Nginx-proxy: HTTPS connect refused?
My Goal
I wish to use nginx-proxy with SSL enabled to proxy a httpd containers running a static html site.
The traffic should be like: user's browser use https to connect to nginx-proxy, which directs traffic to the httpd server (preferably with HTTPS terminated between the containers since it is a safe environment)
Steps I have made:
- crt and key files with correct domain prefixes are stored in host path
home/user/backups/nginx-reverse-cert - nginx-proxy container command is:
docker run -d -p 80:80 -v /home/user/backups/nginx-reverse-cert:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy - the official httpd container command is:
docker run -d -e VIRTUAL_HOST=web.mydomain.info httpd - I can see
docker psresult as below
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0700ed1274ed httpd "httpd-foreground" 4 minutes ago Up 4 minutes 80/tcp insane_ride
707e9ba1ec95 jwilder/nginx-proxy "/app/docker-entrypoi" 31 minutes ago Up 31 minutes 0.0.0.0:80->80/tcp, 443/tcp furious_wozniak
Issue:
when I access http://web.mydomain.info in browser, it is redirected successfully to https://web.mydomain.info, but with immediate error "This webpage is not available ERR_CONNECTION_REFUSED"
My Questions"
httpdcontainer has exposed port 80 in dockerfile, is this the reason causing the issue?- Or do I need to enable HTTPS in httpd server or something else?
- What should I do in general... ?
xixiaofinland
All 3 comments
Forgot to say, if I try without certs, the website URL works file under HTTP URL
xixiaofinland
on 15 Dec 2015
I just ran into the same thing. Try removing the proxy container completely, and then re-running it.
docker stop <proxy-container>
docker rm <proxy-container>
The issue on my end was related to this:
https://github.com/docker/compose/issues/2308
Docker compose tries to preserve any volumes from previous containers. So I had started the proxy initially without the SSL volume. In the proxy Dockerfile it has its own VOLUME directive which ends up getting preserved through each subsequent run.
The end result of this is your cert volume gets masked by this preserved volume which is presumably empty. Since there are no certs, nginx is denying the connection.
I'm not sure there is any reason to keep the VOLUME directive in the proxy Dockerfile. The proxy container won't generate anything cert related to be preserved, rather certs will always be mounted by whomever is running the image.
gmeans
on 15 Dec 2015
@gmeans you are correct! I remembered that I did several times docker stop docker rm to clean the container status, but always ended up without success!
I did again and immediately launched the HTTPS, now it works like a charm!
Thanks agian @gmeans , I will read the #2308 issue once I have time :)
xixiaofinland
on 15 Dec 2015
Related issues
peperunas
路
4Comments
reyman
路
3Comments
renfyld
路
3Comments
mroberty8
路
3Comments
neryangj
路
3Comments
Most helpful comment
I just ran into the same thing. Try removing the proxy container completely, and then re-running it.
The issue on my end was related to this:
https://github.com/docker/compose/issues/2308
Docker compose tries to preserve any volumes from previous containers. So I had started the proxy initially without the SSL volume. In the proxy Dockerfile it has its own VOLUME directive which ends up getting preserved through each subsequent run.
The end result of this is your cert volume gets masked by this preserved volume which is presumably empty. Since there are no certs, nginx is denying the connection.
I'm not sure there is any reason to keep the VOLUME directive in the proxy Dockerfile. The proxy container won't generate anything cert related to be preserved, rather certs will always be mounted by whomever is running the image.