Closed bertalanimre closed 7 years ago
alexeybannov
commented
7 years ago Hi, bertalanimre.
We use nginx for proxying requests to owncloud, documentserver. To configure SSL use http://nginx.org/en/docs/http/configuring_https_servers.html. Only in nginx container 80, 443 ports open to the outside.
bertalanimre
commented
7 years ago Oh, I see your point. I should just edit the nginx.conf you're providing with the repository and include my SSL and server_name there?
alexeybannov
commented
7 years ago Yes, you understand correctly.
bertalanimre
commented
7 years ago Creating nginx-server ... error
ERROR: for nginx-server Cannot start service nginx: driver failed programming external connectivity on endpoint nginx-server (3da4b994c5d5a757b6698f227a16f9dec69df67118f9ae4e340e3b24c6ab1459): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 443 -j DNAT --to-destination 172.18.0.4:443 ! -i br-0f6a8365943f: iptables: No chain/target/match by that name.
(exit status 1))
ERROR: for nginx Cannot start service nginx: driver failed programming external connectivity on endpoint nginx-server (3da4b994c5d5a757b6698f227a16f9dec69df67118f9ae4e340e3b24c6ab1459): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 443 -j DNAT --to-destination 172.18.0.4:443 ! -i br-0f6a8365943f: iptables: No chain/target/match by that name.
(exit status 1))
ERROR: Encountered errors while bringing up the project.What can be wrong? The NginX conf file was modified the following way:
server {
listen 80;
server_name docs.mycompany.com cloud.mycompany.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name docs.mycompany.com cloud.mycompany.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_certificate /etc/nginx/mycompany.crt;
ssl_certificate_key /etc/nginx/mycompany.key;
# Add headers to serve security related headers.... everything else that was already in thereAlso added to docker-compose.yml the 2 SSL files located next to the nginx.conf file:
nginx:
container_name: nginx-server
image: nginx
stdin_open: true
tty: true
restart: always
ports:
- 80:80
- 443:443
networks:
- onlyoffice
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./bitandpixel.crt:/etc/nginx/mycompany.crt
- ./bitandpixel.key:/etc/nginx/mycompany.key
- app_data:/var/www/htmlDo you have an idea what can cause the issue?
alexeybannov
commented
7 years ago What version of docker-compose are you using?
bertalanimre
commented
7 years ago docker-compose version 1.16.1, build 6d1ac21 Docker version 17.07.0-ce, build 8784753
bertalanimre
commented
7 years ago With your settings, it is working. I think the docker image breaks because of the NginX using port 443. With your config, it uses only 80 and most probably the iptables all set up for that. What do you think?
alexeybannov
commented
7 years ago I ran a clean machine on digitalocean hosting. HTTPS works without errors.
bertalanimre
commented
7 years ago What did you modify in your nginx.conf and docker-compose.yml ?
alexeybannov
commented
7 years ago I ran the same as you wrote. Perhaps you have a similar problem, as http://bit.ly/2f4uy1D .
Hey Dev. Team,
Awesome trick you've done there with this collection! However, I wish to ask for help or a HOWTO.