like
5

sorry, i was supposed to delete this post but i forgot.