Native Nginx reverse proxy to Docker container with Letsencrypt

Question

I have an ubuntu 18.0.4 lts box with nginx installed and configuered as a reverse proxy:

/etc/nginx/sites-enabled/default :

server {
    server_name example.com;
    location / {
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   Host             $host;

        proxy_pass http://0.0.0.0:3000;

}

I have a website running in a docker container listening on port 3000. With this configuration if I browse to http://example.com I see the site.

I've then installed LetsEncypt using the standard install from their website then I run sudo certbot --nginx and follow the instructions to enable https for mydomain.com.

Now my etc/nginx/sites-enabled/default looks like this and i'm unable to load the site on both https://example.com and http://example.com :

server {
    server_name example.com;
    location / {
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   Host             $host;

        proxy_pass http://0.0.0.0:3000;

   }



listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

Any ideas?

Answer 1

I figured it out. The problem wasn't with my nginx/letsencrypt config it was a networking issue at the provider level (azure).

I noticed the Network Security Group only allowed traffic on port 80. The solution was to add a rule for 443.

After adding this rule everything now works as expected.