I am currently working to setup Docker in order to deploy the website I created. However, I'm stuck at the level of configuring https with Nginx and Certbot.
Here is everything I did :
- Bought a domain name on OVH Cloud and added an A entry in the DNS pointing to my local windows machine (on which i run the containers to test if the website is working)
- Created the docker-compose.yml file with the following content :
services: mysql_database: build: ./database environment: MYSQL_ROOT_PASSWORD: test MYSQL_DATABASE: ranking ports: - 3316:3306 flask-api: build: ./server environment: MYSQL_HOST: mysql_database MYSQL_PORT: 3306 MYSQL_DATABASE: ranking MYSQL_USER: root MYSQL_PASSWORD: test DEBUG: False SMASHGG_API_KEY: 1132567b3267 depends_on: - mysql_database frontend: build: ./client ports: - 80:80 - 443:443 volumes: - ./certbot/www/:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl/:ro depends_on: - flask-api certbot: image: certbot/certbot:latest volumes: - ./certbot/www/:/var/www/certbot/:rw - ./certbot/conf/:/ect/letsencrypt/:rw- Where the frontend service is build using this Dockerfile :
# Utiliser une image Nginx de baseFROM nginx:latest# Supprimer le fichier de configuration par défaut de NginxRUN rm /etc/nginx/conf.d/default.conf# Copier le fichier de configuration personnaliséCOPY nginx.conf /etc/nginx/conf.d# Copier les fichiers de build de Vue.js dans le répertoire d'hébergement de NginxCOPY dist/ /usr/share/nginx/html# Exposer le port 80 pour le serveur webEXPOSE 80- And the nginx.conf file is this one :
events { worker_connections 1024; } http { server { listen 80; server_name seeding.gg www.seeding.gg; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name seeding.gg www.seeding.gg; ssl_certificate /etc/nginx/ssl/live/seeding.gg/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/seeding.gg/privkey.pem; location / { root /usr/share/nginx/html; index index.html; try_files $uri $uri/ /index.html; } location /api/ { proxy_pass http://flask-api:5000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } }- Created a folder named certbot that contains 2 folders named conf and www that are currently empty (for the volumes)
- Added 1 inbound rule to my firewall for ports 80 and 443
- Added 1 outbound rule to my firewall for ports 80 and 443
However, when I run the command docker compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d www.seeding.gg to get the certificates, I get the following error :
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: www.seeding.gg Type: dns Detail: no valid A records found for www.seeding.gg; no valid AAAA records found for www.seeding.ggHint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.Some challenges have failed.Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.Could you help me with this issue please ?