search

Valian / docker-nginx-auto-ssl

Docker image for automatic generation of SSL certs using Let's encrypt and Open Resty
https://hub.docker.com/r/valian/docker-nginx-auto-ssl/
MIT License
411 stars 103 forks source link

Giving SSL to a standard wordpress installation #49

Closed cagnulein closed 4 years ago

cagnulein commented 4 years ago

Hi, i'm running a wordpress installation using this https://github.com/nezhar/wordpress-docker-compose

My wordpress-docker-compose is using 80 on my server. So, if i understood well, if i run your docker with this parameter:

export DOMAIN=yourdomain.com
export APP_ADDRESS=localhost:**80**

docker run -d \
  --name nginx-auto-ssl \
  --restart on-failure \
  --network host \
  -e ALLOWED_DOMAINS="$DOMAIN" \
  -e SITES="$DOMAIN=$APP_ADDRESS" \
  -v ssl-data:/etc/resty-auto-ssl \
  valian/docker-nginx-auto-ssl

It should work, isn't it? What do you think? Thanks

P.S. do you have a "buy me a coffee" thing or similar? If it works i would like to say thank you in some way

Valian commented 4 years ago

Hi @cagnulein!

In order for it to work properly, this image should use both port 80 (HTTP) and 443 (HTTPS) on host. Probably right now it won't start, since it won't be able to allocate port 80.

You should change port 80 of docker-compose.yml to something else, like

services:
  wp:
    image: wordpress:latest # https://hub.docker.com/_/wordpress/
    ports:
      - ${IP}:8000:80 # changed to 8000

and then you should be able to start my image using your snippet, just use the correct port:

export APP_ADDRESS=localhost:8000

P.S. do you have a "buy me a coffee" thing or similar? If it works i would like to say thank you in some way

Not yet, but nice to know I've helped someone :hugs: Please close the issue if it's working.

cagnulein commented 4 years ago

Hi @Valian thanks for your answer!

I followed your steps and wordpress works again, but only in http

Infact i checked the logs and i saw these lines at the very beginning:

2020/08/06 09:02:18 [error] 23#23: *6 connect() to [2001:XXa8:6::XX2:2ad0]:80 failed (101: Network unreachable), context: ssl_certificate_by_lua*, client: 62.XXX.XXX.101, server: 0.0.0.0:443
2020/08/06 09:02:18 [error] 23#23: *6 [lua] ssl_certificate.lua:260: set_response_cert(): auto-ssl: failed to set ocsp stapling for XXXX.cloud - continuing anyway - failed to get ocsp response: OCSP responder query failed (http://ocsp.int-x3.letsencrypt.org): network unreachable, context: ssl_certificate_by_lua*, client: XX110.XX.101, server: 0.0.0.0:443
2020/08/06 09:02:18 [error] 23#23: *12 connect() to [2001:XXXX:6::XX2:2ad0]:80 failed (101: Network unreachable), context: ssl_certificate_by_lua*, client: 62.XXX.XXX.101, server: 0.0.0.0:443
2020/08/06 09:02:18 [error] 23#23: *12 [lua] ssl_certificate.lua:260: set_response_cert(): auto-ssl: failed to set ocsp stapling for XXXX.cloud - continuing anyway - failed to get ocsp response: OCSP responder query failed (http://ocsp.int-x3.letsencrypt.org): network unreachable, context: ssl_certificate_by_lua*, client: 62.XXX.XXX.101, server: 0.0.0.0:443
cagnulein commented 4 years ago

I guess i solved in this way:

export RESOLVER_ADDRESS="8.8.8.8 ipv6=off"

Is it correct?

Valian commented 4 years ago

Yes, it tried to use ipv6 to resolve localhost. Another way to solve it would be to use 127.0.0.1 instead of localhost.