search

DanielDent / docker-nginx-ssl-proxy

SSL Front-End Proxy With Automatic Free Certificate Management
https://hub.docker.com/r/danieldent/nginx-ssl-proxy/
Other
204 stars 68 forks source link

Not creating certificates #6

Closed aharonamir closed 6 years ago

aharonamir commented 6 years ago

Hi, I have copied the docker-compose configuration from here and started a working nginx upstream server on my host mapped to port 8080, put it in the UPSTREAM, I always get the 404 in the logs:

nginx-ssl-proxy_1 | [s6-init] making user provided files available at /var/run/s6/etc...exited 0. nginx-ssl-proxy_1 | [s6-init] ensuring user provided files have correct perms...exited 0. nginx-ssl-proxy_1 | [fix-attrs.d] applying ownership & permissions fixes... nginx-ssl-proxy_1 | [fix-attrs.d] done. nginx-ssl-proxy_1 | [cont-init.d] executing container initialization scripts... nginx-ssl-proxy_1 | [cont-init.d] done. nginx-ssl-proxy_1 | [services.d] starting services nginx-ssl-proxy_1 | [services.d] done. nginx-ssl-proxy_1 | Waiting for Nginx to come up... nginx-ssl-proxy_1 | 2018/02/04 09:43:08 [ DEBUG ] Parsing environment references in '/etc/nginx/conf.d/default.conf' nginx-ssl-proxy_1 | 2018/02/04 09:43:08 [ DEBUG ] Expanding reference to 'UPSTREAM' to value '139.59.191.99:8080' nginx-ssl-proxy_1 | 2018/02/04 09:43:08 [ DEBUG ] Expanding reference to 'SERVERNAME' to value 'commetoo.com' nginx-ssl-proxy_1 | 2018/02/04 09:43:08 [ DEBUG ] Expanding reference to 'SERVERNAME' to value 'commetoo.com' nginx-ssl-proxy_1 | % Total % Received % Xferd Average Speed Time Time Time Current nginx-ssl-proxy_1 | Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused nginx-ssl-proxy_1 | 2018/02/04 09:43:08 [warn] 129#129: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/etc/letsencrypt/fullchain-copy.pem" nginx-ssl-proxy_1 | nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/etc/letsencrypt/fullchain-copy.pem" nginx-ssl-proxy_1 | % Total % Received % Xferd Average Speed Time Time Time Current nginx-ssl-proxy_1 | Dload Upload Total Spent Left Speed 100 178 100 178 0 0 269k 0 --:--:-- --:--:-- --:--:-- 173k nginx-ssl-proxy_1 | 127.0.0.1 - - [04/Feb/2018:09:43:09 +0000] "GET / HTTP/1.1" 301 178 "-" "curl/7.52.1" "-" nginx-ssl-proxy_1 | nginx-ssl-proxy_1 | 301 Moved Permanently nginx-ssl-proxy_1 | nginx-ssl-proxy_1 |

301 Moved Permanently

nginx-ssl-proxy_1 |
nginx
nginx-ssl-proxy_1 | nginx-ssl-proxy_1 | nginx-ssl-proxy_1 | Nginx has arrived. nginx-ssl-proxy_1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log nginx-ssl-proxy_1 | Registering without email! nginx-ssl-proxy_1 | Obtaining a new certificate nginx-ssl-proxy_1 | Performing the following challenges: nginx-ssl-proxy_1 | http-01 challenge for commetoo.com nginx-ssl-proxy_1 | http-01 challenge for www.commetoo.com nginx-ssl-proxy_1 | Using the webroot path /usr/share/nginx/html for all unmatched domains. nginx-ssl-proxy_1 | Waiting for verification... nginx-ssl-proxy_1 | 66.133.109.36 - - [04/Feb/2018:09:43:13 +0000] "GET /.well-known/acme-challenge/wR-HDKHnam4jxDtGQUko_qAruI4d-iZfKPfaifdsV7w HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-" nginx-ssl-proxy_1 | Cleaning up challenges nginx-ssl-proxy_1 | Failed authorization procedure. www.commetoo.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.commetoo.com/.well-known/acme-challenge/wFJAz-30KN23usg8KIy-9FRz91pObi9dv4-1K3Ygr58: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> nginx-ssl-proxy_1 | nginx-ssl-proxy_1 | 404 Not Found nginx-ssl-proxy_1 | nginx-ssl-proxy_1 |

Not Found

nginx-ssl-proxy_1 | <p" nginx-ssl-proxy_1 | IMPORTANT NOTES: nginx-ssl-proxy_1 | - The following errors were reported by the server: nginx-ssl-proxy_1 | nginx-ssl-proxy_1 | Domain: www.commetoo.com nginx-ssl-proxy_1 | Type: unauthorized nginx-ssl-proxy_1 | Detail: Invalid response from nginx-ssl-proxy_1 | http://www.commetoo.com/.well-known/acme-challenge/wFJAz-30KN23usg8KIy-9FRz91pObi9dv4-1K3Ygr58: nginx-ssl-proxy_1 | "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> nginx-ssl-proxy_1 | nginx-ssl-proxy_1 | 404 Not Found nginx-ssl-proxy_1 | nginx-ssl-proxy_1 |

Not Found

nginx-ssl-proxy_1 | <p" nginx-ssl-proxy_1 | nginx-ssl-proxy_1 | To fix these errors, please make sure that your domain name was nginx-ssl-proxy_1 | entered correctly and the DNS A record(s) for that domain nginx-ssl-proxy_1 | contain(s) the right IP address. nginx-ssl-proxy_1 | - Your account credentials have been saved in your Certbot nginx-ssl-proxy_1 | configuration directory at /etc/letsencrypt. You should make a nginx-ssl-proxy_1 | secure backup of this folder now. This configuration directory will nginx-ssl-proxy_1 | also contain certificates and private keys obtained by Certbot so nginx-ssl-proxy_1 | making regular backups of this folder is ideal.

I can ping my domain commetoo.com and get the correct ip. The compose file:

nginx-ssl-proxy: image: danieldent/nginx-ssl-proxy restart: always environment: UPSTREAM: 139.59.191.99:8080 SERVERNAME: commetoo.com EXTRANAMES: www.commetoo.com ports:

  • "80:80"
  • "443:443" volumes:
  • "/etc/letsencrypt" networks:
  • backend

Any Ideas?

xiaods commented 6 years ago

remove EXTRANAMES: www.commetoo.com

aharonamir commented 6 years ago

thanks, will try