Reputation: 4079
Laradock, configuring SSL with Nginx on localhost
I've been using Laradock to do my local development for a few weeks now and recently needed to utilise HTTPS in order to get Google to callback to me when integrating social logins.
I develop on Windows using WSL2 and made a change to my hosts file:
127.0.0.1 tinker-dev.com
Any normal http traffic to tinker-dev.com routes correctly and I see my application, great!
I did some reading and found that I need an SSL certificate signed by an authority and stumped upon mkcert, it looks like it should do the job. After following the installation I cd into the nginx/ssl folder which is mounted into Laradocks nginx ssl directory via the NGINX_SSL_PATH=./nginx/ssl/ .env var, and I then ran mkcert tinker-dev.com localhost 127.0.0.1 0.0.0.0 ::1 to produce a cert and key that could be used to authorise requests from these domains (this produced two files: tinker-dev.com+4.pem and tinker-dev.com+4-key.pem
I then modified the default.conf in the sites-available to utilise these certs:
# For https
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
ssl_certificate /etc/nginx/ssl/tinker-dev.com+4.pem;
ssl_certificate_key /etc/nginx/ssl/tinker-dev.com+4-key.pem;
and also modified laradocks startup.sh to remove the block which auto generates an SSL certificate on load (if default.crtis not found)
#if [ ! -f /etc/nginx/ssl/default.crt ]; then
# openssl genrsa -out "/etc/nginx/ssl/default.key" 2048
# openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK"
# openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -#out "/etc/nginx/ssl/default.crt"
#fi
I then started my container and found there were no errors in the log, but any traffic to https://tinker-dev.com resulted in no traffic being logged in the access log (http traffic is still logged using the domain)...I also realised that I was just being met with a 403 error for any https traffic.
I ran nginx -T to check which config was loaded and I can see that it is using my certificate/key and if I do cat /etc/nginx/ssl/tinker-dev.com+4.pem it prints the cert, so I'm certain that they are being mounted into the container (same result if I cat the key)
Am I doing anything else obviously wrong here? I'm not a devopsy person and this stuff is all relatively new to me.
Upvotes: 0
Views: 1990
Answers (1)
Reputation: 366
I had the exact same issue. Being on Windows 10 version 2004, WSL2 became available allowing you to use Docker Desktop with WSL2.
I also have VMWare Workstation 14.x installed. I had this frustration for several weeks before deciding to--reluctantly--uninstall VMWare Workstation. This immediately solved my issue. I tried reinstalling VMWare however, that caused the issue to reappear. I also tried removing all virtual networks in the Virtual Network Editor but this did not make a difference.
If you check your NGINX container access logs, you will see that NGINX never receives the connection requests that you make over SSL--Oddly, HTTP requests seem to work fine. Also, the browser shows a certificate from VMWare. Unfortunately, I've spent a lot of time searching for a solution to this issue but have not found one beyond uninstalling VMWare Workstation. I hope this at least gets you on the correct track.
Upvotes: 1
Related Questions
- Running Nginx Docker with SSL self signed certificate
- Nginx cannot load certificate in docker container
- trying ssl to docker nginx container
- How to set up https to nginx docker container (laradock)?
- Unable to run Nginx HTTPS webserver on Docker
- SSL certificate on local Laradock Nginx project
- Set up https access to nginx docker container
- Laradock Nginx: This site can’t be reached
- Docker with Nginx - Https not working
- Nginx SSL inside a docker container