Not every Container gets a Certificate with NGINX reverse proxy and Letsencrypt

General Discussions
1

Hi,
i get bored during these days and i thought it is a good idea to consolidate my Zoo of several Tools and site’s at several providers to a single VServer with Docker.
I bought one VServer with 1 public IP, Debian 10 and 300GB HDD.
Docker is installed an running fine.
I would like to put all my Tools and Sites behind a reverse Proxy.
(I think that is a common idea, and i’am not the person first doing that)
My Zoo:

  • Nextcloud
  • Pico CMS Website
  • Wordpress Blog (several sites)
  • Portainer
  • Redmine
  • Mailcow
  • Plain Web Server with Apache and PHP (several site)

Finally i got Nextcloud, Portainer and Mailcow up and running and using SSL-Certificates from Letsencrypt.
All the others are up and running, but are not using SSL-Certificates and are only reachable on Port 80/http.

Example:
dev-portainer is working, meaning SSL protected
dev-www is working, but not SSL protected (as an example)

i don’t know why. I could pull out my hair…
What makes the difference?
Am i missing something?
Does any body have an idea?
Where to look?
Log files?

Here is my docker-compose.yml:

—SNIP—
version: ‘3’

services:

###############################################################################

1) dev-proxy Service

###############################################################################
dev-proxy:
image: jwilder/nginx-proxy:alpine
labels:
- “com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true”
container_name: dev-proxy
networks:
network_dev:
ipv4_address: 172.22.2.101
aliases:
- dev-proxy
ports:
- 80:80
- 443:443
environment:
- DEFAULT_HOST=wwwdev.foo.bar
- ENABLE_IPV6=true
- DHPARAM_GENERATION=false
volumes:
- ./dev-proxy/conf.d:/etc/nginx/conf.d:rw
- ./dev-proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./dev-proxy/html:/usr/share/nginx/html:rw
- ./dev-proxy/certs:/etc/nginx/certs:ro
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
restart: unless-stopped

###############################################################################

2) Lets Encrypt Service

###############################################################################
dev-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: dev-letsencrypt
depends_on:
- dev-proxy
environment:
- NGINX_PROXY_CONTAINER=dev-proxy
networks:
- network_dev
volumes:
- ./dev-proxy/certs:/etc/nginx/certs:rw
- ./dev-proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./dev-proxy/html:/usr/share/nginx/html:rw
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped

###############################################################################

3) wwwdev - Web Server Service

###############################################################################
dev-www:
#image: php:7.4-apache
image: webdevops/php-apache:7.3
#image: httpd:latest
container_name: dev-www
networks:
network_dev:
ipv4_address: 172.22.2.103
aliases:
- dev-www
depends_on:
- dev-letsencrypt
- dev-proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- ./dev-www/var/www/html:/var/www/html/
expose:
- 80
environment:
- WEB_DOCUMENT_ROOT=/var/www/html
#- NETWORK_ACCESS=external
#- HTTPS_METHOD=redirect
- VIRTUAL_HOST=wwwdev.foo.bar
- VIRTUAL_PROTO=http
- VIRTUAL_PORT=80
#- NGINX_PROXY_CONTAINER=dev-proxy
- LETSENRYPT_HOST=wwwdev.foo.bar
- LETSENRYPT_EMAIL=some@foo.bar
restart: unless-stopped

###############################################################################

8) Portainer Docker Service Management

###############################################################################
dev-portainer:
image: portainer/portainer
container_name: dev-portainer
restart: always
depends_on:
- dev-letsencrypt
- dev-proxy
environment:
- VIRTUAL_HOST=portainer.foo.bar
- LETSENCRYPT_HOST=portainer.foo.bar
- LETSENCRYPT_EMAIL=some@foo.bar
networks:
network_dev:
ipv4_address: 172.22.2.108
aliases:
- dev-portainer
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- dev-portainer_data:/data

##############################################################################

Global definitions

##############################################################################
volumes:
dev-portainer_data:

networks:
network_dev:
driver: bridge
# driver_opts:
# com.docker.network.bridge.name: br-network_dev
#enable_ipv6: true
#enable_ipv4: true
ipam:
driver: default
config:
- subnet: {IPV4_NETWORK:-172.22.2}.0/24 - subnet: {IPV6_NETWORK:-fd4d:6169:6c62:6f77::/64}
—SNIP—

—SNIP—
docker-compose version 1.21.0, build unknown
docker-py version: 3.4.1
CPython version: 3.7.3
OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019

Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:25:56 2020
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:24:28 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683