Docker Lets Encrypt SSL

Setup and configuration
1

I’ll start off by saying I’m pretty new to docker. Also, if this is not the appropriate avenue for my question please feel free to direct where I need to go. Has anyone successfully run the lora app server via docker with a lets encrypt cert and nginx reverse proxy? I’ve tried with the nginx reverse proxy docker image at https://github.com/DanielDent/docker-nginx-ssl-proxy but have failed. This is what my docker-compose.yml looks like:

    version: "3"

    services:
      nginx-ssl-proxy:
    image: danieldent/nginx-ssl-proxy
    restart: always
    environment:
      UPSTREAM: localhost:8080
      SERVERNAME: my.domain.com
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/etc/letsencrypt"

      loraserver:
    image: loraserver/loraserver:2
    volumes:
      - ./configuration/loraserver:/etc/loraserver

      appserver:
    image:  loraserver/lora-app-server:2
    ports:
      - 8080:8080
    volumes:
      - ./configuration/lora-app-server:/etc/lora-app-server

      gatewaybridge:
    image: loraserver/lora-gateway-bridge:2
    ports:
      - 1700:1700/udp
    volumes:
      - ./configuration/lora-gateway-bridge:/etc/lora-gateway-bridge

      geoserver:
    image: loraserver/lora-geo-server:2
    volumes:
      - ./configuration/lora-geo-server:/etc/lora-geo-server

      postgresql:
    image: postgres:9.6-alpine
    volumes:
      - ./configuration/postgresql/initdb:/docker-entrypoint-initdb.d
      - postgresqldata:/var/lib/postgresql/data

      redis:
    image: redis:4-alpine
    volumes:
      - redisdata:/data

      mosquitto:
    image: eclipse-mosquitto
    ports:
      - 1883:1883

    volumes:
      postgresqldata:
      redisdata:

When I navigate to http://my.domain.com:8080 I’m redirected to http://my.domain.com:8080/#/login instead of https://my.domain.com. And when I try to navigate directly to https://my.domain.com I see a 502 Bad Gateway error. On the node itself, I keep seeing the following error log:

nginx-ssl-proxy_1 | 2019/04/15 21:14:55 [error] 164#164: *19 no live upstreams while connecting to upstream, client: [my.ip] , server: my.domain.com, request: "GET / HTTP/2.0", upstream: "http://origin/", host: "my.domain.com"

Anyone know what I’m missing here?

2

In all honesty, I’d get LoRaServer.io working with TLS certs and without docker first.

Once that’s working, you can look at how the docker containers fit together, but if you don’t understand how the platform fits together without docker, it’s going to be a lot harder with an added layer of abstraction.

If you install without Docker, then you can update the config files to all point to the same certs, and then from there you can work out how to get those certs into the containers.

FWIW, we’re using LetsEncrypt quite happily with LoRaServer.io, just remember to configure NGinx to serve the full-chain cert, not just the “normal” cert, otherwise you’ll get errors all over the place.

1 Like
3

In case anyone else is trying to do this, I found the issue. After running docker-compose up, you need to get into the nginx container (run docker ps to obtain the container name). After you’re in the container open /etc/nginx/conf.d/default.conf And edited this line proxy_pass http://your.domain.com:8080

Again if you’re new to docker, after you get the container name, run the following to get into the container:

docker exec -it container-name_1 bash

1 Like
4

Glad to see you solved it. :slight_smile:

5

Thanks tbhuku
Instead of edit the file inside the container. I “cat default.conf”, copy the text to make a new file (ex. proxy.conf) at the host machine, edit the file at the line with “proxy_pass http://origin;” change as what you suggested, and finally edit the file “docker-compose.yml” to add to the volumes: to copy the file when “docker-compose up”


nginx-ssl-proxy:
image: danieldent/nginx-ssl-proxy
restart: always
environment:
UPSTREAM: localhost:8080
SERVERNAME: <your.domain.com>
ports:
- “80:80”
- “443:443”
volumes:
- “/etc/letsencrypt”
- ./proxy.conf:/etc/nginx/conf.d/default.conf

6

Does anyone notice that this danieldent/nginx-ssl-proxy container is renewing the Lets encrypt certificate every 5 minutes, not every 60 days as specified in the Git Hub?
GitHub - DanielDent/docker-nginx-ssl-proxy: SSL Front-End Proxy With Automatic Free Certificate Management