CODEWITHSUNDEEP
dockerapachevue.jsssl-certificatecertbot
Florence Restivo
Florence Restivo

Reputation: 3

Docker + Vue.js + Nginx on Vps Debian/Apache error "Error during SSL Handshake with remote server"

I am trying to containerize all things related to my web app (Vue.js) using Docker Compose, including Nginx & SSL Certificates (Certbot) on a VPS OVH Debian+Apache.

I have this error :

"The proxy server could not handle the request

Reason: Error during SSL Handshake with remote server"

If anyone can spot where I am going wrong, I would be extremely grateful!

Docker-compose.yml

services:
  my-app-prod:
    container_name: my-app-prod
    build:
      context: .
      dockerfile: Dockerfile-prod
    ports:
      - '8080:80'
      - '4567:443'

Dockerfile-prod

FROM node:12.2.0-alpine as build
WORKDIR /app
ENV PATH /app/node_modules/.bin:$PATH
COPY package.json /app/package.json
RUN npm install --silent
RUN npm install @vue/[email protected] -g
COPY . /app
RUN npm run build

# production environment
FROM nginx:1.16.0-alpine
COPY --from=build /app/dist /usr/share/nginx/html
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]

sites-avalaibles/nom-de-domaine.fr.conf

    ServerName nom-de-domaine.fr
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/
    ProxyPassReverseCookieDomain 127.0.0.1 nom-de-domaine.fr

    RewriteEngine on
    RewriteCond %{SERVER_NAME} = nom-de-domaine.fr
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

sites-avalaibles/nom-de-domaine.fr-le-ssl.conf

<VirtualHost *:443>
    ServerName nom-de-domaine.fr
   # ProxyPreserveHost On
   # SSLProxyEngine On
   # SSLProxyVerify none
   # SSLProxyCheckPeerCN off
   # SSLProxyCheckPeerName off
   # SSLProxyCheckPeerExpire off

   # SSLEngine on
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off    

    ProxyPass / https://127.0.0.1:4567/
    ProxyPassReverse / https://127.0.0.1:4567/
    ProxyPassReverseCookieDomain 127.0.0.1 nom-de-domaine.fr

    SSLCertificateFile /etc/letsencrypt/live/ nom-de-domaine.fr /fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ nom-de-domaine.fr/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/ nom-de-domaine.fr /chain.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    CustomLog "/var/log/apache2/ nom-de-domaine.fr _log" "%h %l %u %t \"%r\" %>s %b"

</VirtualHost>
</IfModule>

Upvotes: 0

Views: 1034

Answers (1)

cromatikap
cromatikap

Reputation: 116

As I see from the post tag and the config files, you are using Apache, not nginx (on the host at least).

Between the host and your container you don't need http over ssl since it's in the localhost (== 127.0.0.1) network, your ProxyPass should be pointing on the port 8080, you don't need to expose the 443 port of your container.

Typically this is how I make my config files:

default.conf:

<VirtualHost *:80>
    ServerName nom-de-domaine.fr

    RewriteEngine on
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

default-le-ssl.conf:

<VirtualHost *:443>
    ServerName nom-de-domaine.fr

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

    # From certbot:
    SSLCertificateFile /etc/letsencrypt/live/nom-de-domaine.fr/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nom-de-domaine.fr/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

The virtual host for port 80 (http) is only there to make a permanent redirection to port 443 (http over ssl - https) which prevent visitors to request your app through the non encrypted http.

Upvotes: 1

Related Questions