jwilder/nginx-proxy: Not able to integrate ssl with Nginx

Question

We are working on setting up multiple website hosting with single port and jwilder/nginx-proxy via SSL, We are able to deploy the solution without ssl and its working fine but while we are trying to put it with SSL its failing on HTTPs Call. Our docker-compose file is as below:

docker-compose.yml

site1:
  build: site1
  environment:
    VIRTUAL_HOST: site1.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

site2:
  build: site2
  environment:
    VIRTUAL_HOST: site2.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

site3:
  build: site3
  environment:
    VIRTUAL_HOST: site3.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

nginx-proxy:
  image: jwilder/nginx-proxy:alpine
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - certs:/etc/nginx/certs:ro

  restart: always
  privileged: true

PS: the "certs" folder is kept in the same folder as the docker-compose file.

Using self signed certificate using openssl

Folder structure is like:

Main_folder-|
            |- docker-compose.yml
            |
            |- certs/.csr and .key files
            |
            |- site1/Dockerfile + Nodejs
            |- site2/Dockerfile + Nodejs
            |- site3/Dockerfile + Nodejs

Please suggest the possible cause of the issue and solution over same.

Output of docker ps:

 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c71b52c3e6bd compose_site3 "/bin/sh -c 'node ..." 3 days ago Up 3 days 80/tcp compose_site3_1 41ffb9ec3983 jwilder/nginx-proxy "/app/docker-entry..." 3 days ago Up 3 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp compose_nginx-proxy_1 a154257c62ec compose_site1 "/bin/sh -c 'node ..." 3 days ago Up 3 days 80/tcp compose_site1_1 3ed556e9287e compose_site2 "/bin/sh -c 'node ..." 3 days ago Up 3 days 80/tcp compose_site2_1 

Answer 1

Your certificate should end with a '.crt' extension, not '.csr'. Also make sure it is named appropriately for the domain, matching the VIRTUAL_HOST variable. According to the documentation :

The certificate and keys should be named after the virtual host with a .crt and .key extension. For example, a container with VIRTUAL_HOST=foo.bar.com should have a foo.bar.com.crt and foo.bar.com.key file in the certs directory.

Answer 2

So after spending so much time on it finally I am able to solve the issue. So for ssl integration with jwilder/nginx-proxy there is no mandate to name the certificate and key in the name of domain instead it can be of any name just you need to mention the certificate name in docker-compose file (I found this approach by just hit and trial). So your docker compose file should look like:

 site1: build: site1 environment: VIRTUAL_HOST: site1.domainlocal.com CERT_NAME: mycertificate volumes: - /etc/ssl/certs:/etc/ssl/certs:ro restart: always site2: build: site2 environment: VIRTUAL_HOST: site2.domainlocal.com CERT_NAME: mycertificate volumes: - /etc/ssl/certs:/etc/ssl/certs:ro restart: always site3: build: site3 environment: VIRTUAL_HOST: site3.domainlocal.com CERT_NAME: mycertificate volumes: - /etc/ssl/certs:/etc/ssl/certs:ro restart: always nginx-proxy: image: jwilder/nginx-proxy:alpine ports: - "80:80" - "443:443" environment: DEFAULT_HOST: domainlocal.com #default host CERT_NAME: mycertificate # Wildcard Certificate name without extension volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - /etc/ssl/certs:/etc/nginx/certs #certificate path in docker container restart: always privileged: true 

and just build and run the compose using "docker-compose up --build" and congrats now you are by on secured layer.