Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to get letsencrypt working with nginx? #2394

Closed
andytriboletti opened this issue Dec 3, 2019 · 4 comments
Closed

How to get letsencrypt working with nginx? #2394

andytriboletti opened this issue Dec 3, 2019 · 4 comments
Labels
Stale

Comments

@andytriboletti
Copy link

andytriboletti commented Dec 3, 2019
edited

I've tried a variety of different things to get letsencrypt working. My last problem was getting to the .well-known directory. I tried adding a location element to nginx config, but still couldn't get it working.

Info:

  • Docker version ($ docker --version):
    Docker version 19.03.5, build 633a0ea838

  • Laradock commit ($ git rev-parse HEAD):
    23193ba

  • System info (Mac, PC, Linux):
    Linux

  • System info disto/version:
    Ubuntu 18.04.3 LTS

Issue:

Can't get https working.

Expected behavior:

I should be able to get a letsencrypt cert and enable https.

Reproduce:

docker-compose up certbot when using nginx

Relevant Code:

~/adserver/laradock# docker-compose up certbot
Starting laradock_certbot_1 ... 
Starting laradock_certbot_1 ... done
Attaching to laradock_certbot_1
certbot_1              | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot_1              | Plugins selected: Authenticator webroot, Installer None
certbot_1              | Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
certbot_1              | Obtaining a new certificate
certbot_1              | Performing the following challenges:
certbot_1              | http-01 challenge for adserver.greenrobot.com
certbot_1              | Using the webroot path /var/www/letsencrypt for all unmatched domains.
certbot_1              | Waiting for verification...
certbot_1              | Cleaning up challenges
certbot_1              | Failed authorization procedure. adserver.greenrobot.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://adserver.greenrobot.com/.well-known/acme-challenge/uQ3NeLSo8pYsW3mKsiDZt50ET3owgbsM4vRcY3kvxh4 [2600:3c02::f03c:92ff:fe91:6187]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
certbot_1              | IMPORTANT NOTES:
certbot_1              |  - The following errors were reported by the server:
certbot_1              | 
certbot_1              |    Domain: adserver.greenrobot.com
certbot_1              |    Type:   unauthorized
certbot_1              |    Detail: Invalid response from
certbot_1              |    http://adserver.greenrobot.com/.well-known/acme-challenge/uQ3NeLSo8pYsW3mKsiDZt50ET3owgbsM4vRcY3kvxh4
certbot_1              |    [2600:3c02::f03c:92ff:fe91:6187]: "<html>\r\n<head><title>404 Not
certbot_1              |    Found</title></head>\r\n<body>\r\n<center><h1>404 Not
certbot_1              |    Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
certbot_1              | 
certbot_1              |    To fix these errors, please make sure that your domain name was
certbot_1              |    entered correctly and the DNS A/AAAA record(s) for that domain
certbot_1              |    contain(s) the right IP address.
certbot_1              | cp: cannot stat '/etc/letsencrypt/archive/adserver.greenrobot.com/cert1.pem': No such file or directory
certbot_1              | cp: cannot stat '/etc/letsencrypt/archive/adserver.greenrobot.com/privkey1.pem': No such file or directory

I saw this:
https://hub.docker.com/r/linuxserver/letsencrypt/

How would I use this / should I try?
@andytriboletti
Copy link
Author

I tried with this nginx config:

https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622

@andytriboletti
Copy link
Author

andytriboletti commented Dec 8, 2019
edited

Here is my docker-compose.yml file.


networks:
  frontend:
    driver: ${NETWORKS_DRIVER}
  backend:
    driver: ${NETWORKS_DRIVER}

volumes:
  mysql:
    driver: ${VOLUMES_DRIVER}
  percona:
    driver: ${VOLUMES_DRIVER}
  mssql:
    driver: ${VOLUMES_DRIVER}
  postgres:
    driver: ${VOLUMES_DRIVER}
  memcached:
    driver: ${VOLUMES_DRIVER}
  redis:
    driver: ${VOLUMES_DRIVER}
  neo4j:
    driver: ${VOLUMES_DRIVER}
  mariadb:
    driver: ${VOLUMES_DRIVER}
  mongo:
    driver: ${VOLUMES_DRIVER}
  minio:
    driver: ${VOLUMES_DRIVER}
  rethinkdb:
    driver: ${VOLUMES_DRIVER}
  phpmyadmin:
    driver: ${VOLUMES_DRIVER}
  adminer:
    driver: ${VOLUMES_DRIVER}
  aerospike:
    driver: ${VOLUMES_DRIVER}
  caddy:
    driver: ${VOLUMES_DRIVER}
  elasticsearch:
    driver: ${VOLUMES_DRIVER}
  mosquitto:
    driver: ${VOLUMES_DRIVER}
  sonarqube:
    driver: ${VOLUMES_DRIVER}

services:

### Workspace Utilities ##################################
    workspace:
      build:
        context: ./workspace
        args:
          - LARADOCK_PHP_VERSION=${PHP_VERSION}
          - LARADOCK_PHALCON_VERSION=${PHALCON_VERSION}
          - INSTALL_SUBVERSION=${WORKSPACE_INSTALL_SUBVERSION}
          - INSTALL_XDEBUG=${WORKSPACE_INSTALL_XDEBUG}
          - INSTALL_PHPDBG=${WORKSPACE_INSTALL_PHPDBG}
          - INSTALL_BLACKFIRE=${INSTALL_BLACKFIRE}
          - INSTALL_SSH2=${WORKSPACE_INSTALL_SSH2}
          - INSTALL_GMP=${WORKSPACE_INSTALL_GMP}
          - INSTALL_SOAP=${WORKSPACE_INSTALL_SOAP}
          - INSTALL_XSL=${WORKSPACE_INSTALL_XSL}
          - INSTALL_LDAP=${WORKSPACE_INSTALL_LDAP}
          - INSTALL_IMAP=${WORKSPACE_INSTALL_IMAP}
          - INSTALL_MONGO=${WORKSPACE_INSTALL_MONGO}
          - INSTALL_AMQP=${WORKSPACE_INSTALL_AMQP}
          - INSTALL_PHPREDIS=${WORKSPACE_INSTALL_PHPREDIS}
          - INSTALL_MSSQL=${WORKSPACE_INSTALL_MSSQL}
          - INSTALL_NODE=${WORKSPACE_INSTALL_NODE}
          - NPM_REGISTRY=${WORKSPACE_NPM_REGISTRY}
          - INSTALL_YARN=${WORKSPACE_INSTALL_YARN}
          - INSTALL_NPM_GULP=${WORKSPACE_INSTALL_NPM_GULP}
          - INSTALL_NPM_BOWER=${WORKSPACE_INSTALL_NPM_BOWER}
          - INSTALL_NPM_VUE_CLI=${WORKSPACE_INSTALL_NPM_VUE_CLI}
          - INSTALL_NPM_ANGULAR_CLI=${WORKSPACE_INSTALL_NPM_ANGULAR_CLI}
          - INSTALL_DRUSH=${WORKSPACE_INSTALL_DRUSH}
          - INSTALL_WP_CLI=${WORKSPACE_INSTALL_WP_CLI}
          - INSTALL_DRUPAL_CONSOLE=${WORKSPACE_INSTALL_DRUPAL_CONSOLE}
          - INSTALL_AEROSPIKE=${WORKSPACE_INSTALL_AEROSPIKE}
          - INSTALL_V8JS=${WORKSPACE_INSTALL_V8JS}
          - COMPOSER_GLOBAL_INSTALL=${WORKSPACE_COMPOSER_GLOBAL_INSTALL}
          - COMPOSER_AUTH=${WORKSPACE_COMPOSER_AUTH}
          - COMPOSER_REPO_PACKAGIST=${WORKSPACE_COMPOSER_REPO_PACKAGIST}
          - INSTALL_WORKSPACE_SSH=${WORKSPACE_INSTALL_WORKSPACE_SSH}
          - INSTALL_LARAVEL_ENVOY=${WORKSPACE_INSTALL_LARAVEL_ENVOY}
          - INSTALL_LARAVEL_INSTALLER=${WORKSPACE_INSTALL_LARAVEL_INSTALLER}
          - INSTALL_DEPLOYER=${WORKSPACE_INSTALL_DEPLOYER}
          - INSTALL_PRESTISSIMO=${WORKSPACE_INSTALL_PRESTISSIMO}
          - INSTALL_LINUXBREW=${WORKSPACE_INSTALL_LINUXBREW}
          - INSTALL_MC=${WORKSPACE_INSTALL_MC}
          - INSTALL_SYMFONY=${WORKSPACE_INSTALL_SYMFONY}
          - INSTALL_PYTHON=${WORKSPACE_INSTALL_PYTHON}
          - INSTALL_IMAGE_OPTIMIZERS=${WORKSPACE_INSTALL_IMAGE_OPTIMIZERS}
          - INSTALL_IMAGEMAGICK=${WORKSPACE_INSTALL_IMAGEMAGICK}
          - INSTALL_TERRAFORM=${WORKSPACE_INSTALL_TERRAFORM}
          - INSTALL_DUSK_DEPS=${WORKSPACE_INSTALL_DUSK_DEPS}
          - INSTALL_PG_CLIENT=${WORKSPACE_INSTALL_PG_CLIENT}
          - INSTALL_PHALCON=${WORKSPACE_INSTALL_PHALCON}
          - INSTALL_SWOOLE=${WORKSPACE_INSTALL_SWOOLE}
          - INSTALL_LIBPNG=${WORKSPACE_INSTALL_LIBPNG}
          - INSTALL_IONCUBE=${WORKSPACE_INSTALL_IONCUBE}
          - INSTALL_MYSQL_CLIENT=${WORKSPACE_INSTALL_MYSQL_CLIENT}
          - PUID=${WORKSPACE_PUID}
          - PGID=${WORKSPACE_PGID}
          - CHROME_DRIVER_VERSION=${WORKSPACE_CHROME_DRIVER_VERSION}
          - NODE_VERSION=${WORKSPACE_NODE_VERSION}
          - YARN_VERSION=${WORKSPACE_YARN_VERSION}
          - DRUSH_VERSION=${WORKSPACE_DRUSH_VERSION}
          - TZ=${WORKSPACE_TIMEZONE}
          - BLACKFIRE_CLIENT_ID=${BLACKFIRE_CLIENT_ID}
          - BLACKFIRE_CLIENT_TOKEN=${BLACKFIRE_CLIENT_TOKEN}
          - INSTALL_POWERLINE=${WORKSPACE_INSTALL_POWERLINE}
          - INSTALL_FFMPEG=${WORKSPACE_INSTALL_FFMPEG}
          - INSTALL_GNU_PARALLEL=${WORKSPACE_INSTALL_GNU_PARALLEL}
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
      extra_hosts:
        - "dockerhost:${DOCKER_HOST_IP}"
      ports:
        - "${WORKSPACE_SSH_PORT}:22"
      tty: true
      environment:
        - PHP_IDE_CONFIG=${PHP_IDE_CONFIG}
        - DOCKER_HOST=tcp://docker-in-docker:2375
      networks:
        - frontend
        - backend
      links:
        - docker-in-docker

### PHP-FPM ##############################################
    php-fpm:
      build:
        context: ./php-fpm
        args:
          - LARADOCK_PHP_VERSION=${PHP_VERSION}
          - LARADOCK_PHALCON_VERSION=${PHALCON_VERSION}
          - INSTALL_XDEBUG=${PHP_FPM_INSTALL_XDEBUG}
          - INSTALL_PHPDBG=${PHP_FPM_INSTALL_PHPDBG}
          - INSTALL_BLACKFIRE=${INSTALL_BLACKFIRE}
          - INSTALL_SSH2=${PHP_FPM_INSTALL_SSH2}
          - INSTALL_SOAP=${PHP_FPM_INSTALL_SOAP}
          - INSTALL_XSL=${PHP_FPM_INSTALL_XSL}
          - INSTALL_IMAP=${PHP_FPM_INSTALL_IMAP}
          - INSTALL_MONGO=${PHP_FPM_INSTALL_MONGO}
          - INSTALL_AMQP=${PHP_FPM_INSTALL_AMQP}
          - INSTALL_MSSQL=${PHP_FPM_INSTALL_MSSQL}
          - INSTALL_BCMATH=${PHP_FPM_INSTALL_BCMATH}
          - INSTALL_GMP=${PHP_FPM_INSTALL_GMP}
          - INSTALL_PHPREDIS=${PHP_FPM_INSTALL_PHPREDIS}
          - INSTALL_MEMCACHED=${PHP_FPM_INSTALL_MEMCACHED}
          - INSTALL_OPCACHE=${PHP_FPM_INSTALL_OPCACHE}
          - INSTALL_EXIF=${PHP_FPM_INSTALL_EXIF}
          - INSTALL_AEROSPIKE=${PHP_FPM_INSTALL_AEROSPIKE}
          - INSTALL_MYSQLI=${PHP_FPM_INSTALL_MYSQLI}
          - INSTALL_PGSQL=${PHP_FPM_INSTALL_PGSQL}
          - INSTALL_PG_CLIENT=${PHP_FPM_INSTALL_PG_CLIENT}
          - INSTALL_POSTGIS=${PHP_FPM_INSTALL_POSTGIS}
          - INSTALL_INTL=${PHP_FPM_INSTALL_INTL}
          - INSTALL_GHOSTSCRIPT=${PHP_FPM_INSTALL_GHOSTSCRIPT}
          - INSTALL_LDAP=${PHP_FPM_INSTALL_LDAP}
          - INSTALL_PHALCON=${PHP_FPM_INSTALL_PHALCON}
          - INSTALL_SWOOLE=${PHP_FPM_INSTALL_SWOOLE}
          - INSTALL_IMAGE_OPTIMIZERS=${PHP_FPM_INSTALL_IMAGE_OPTIMIZERS}
          - INSTALL_IMAGEMAGICK=${PHP_FPM_INSTALL_IMAGEMAGICK}
          - INSTALL_CALENDAR=${PHP_FPM_INSTALL_CALENDAR}
          - INSTALL_FAKETIME=${PHP_FPM_INSTALL_FAKETIME}
          - INSTALL_IONCUBE=${PHP_FPM_INSTALL_IONCUBE}
          - INSTALL_APCU=${PHP_FPM_INSTALL_APCU}
          - INSTALL_YAML=${PHP_FPM_INSTALL_YAML}
          - INSTALL_RDKAFKA=${PHP_FPM_INSTALL_RDKAFKA}
          - INSTALL_ADDITIONAL_LOCALES=${PHP_FPM_INSTALL_ADDITIONAL_LOCALES}
          - INSTALL_MYSQL_CLIENT=${PHP_FPM_INSTALL_MYSQL_CLIENT}
          - ADDITIONAL_LOCALES=${PHP_FPM_ADDITIONAL_LOCALES}
          - INSTALL_FFMPEG=${PHP_FPM_FFMPEG}
      volumes:
        - ./php-fpm/php${PHP_VERSION}.ini:/usr/local/etc/php/php.ini
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
      expose:
        - "9000"
      extra_hosts:
        - "dockerhost:${DOCKER_HOST_IP}"
      environment:
        - PHP_IDE_CONFIG=${PHP_IDE_CONFIG}
        - DOCKER_HOST=tcp://docker-in-docker:2375
        - FAKETIME=${PHP_FPM_FAKETIME}
      depends_on:
        - workspace
      networks:
        - backend
      links:
        - docker-in-docker

### PHP Worker ############################################
    php-worker:
      build:
        context: ./php-worker
        args:
          - PHP_VERSION=${PHP_VERSION}
          - PHALCON_VERSION=${PHALCON_VERSION}
          - INSTALL_PGSQL=${PHP_WORKER_INSTALL_PGSQL}
          - INSTALL_BCMATH=${PHP_WORKER_INSTALL_BCMATH}
          - INSTALL_PHALCON=${PHP_WORKER_INSTALL_PHALCON}
          - INSTALL_SOAP=${PHP_WORKER_INSTALL_SOAP}
          - INSTALL_ZIP_ARCHIVE=${PHP_WORKER_INSTALL_ZIP_ARCHIVE}
          - INSTALL_MYSQL_CLIENT=${PHP_WORKER_INSTALL_MYSQL_CLIENT}
          - INSTALL_AMQP=${PHP_WORKER_INSTALL_AMQP}
          - INSTALL_GHOSTSCRIPT=${PHP_WORKER_INSTALL_GHOSTSCRIPT}
          - INSTALL_SWOOLE=${PHP_WORKER_INSTALL_SWOOLE}
          - INSTALL_FFMPEG=${PHP_WORKER_INSTALL_FFMPEG}
          - PUID=${PHP_WORKER_PUID}
          - PGID=${PHP_WORKER_PGID}
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
        - ./php-worker/supervisord.d:/etc/supervisord.d
      depends_on:
        - workspace
      extra_hosts:
        - "dockerhost:${DOCKER_HOST_IP}"
      networks:
        - backend
### Laravel Horizon ############################################
    laravel-horizon:
      build:
        context: ./laravel-horizon
        args:
          - PHP_VERSION=${PHP_VERSION}
          - INSTALL_PGSQL=${PHP_FPM_INSTALL_PGSQL}
          - INSTALL_BCMATH=${PHP_FPM_INSTALL_BCMATH}
          - INSTALL_MEMCACHED=${PHP_FPM_INSTALL_MEMCACHED}
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}
        - ./laravel-horizon/supervisord.d:/etc/supervisord.d
      depends_on:
        - workspace
      extra_hosts:
        - "dockerhost:${DOCKER_HOST_IP}"
      networks:
        - backend

### NGINX Server #########################################
    nginx:
      build:
        context: ./nginx
        args:
          - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER}
          - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT}
          - CHANGE_SOURCE=${CHANGE_SOURCE}
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
        - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
        - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
        - ${NGINX_SSL_PATH}:/etc/nginx/ssl
        - ./data/certbot/certs/:/var/certs
        - ./certbot/letsencrypt/:/var/www/letsencrypt
      ports:
        - "${NGINX_HOST_HTTP_PORT}:80"
        - "${NGINX_HOST_HTTPS_PORT}:443"
      depends_on:
        - php-fpm
      networks:
        - frontend
        - backend


### MariaDB ##############################################
    mariadb:
      build: ./mariadb
      volumes:
        - ${DATA_PATH_HOST}/mariadb:/var/lib/mysql
        - ${MARIADB_ENTRYPOINT_INITDB}:/docker-entrypoint-initdb.d
      ports:
        - "${MARIADB_PORT}:3306"
      environment:
        - MYSQL_DATABASE=${MARIADB_DATABASE}
        - MYSQL_USER=${MARIADB_USER}
        - MYSQL_PASSWORD=${MARIADB_PASSWORD}
        - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
      networks:
        - backend


### Memcached ############################################
    memcached:
      build: ./memcached
      volumes:
        - ${DATA_PATH_HOST}/memcached:/var/lib/memcached
      ports:
        - "${MEMCACHED_HOST_PORT}:11211"
      depends_on:
        - php-fpm
      networks:
        - backend

### Caddy Server #########################################
    caddy:
      build: ./caddy
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
        - ${CADDY_CONFIG_PATH}:/etc/caddy
        - ${CADDY_HOST_LOG_PATH}:/var/log/caddy
        - ${DATA_PATH_HOST}:/root/.caddy
      ports:
        - "${CADDY_HOST_HTTP_PORT}:80"
        - "${CADDY_HOST_HTTPS_PORT}:443"
      depends_on:
        - php-fpm
      networks:
        - frontend
        - backend
# 
# ### phpMyAdmin ###########################################
#     phpmyadmin:
#       build: ./phpmyadmin
#       environment:
#         - PMA_ARBITRARY=1
#         - MYSQL_USER=${PMA_USER}
#         - MYSQL_PASSWORD=${PMA_PASSWORD}
#         - MYSQL_ROOT_PASSWORD=${PMA_ROOT_PASSWORD}
#       ports:
#         - "${PMA_PORT}:80"
#       depends_on:
#         - "${PMA_DB_ENGINE}"
#       networks:
#         - frontend
#         - backend

### Certbot #########################################
    certbot:
      build:
        context: ./certbot
      volumes:
        - ./data/certbot/certs/:/var/certs
        - ./certbot/letsencrypt/:/var/www/letsencrypt
      environment:
        - CN=adserver.greenrobot.com
        - EMAIL=andy@greenrobot.com
      networks:
        - frontend
      volumes:
       - ./data/certbot/conf:/etc/letsencrypt
       - ./data/certbot/www:/var/www/letsencrypt



### Docker-in-Docker ################################################
    docker-in-docker:
      image: docker:dind
      privileged: true
      volumes:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}
      expose:
        - 2375
      networks:
        - backend

@stale
Copy link

stale bot commented Mar 7, 2020

Hi 👋 this issue has been automatically marked as stale 📌 because it has not had recent activity 😴. It will be closed if no further activity occurs. Thank you for your contributions ❤️.

@stale stale bot added the Stale label Mar 7, 2020
@stale
Copy link

stale bot commented Mar 28, 2020

Hi again 👋 we would like to inform you that this issue has been automatically closed 🔒 because it had not recent activity during the stale period. We really really appreciate your contributions, and looking forward for more in the future 🎈.

@stale stale bot closed this as completed Mar 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andytriboletti