search

Valian / docker-nginx-auto-ssl

Docker image for automatic generation of SSL certs using Let's encrypt and Open Resty
https://hub.docker.com/r/valian/docker-nginx-auto-ssl/
MIT License
411 stars 103 forks source link

400 The plain HTTP request was sent to HTTPS port #58

Closed cryptobench closed 1 year ago

cryptobench commented 1 year ago

When sending a request to the container, it redirects me from HTTP to HTTPS and then this error comes up 400 The plain HTTP request was sent to HTTPS port

It happens on every single request and i'm not able to get further.

image

Here's a screenshot that shows 3 tries with HTTPS and one try with HTTP which resulted in 301 and then HTTP 400 afterwards.

Nginx.conf 

worker_processes auto;

worker_rlimit_nofile 100000;

events {
  worker_connections 4000;
}

http {
  include mime.types;
  default_type application/octet-stream;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  server_tokens off;

  # reasonable default, as 1MB is almost always not enough
  client_max_body_size 100M;

  # enable gzip support
  include server-gzip.conf;

  # auto-ssl lua magic for automatic generation of certs
  include resty-http.conf;

  server {
    listen 80 default_server;
    proxy_set_header Host $host;
    include resty-server-http.conf;
  }

  include /etc/nginx/conf.d/*.conf;
}

Sample config inside conf.d


# this configuration will be used for each server
# specified using $SITES variable
# more in README

server {
  listen 443 ssl;
  server_name golemgrid.dev;

  include resty-server-https.conf;

  location / {
    proxy_pass http://django:8002;
  }
}

Any clue as to why this might happen?

cryptobench commented 1 year ago

FIXED! Finally!

If anyone is running this behind traefik, the way this was solved was by adding the following labels to the service 

      labels:
        - traefik.enable=true
        - traefik.http.routers.autossl.rule=HostRegexp(`{host:.+}`)
        - traefik.http.routers.autossl.entrypoints=web
        - traefik.http.routers.autossl.service=svc_foo@docker
        - traefik.http.services.svc_foo.loadbalancer.server.port=80
        - traefik.http.routers.autossl.priority=50
        - traefik.docker.network=deploy
        - traefik.http.routers.auto.rule=HostRegexp(`{host:.+}`)
        - traefik.http.routers.auto.service=svc_bar@docker
        - traefik.http.routers.auto.tls=true
        - traefik.http.routers.auto.entrypoints=web-secure
        - traefik.http.services.svc_bar.loadbalancer.server.port=443
        - traefik.http.services.svc_bar.loadbalancer.server.scheme=https

And to the traefik service itself

- --serversTransport.insecureSkipVerify=true