Ubuntu 20.04 + Virtualmin + Let's Encrypt + Docker container gives SSL_ERROR_RX_RECORD_TOO_LONG on custom port

Hi folks,

I’m totally new here (and in Docker implementation) so I really hope I’ve posted my question in the right place.

As the title explains what my environment is (globally). Everything runs very smooth on my VPS, even Docker. Let’s encrypt works also without any troubles. The only thing I’m running into is getting a SSL certificate working on the containers. For example, I have a n8n instance running in Docker which is reachable via http, but not https://

Live example:
https://n8n.hielke.net:5678/

The custom port shouldn’t be a problem I think?

When calling the url securely it gives me this error:
SSL_ERROR_RX_RECORD_TOO_LONG

Anyone who has an idea what’s happening here and hopefully anyone who knows how to fix this :slight_smile:
Thank you all very much in advance for thinking with me!

I must admit, it is hard to follow your description.

The error SSL_ERROR_RX_RECORD_TOO_LONG is thrown, because the browser initiates a https handshake on a service that does not provide https. Thus said, please share details about where and how you exactly configured https for n8n.hielke.net:5678.

Thanks for your reply @meyay ! Now I find myself a total n00b. Where should I configure SSL for a specific port? If you browse to https://n8n.hielke.net on the default port, you can see that SSL for that domain is working. But I could understand that Docker doesn’t rely on specific hostnames. Could you please point me in the right direction?

Judged by the the converstation, I strongy recommend you to exercise this free self-paced docker training: Introduction to Containers It will provide you with a solid understanding of docker concepts and how things need to be done.

I leave this one for someone else to answer. Good luck!

Configuring SSL is not really a Docker issue, but it could become one when you want to do it with tools working without containers but not inside containers (yet). Our problem however is that we don’t know anything about how you configured SSL. I quote Metin’s very important sentence:

If you didn’t, because you expect it to work since it works on an other port, show the configuration of that. SSL/TLS and ports are like keys and keyholes. It is possible that one key can open multiple door but you still need to put that ticket into the keyhole. Translating it to your problem it means you need to copy the SSL/TLS certificates to the right place and configure the services to use those certificates. In case of containers, it means you need to configure at least one container (reverse proxy) to know and use those keys. If you want to use that certificate with multiple ports, you need to make sure that you configured the proxy or webserver properly. For example if you have different ports for different virtual hosts than you need to set the SSL certs for both of the virtual hosts.

And… since we are talking about Docker, you need to make sure that you forwarded the that port to the right container.

Even if I could somehow answer at least a part of your question, i also suggest that you listen to Metin and check that training he suggested. :slight_smile: I am just not sure that you really don’t know that level, because SSL/TLS is one topic that I don’t claim to fully understand either, but it cannot hurt.

Came across this problem last week, and was able to resolve it. Sharing some context & what worked below.

My environment:

  • Host: DigitalOcean Ubuntu 22.10 x64 droplet
  • Other software: installed as per instructions here
  • web server & proxy (as per tutorial above): jrcs/letsencrypt-nginx-proxy-companion & jwilder/nginx-proxy:latest (( you’ll have to look these up separately, docker forums won’t let me upload more than 2 links as a new user ))

What worked:

  • as per instructions here: need to send the environment variables:
    • LETSENCRYPT_HOST
    • LETSENCRYPT_EMAIL
    • VIRTUAL_HOST
    • VIRTUAL_PORT
    • N8N_HOST
    • N8N_PROTOCOL

E.g., if you’re running docker run <<all other options>> docker.n8n.io/n8nio/n8n, you should run docker run <<all other options>> -e LETSENCRYPT_HOST=n8n.heilke.net -e LETSENCRYPT_EMAIL=your@ema.il -e N8N_PROTOCOL=https -e N8N_HOST=n8n.heilke.net -e VIRTUAL_HOST=n8n.heilke.net -e VIRTUAL_PORT=5678 docker.n8n.io/n8nio/n8n