Closed bertalanimre closed 7 years ago
Hi, bertalanimre.
We use nginx for proxying requests to owncloud, documentserver. To configure SSL use http://nginx.org/en/docs/http/configuring_https_servers.html. Only in nginx container 80, 443 ports open to the outside.
Oh, I see your point. I should just edit the nginx.conf you're providing with the repository and include my SSL and server_name there?
Yes, you understand correctly.
Creating nginx-server ... error
ERROR: for nginx-server Cannot start service nginx: driver failed programming external connectivity on endpoint nginx-server (3da4b994c5d5a757b6698f227a16f9dec69df67118f9ae4e340e3b24c6ab1459): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 443 -j DNAT --to-destination 172.18.0.4:443 ! -i br-0f6a8365943f: iptables: No chain/target/match by that name.
(exit status 1))
ERROR: for nginx Cannot start service nginx: driver failed programming external connectivity on endpoint nginx-server (3da4b994c5d5a757b6698f227a16f9dec69df67118f9ae4e340e3b24c6ab1459): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 443 -j DNAT --to-destination 172.18.0.4:443 ! -i br-0f6a8365943f: iptables: No chain/target/match by that name.
(exit status 1))
ERROR: Encountered errors while bringing up the project.
What can be wrong? The NginX conf file was modified the following way:
server {
listen 80;
server_name docs.mycompany.com cloud.mycompany.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name docs.mycompany.com cloud.mycompany.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_certificate /etc/nginx/mycompany.crt;
ssl_certificate_key /etc/nginx/mycompany.key;
# Add headers to serve security related headers.... everything else that was already in there
Also added to docker-compose.yml the 2 SSL files located next to the nginx.conf file:
nginx:
container_name: nginx-server
image: nginx
stdin_open: true
tty: true
restart: always
ports:
- 80:80
- 443:443
networks:
- onlyoffice
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./bitandpixel.crt:/etc/nginx/mycompany.crt
- ./bitandpixel.key:/etc/nginx/mycompany.key
- app_data:/var/www/html
Do you have an idea what can cause the issue?
What version of docker-compose are you using?
docker-compose version 1.16.1, build 6d1ac21 Docker version 17.07.0-ce, build 8784753
With your settings, it is working. I think the docker image breaks because of the NginX using port 443. With your config, it uses only 80 and most probably the iptables all set up for that. What do you think?
I ran a clean machine on digitalocean hosting. HTTPS works without errors.
What did you modify in your nginx.conf and docker-compose.yml ?
I ran the same as you wrote. Perhaps you have a similar problem, as http://bit.ly/2f4uy1D .
Hey Dev. Team,
Awesome trick you've done there with this collection! However, I wish to ask for help or a HOWTO.