如何在docker中设置正确的Nginx反向代理配置

Question

I deployed Nginx reverse proxy in docker, and it belong to the bridge network which using 172.16.10.0/24 . And I have the other web app in docker which in different bridge network 172.16.20.0/24 . In order to let Niginx reverse proxy to connect web app, I have set Nginx reverse proxy to join the 172.16.20.0/24 as well.

My web app is hosting in http://localhost:8899, and I have bind host:8899 --> container:80. What I want to try is: when someone visit https://mydomain, and reverse proxy should pass to http://localhost:8899.

My nginx config is as follow:

server {
    listen 80;
    listen [::]:80;
    server_name mydomain;
    return 301 https://$host$request_uri;
}


server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name mydomain;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ssl_certificate /ssl/my_domain_cert.pem;
    ssl_certificate_key /ssl/my_domain.key;

    location / {
        proxy_set_header Host $host;
        proxy_set_header Cookie $http_cookie;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_pass http://localhost:8899;
        proxy_read_timeout 90;
    }
}

However, when i connect to https://mydomain, the error is SSL handshake failed (Error code 525). How should I fix the problem?

Answer 1

The 525 HTTP error means, there is no valid SSL certificate installed.

The nginx conf is searching for the SSL certificate files in these locations:

ssl_certificate /ssl/my_domain_cert.pem;
ssl_certificate_key /ssl/my_domain.key;

Unless you created a SSL certificate in your Dockerfile or created one before and put them in these locations, you have to MANUALLY create a SSL certificate.

How to create a key and pem file:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7
How to get.pem file from.key and.crt files?