Reputation: 59
I can't make certbot work with docker and nginx
I have a dockerized Django React Nginx webapp. This is my docker-compose.yml:
services:
db:
image: postgres:13.2
container_name: _database
restart: always
volumes:
- ./database:/var/lib/postgresql/data
environment:
POSTGRES_DB:
POSTGRES_USER:
POSTGRES_PASSWORD:
ports:
- 5432:5432
backend:
build:
context: ./backend
dockerfile: dockerfile
container_name: backend_jkr
volumes:
# Source code directory:
- type: bind
source: ./backend
target: /app/backend
ports:
- "8000:8000"
stdin_open: true
tty: true
# command: sh -c "cd /app/backend && python3 manage.py runserver 0.0.0.0:8000"
frontend:
build:
context: ./frontend/
dockerfile: Dockerfile
container_name: frontend_jkr
volumes:
# Source code directory:
- type: bind
source: ./frontend
target: /app/frontend
- type: bind
source: ./frontend/node_modules
target: /app/frontend/node_modules
ports:
- "3001:3000"
#3001 el primero en produccion
environment:
- WATCHPACK_POLLING=true
- NODE_ENV=development
- CHOKIDAR_USEPOLLING=true
depends_on:
- backend
stdin_open: true
# command: npm start
nginx:
image: nginx:latest
container_name: nginx_jkr
build: .
restart: always
ports:
- "80:80"
volumes:
- ./nginx.conf:/nginx.conf:ro
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
depends_on:
- backend
- frontend
certbot:
image: certbot/certbot
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
And my nginx.conf file:
# Configuración para el backend Django
server {
listen 8000; # Puerto en el que se escucharán las solicitudes al backend
server_name IP localhost example.net www.example.net ; # Dirección IP del servidor
location / {
proxy_pass http://backend:8000; # Nombre del servicio Docker del backend Django
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# Configuración para servir el frontend React y manejar los desafíos de Certbot
server {
listen 80;
server_name IP example.net www.example.net;
# Configuración para servir el frontend React
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri /index.html =404;
}
location /api {
proxy_pass http://backend:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Configuración para manejar los desafíos de Certbot
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
# Configuración SSL
server {
listen 443 ssl;
server_name ip example.net www.example.net;
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri /index.html =404;
}
location /api {
proxy_pass http://backend:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
I am having this problem
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: example.net Type: unauthorized Detail: IP: Invalid response from http://example.net/.well-known/acme-challenge/M9-0ibOqEMBk7v7140FwIlA2Qs-llCWxuSgJc9gl4No: "<!doctype html><html lang="en"><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="
Domain: www.example.net Type: unauthorized Detail: 140.99.164.197: Invalid response from http://www.example.net/.well-known/acme-challenge/3oEOXqPs2qJHls81-ImXqKtoGFE8v5Hc8wWbmqbgjtk: "<!doctype html><html lang="en"><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Upvotes: 0
Views: 87
Answers (1)
Reputation: 1
Have you changed the example.net for this post? In case no, you have to input your domain name in your nginx.conf next to server_name and in you certificate keys (that you have to generate before with your domain name. See https://certbot.eff.org/)
If you want a more simple tool you can use Nginx Proxy Manager, you can dockerize it, and manage directly into the web interface your SSL certificates
https://nginxproxymanager.com/
Upvotes: 0
Related Questions
- Docker can't connect to docker daemon
- nginx + vault in docker reverse proxy
- What is the difference between a Docker image and a container?
- How to deal with persistent storage (e.g. databases) in Docker
- What is the difference between ports and expose in docker-compose?
- How to remove old and unused Docker images
- Nginx -- static file serving confusion with root & alias
- nginx docker proxy_path to an other docker in the server
- Ngnix Jsession changed redirection issue