Someone can help me please Nginx

Docker Engine General
1

ruby-version : 3.2.5
rails : 7.2.1
Ubuntu 22.04
#################
Dockerfile


# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
ARG RUBY_VERSION=3.2.5
FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base

# Rails app lives here
WORKDIR /rails

# Install base packages
RUN apt-get update -qq && \
    apt-get install --no-install-recommends -y curl libffi-dev libpq5 libjemalloc2 libvips sqlite3 && \
    rm -rf /var/lib/apt/lists /var/cache/apt/archives

# Set production environment
ENV RAILS_ENV="production" \
    BUNDLE_DEPLOYMENT="1" \
    BUNDLE_PATH="/usr/local/bundle" \
    BUNDLE_WITHOUT="development" \
    POSTGRES_HOST="blog-postgres-1"

# Throw-away build stage to reduce size of final image
FROM base AS build

# Install packages needed to build gems
RUN apt-get update -qq && \
    apt-get install --no-install-recommends -y libpq-dev build-essential git pkg-config && \
    rm -rf /var/lib/apt/lists /var/cache/apt/archives

# Install application gems
COPY Gemfile Gemfile.lock ./
RUN bundle install && \
    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
    bundle exec bootsnap precompile --gemfile

# Copy application code
COPY . .

# Precompile bootsnap code for faster boot times
RUN bundle exec bootsnap precompile app/ lib/

# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile




# Final stage for app image
FROM base

# Copy built artifacts: gems, application
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --from=build /rails /rails

# Run and own only the runtime files as a non-root user for security
RUN groupadd --system --gid 1000 rails && \
    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
    chown -R rails:rails db log storage tmp
USER 1000:1000

# Entrypoint prepares the database.
ENTRYPOINT ["/rails/bin/docker-entrypoint"]

# Start the server by default, this can be overwritten at runtime
EXPOSE 3000
CMD ["./bin/rails", "server"]

#################
compose.yml

name: blog
services:
  nginx:
    image: nginx:1.25.4-alpine
    # Publish port 80 so, port 80 becomes accessible for external clients.
    ports:
      - "80:80"
      - "443:443"
    # Mount the volume `assets` at `/usr/share/nginx/html` path inside the Nginx container.
    volumes:
      - assets:/usr/share/nginx/html
    configs:
      # Mount the Nginx configuration file from Docker config nginx_config.
      - source: nginx_config
        target: /etc/nginx/conf.d/default.conf
    networks:
      - app
    secrets:
      - source: nginx_crt
        target: /etc/nginx/nginx.crt
      - source: nginx_key
        target: /etc/nginx/nginx.key
    depends_on:
      - "railsapp"
  railsapp:
    image: walilahilhamdou/my-blog:3.0.0
    environment:
      POSTGRES_HOST: ${postgres_host}
    volumes:
      - assets:/rails/public
    secrets:
      - source: master_key_secret
        target: /rails/config/master.key
    expose:
      - 3000
    networks:
      - app
      - db
    depends_on:
      - "postgres"
  postgres:
    image: postgres:15.6
    environment:
      POSTGRES_USER: ${db_user}
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
      PGDATA: /db/data
    volumes:
      - db:/db/data
    secrets:
      - db_password
    expose:
      - 5432
    networks:
      - db
volumes:
  db:
    external: true
    name: db
  assets:
    external: true
    name: assets
networks:
  db:
    name: db
  app:
    name: app
secrets:
  master_key_secret:
    file: ./master.key
  db_password:
    file: ./db_password.txt
  nginx_crt:
    file: ./cert/nginx.crt
  nginx_key:
    file: ./cert/nginx.key
configs:
  # Create Docker config from the ./nginx.conf file.
  nginx_config:
    file: ./nginx.conf

######################
Nginx.conf

server {
    listen       80;
    listen  [::]:80;

    location / {
      root   @rails/public;
      #root   /usr/share/nginx/html;
      try_files $uri @rails;
    }

    location @rails {
      proxy_redirect off;
      proxy_pass http://malinuse.com:3000;
    }
}
server {
    listen       443 ssl;
    listen  [::]:443 ssl;

    ssl_certificate /etc/nginx/nginx.crt;
    ssl_certificate_key /etc/nginx/nginx.key;

    location / {
      root @rails/public;
      #root /usr/share/nginx/html;
      try_files $uri @rails;
    }

    location @rails {
      proxy_redirect off;
      proxy_pass http://blog-railsapp-1:3000;
    }
}

####################"

2

Please format your code using
```dockerfile, ```yml or ```nginx

your code here

```

3

Thank you very much very kind

4

It would also be helpful if you say anything about the problem you’re having

5

I have this error

imidsac@aapositives:~/blog$ sudo docker compose logs
nginx-1  | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx-1  | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx-1  | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx-1  | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx-1  | 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
nginx-1  | /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
nginx-1  | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx-1  | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx-1  | /docker-entrypoint.sh: Configuration complete; ready for start up
nginx-1  | 2024/10/22 12:32:21 [notice] 1#1: using the "epoll" event method
nginx-1  | 2024/10/22 12:32:21 [notice] 1#1: nginx/1.25.4
nginx-1  | 2024/10/22 12:32:21 [notice] 1#1: built by gcc 12.2.1 20220924 (Alpine 12.2.1_git20220924-r10)
nginx-1  | 2024/10/22 12:32:21 [notice] 1#1: OS: Linux 5.15.0-124-generic
nginx-1  | 2024/10/22 12:32:21 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
nginx-1  | 2024/10/22 12:32:21 [notice] 1#1: start worker processes
nginx-1  | 2024/10/22 12:32:21 [notice] 1#1: start worker process 30
nginx-1  | 2024/10/22 12:32:24 [error] 30#30: *1 directory index of "/usr/share/nginx/html/" is forbidden, client: 217.64.110.158, server: localhost, request: "GET / HTTP/1.1", host: "malinuse.com"
nginx-1  | 217.64.110.158 - - [22/Oct/2024:12:32:24 +0000] "GET / HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" "-"
nginx-1  | 2024/10/22 12:32:43 [error] 30#30: *3 directory index of "/usr/share/nginx/html/" is forbidden, client: 217.64.110.158, server: localhost, request: "GET / HTTP/1.1", host: "malinuse.com"
nginx-1  | 217.64.110.158 - - [22/Oct/2024:12:32:43 +0000] "GET / HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" "-"
railsapp-1  | => Booting Puma
railsapp-1  | => Rails 7.2.1.1 application starting in production
railsapp-1  | => Run `bin/rails server --help` for more startup options
railsapp-1  | Puma starting in single mode...
railsapp-1  | * Puma version: 6.4.3 (ruby 3.2.5-p208) ("The Eagle of Durango")
railsapp-1  | *  Min threads: 3
railsapp-1  | *  Max threads: 3
railsapp-1  | *  Environment: production
railsapp-1  | *          PID: 1
railsapp-1  | * Listening on http://0.0.0.0:3000
railsapp-1  | Use Ctrl-C to stop
postgres-1  |
postgres-1  | PostgreSQL Database directory appears to contain a database; Skipping initialization
postgres-1  |
postgres-1  | 2024-10-22 12:32:19.968 UTC [1] LOG:  starting PostgreSQL 15.6 (Debian 15.6-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
postgres-1  | 2024-10-22 12:32:19.987 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
postgres-1  | 2024-10-22 12:32:19.988 UTC [1] LOG:  listening on IPv6 address "::", port 5432
postgres-1  | 2024-10-22 12:32:19.992 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres-1  | 2024-10-22 12:32:20.019 UTC [27] LOG:  database system was shut down at 2024-10-22 12:32:05 UTC
postgres-1  | 2024-10-22 12:32:20.033 UTC [1] LOG:  database system is ready to accept connections
imidsac@aapositives:~/blog$
6 
nginx-1  | 2024/10/22 12:32:24 [error] 30#30: *1 directory index of "/usr/share/nginx/html/" is forbidden, client: 217.64.110.158, server: localhost, request: "GET / HTTP/1.1", host: "malinuse.com"
nginx-1  | 217.64.110.158 - - [22/Oct/2024:12:32:24 +0000] "GET / HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" "-"
nginx-1  | 2024/10/22 12:32:43 [error] 30#30: *3 directory index of "/usr/share/nginx/html/" is forbidden, client: 217.64.110.158, server: localhost, request: "GET / HTTP/1.1", host: "malinuse.com"
nginx-1  | 217.64.110.158 - - [22/Oct/2024:12:32:43 +0000] "GET / HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" "-"

Forbiden

7

It seems you request root /, which is mapped to folder /usr/share/nginx/html/. There is probably no index.html file present and directory listing of content is forbidden by settings.

When you just need a reverse proxy to handle TLS and multiple services, just check nginx-proxy and acme-companion or simple Traefik example. They will use env or labels on target service/container to set up everything automatically.