Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

500 Internal Server Error #2302

Open
backupandforkacc opened this issue Sep 17, 2023 · 8 comments
Open

500 Internal Server Error #2302

backupandforkacc opened this issue Sep 17, 2023 · 8 comments

Comments

@backupandforkacc
Copy link

backupandforkacc commented Sep 17, 2023
edited

I moved some docker container to another system recently. Everyhing worked on the old machine. Started the containers on the new machine, but got:

500 Internal Server Error
grafik

Here is how I started the testserver:
docker run -d --name testserver --network nextcloudpi -p 8086:8080 -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro -e 'LETSENCRYPT_EMAIL=letsencrypt@regenpost.de' -e 'LETSENCRYPT_HOST=test.bardhome.de, test.bardhome.eu' -e 'VIRTUAL_HOST=test.bardhome.de, test.bardhome.eu' nginxdemos/nginx-hello

and nginx-proxy:
docker run --detach --name nginx-proxy --publish 80:80 --publish 443:443 --volume /docker/volumes/letsencrypt:/etc/nginx/certs --volume vhost:/etc/nginx/vhost.d --volume html:/usr/share/nginx/html --volume /var/run/docker.sock:/tmp/docker.sock:ro -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro --network=nextcloudpi nginxproxy/nginx-proxy
also started nginx-proxy-companion:
docker run --detach \ --name nginx-proxy-acme \ --volumes-from nginx-proxy \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ --volume acme:/etc/acme.sh \ -v /etc/timezone:/etc/timezone:ro \ -v /etc/localtime:/etc/localtime:ro \ --network=nextcloudpi \ --env "DEFAULT_EMAIL=letsencrypt@regenpost.de" \ nginxproxy/acme-companion
This is the logs when I try to open the site:

nginx.1     | test.bardhome.de 79.244.34.207 - - [17/Sep/2023:20:01:38 +0200] "GET / HTTP/2.0" 500 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "-"
nginx.1     | test.bardhome.de 79.244.34.207 - - [17/Sep/2023:20:01:58 +0200] "GET / HTTP/2.0" 500 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "-"
nginx.1     | 2023/09/17 20:07:46 [error] 36#36: *5607 connect() failed (111: Connection refused) while connecting to upstream, client: 150.129.59.5, server: test.bardhome.de, request: "GET / HTTP/1.1", upstream: "http://172.18.0.8:80/", host: "test.bardhome.de"
nginx.1     | test.bardhome.de 150.129.59.5 - - [17/Sep/2023:20:07:46 +0200] "GET / HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "172.18.0.8:80"
nginx.1     | 2023/09/17 20:07:56 [error] 36#36: *5609 connect() failed (111: Connection refused) while connecting to upstream, client: 31.186.166.197, server: test.bardhome.de, request: "GET / HTTP/1.1", upstream: "http://172.18.0.8:80/", host: "test.bardhome.de"
nginx.1     | test.bardhome.de 31.186.166.197 - - [17/Sep/2023:20:07:56 +0200] "GET / HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" "172.18.0.8:80"
nginx.1     | 2023/09/17 20:07:56 [error] 36#36: *5611 connect() failed (111: Connection refused) while connecting to upstream, client: 195.5.55.36, server: test.bardhome.de, request: "GET / HTTP/1.1", upstream: "http://172.18.0.8:80/", host: "test.bardhome.de"
nginx.1     | test.bardhome.de 195.5.55.36 - - [17/Sep/2023:20:07:56 +0200] "GET / HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" "172.18.0.8:80"
nginx.1     | 79.244.34.207 34.219.62.144 - - [17/Sep/2023:20:07:59 +0200] "GET / HTTP/1.1" 503 190 "-" "AHC/2.1" "-"
nginx.1     | 2023/09/17 20:07:59 [error] 36#36: *5614 connect() failed (111: Connection refused) while connecting to upstream, client: 35.91.128.185, server: test.bardhome.de, request: "GET / HTTP/1.1", upstream: "http://172.18.0.8:80/", host: "test.bardhome.de"
nginx.1     | test.bardhome.de 35.91.128.185 - - [17/Sep/2023:20:07:59 +0200] "GET / HTTP/1.1" 502 157 "-" "AHC/2.1" "172.18.0.8:80"

Edit: Strange, no I do not get an error in the logs, but still the same message 500 - internal server error:

nginx.1     | bardhome.de 79.244.34.207 - - [17/Sep/2023:21:13:31 +0200] "GET /index.php/login?user=simon&direct=1 HTTP/2.0" 500 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "-"
nginx.1     | bardhome.de 79.244.34.207 - - [17/Sep/2023:21:13:31 +0200] "GET /favicon.ico HTTP/2.0" 500 177 "https://bardhome.de/index.php/login?user=simon&direct=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "-"
nginx.1     | bardhome.de 79.244.34.207 - - [17/Sep/2023:21:13:39 +0200] "GET /index.php/login?user=simon&direct=1 HTTP/2.0" 500 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "-"
nginx.1     | bardhome.de 79.244.34.207 - - [17/Sep/2023:21:13:39 +0200] "GET /favicon.ico HTTP/2.0" 500 177 "https://bardhome.de/index.php/login?user=simon&direct=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "-"
nginx.1     | bardhome.de 79.244.34.207 - - [17/Sep/2023:21:13:51 +0200] "GET /index.php/login?user=simon&direct=1 HTTP/1.1" 200 6330 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "172.18.0.5:80"
nginx.1     | bardhome.de 79.244.34.207 - - [17/Sep/2023:21:13:51 +0200] "GET /core/css/server.css?v=b37b8fe6-1 HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "172.18.0.5:80"
nginx.1     | bardhome.de 79.244.34.207 - - [17/Sep/2023:21:13:54 +0200] "GET /index.php/apps/theming/image/logo?v=1 HTTP/1.1" 404 18305 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "172.18.0.5:80"
nginx.1     | test.bardhome.de 79.244.34.207 - - [17/Sep/2023:21:14:11 +0200] "GET / HTTP/2.0" 500 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" "-"

Version of nginx-proxy:
nginxproxy/nginx-proxy latest b3fe70959a81 6 days ago 203MB
@backupandforkacc
Copy link
Author

Reaching the testserver locally without SSL is no problem:
grafik

@backupandforkacc
Copy link
Author

logs of acme:

Sleep for 3600s
Creating/renewal bardhome.de certificates... (bardhome.de)
[Sun Sep 17 18:18:19 CEST 2023] Domains not changed.
[Sun Sep 17 18:18:19 CEST 2023] Skip, Next renewal time is: Mon Nov 13 15:15:36 UTC 2023
[Sun Sep 17 18:18:19 CEST 2023] Add '--force' to force to renew.
Creating/renewal test.bardhome.de certificates... (test.bardhome.de test.bardhome.eu)
[Sun Sep 17 18:18:21 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Sep 17 18:18:21 CEST 2023] Creating domain key
[Sun Sep 17 18:18:22 CEST 2023] The domain key is here: /etc/acme.sh/letsencrypt@regenpost.de/test.bardhome.de/test.bardhome.de.key
[Sun Sep 17 18:18:22 CEST 2023] Multi domain='DNS:test.bardhome.de,DNS:test.bardhome.eu'
[Sun Sep 17 18:18:22 CEST 2023] Getting domain auth token for each domain
[Sun Sep 17 18:18:27 CEST 2023] Getting webroot for domain='test.bardhome.de'
[Sun Sep 17 18:18:27 CEST 2023] Getting webroot for domain='test.bardhome.eu'
[Sun Sep 17 18:18:28 CEST 2023] test.bardhome.de is already verified, skip http-01.

@backupandforkacc
Copy link
Author

Everything seems correct with the network:

docker network inspect nextcloudpi
[
    {
        "Name": "nextcloudpi",
        "Id": "ee2ea6fe5a915bf3d38889dfdafcabd67497dc7cf52ed0e4b2b15e169c9856f8",
        "Created": "2023-09-14T15:30:11.504371687+02:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "22f30098a65b2a214e7f6f618ca4e72bc89d8cb587c75e4157b9c6a575531c08": {
                "Name": "testserver",
                "EndpointID": "d1c40d56e2e3728eb7392efab1608a0a09dc42c43fc0ba8608b92ea89d8f64d8",
                "MacAddress": "02:42:ac:12:00:08",
                "IPv4Address": "172.18.0.8/16",
                "IPv6Address": ""
            },
            "38613a9a6f2c8cb51b6f669fb0b53fd37d5c422d2b45811c67e7e7d97b599747": {
                "Name": "nc_mariadb",
                "EndpointID": "a1602a624d91e0d9040585901b069ac9307dcd12fa35cb1c7daafac4c3277b85",
                "MacAddress": "02:42:ac:12:00:04",
                "IPv4Address": "172.18.0.4/16",
                "IPv6Address": ""
            },
            "40876853fed73c73e0772155676850d6186e4c99bc5634bbae3975d6bf7a384d": {
                "Name": "nginx-proxy-acme",
                "EndpointID": "e1427c48d2dd8d1130d2057a0094694ac91d5a1c93ad60ed6a806b0ac2c77312",
                "MacAddress": "02:42:ac:12:00:07",
                "IPv4Address": "172.18.0.7/16",
                "IPv6Address": ""
            },
            "63382c1fadf152fa57b2e56b0de8c7b4bdce70628fa43f14fcd3349f46b59d76": {
                "Name": "phpmyadmin",
                "EndpointID": "17645e9dbecb4458adb04c4c81ebd5068290d1457c5fd2c1c5850bb558ae6298",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            },
            "b81366c0b9892cd981b59bfaaad953f6df2806369b8f9958b0fa82505595a5c6": {
                "Name": "nextcloud",
                "EndpointID": "5a08a31c2f5dfc55b79354603b859cfc9d879259b47bb573cb5a7663da8be9ab",
                "MacAddress": "02:42:ac:12:00:05",
                "IPv4Address": "172.18.0.5/16",
                "IPv6Address": ""
            },
            "c6c82beb77fb9db44122e83243eaddc4ea3379496fc4656bec6c95541f894bf4": {
                "Name": "openhab",
                "EndpointID": "d68852b6b69802897a6a3d0f1d9fe2eb4f8ce74144660febdb20d7c63542af21",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "f71bb7f4bdbf79424ab48b658856919dfe7558dbb6ea532323d20f957a00508b": {
                "Name": "nginx-proxy",
                "EndpointID": "39ecb6ad444fc68e05bd865d2088299b20f088eca4775ed9b45ca3e8b8cf8965",
                "MacAddress": "02:42:ac:12:00:06",
                "IPv4Address": "172.18.0.6/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

@SchoNie
Copy link
Contributor

SchoNie commented Sep 18, 2023
edited

Looks like nginx-proxy is trying to forward to upstream on port 80. But your service is listening on 8080
See: https://github.com/nginx-proxy/nginx-proxy#virtual-ports

try to add -e 'VIRTUAL_PORT=8080' to your test server run command.

If no change it helps to post your full rendered nginx config.
docker exec -t yourproxycontainer nginx -T

@backupandforkacc
Copy link
Author

@SchoNie : Many thanks, but the server is listening on port 80, too:

simon@simon-server:~$ docker ps
CONTAINER ID   IMAGE                                          COMMAND                  CREATED        STATUS                 PORTS                                                                      NAMES
f71bb7f4bdbf   nginxproxy/nginx-proxy                         "/app/docker-entrypo…"   19 hours ago   Up 6 minutes           0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   nginx-proxy
38613a9a6f2c   mariadb:latest                                 "docker-entrypoint.s…"   20 hours ago   Up 58 minutes          3306/tcp                                                                   nc_mariadb
562d5b50d7e8   ghcr.io/home-assistant/home-assistant:stable   "/init"                  20 hours ago   Up 3 hours                                                                                        homeassistant
55b1a962883d   koenkk/zigbee2mqtt                             "docker-entrypoint.s…"   20 hours ago   Up 3 hours             0.0.0.0:8087->8080/tcp, :::8087->8080/tcp                                  zigbee2mqtt
c6c82beb77fb   openhab/openhab:latest                         "/entrypoint gosu op…"   2 days ago     Up 3 hours (healthy)   5007/tcp, 8101/tcp, 8443/tcp, 0.0.0.0:8091->8080/tcp, :::8091->8080/tcp    openhab
22f30098a65b   nginxdemos/nginx-hello                         "/docker-entrypoint.…"   3 days ago     Up 4 minutes           80/tcp, 0.0.0.0:8086->8080/tcp, :::8086->8080/tcp                          testserver
40876853fed7   nginxproxy/acme-companion                      "/bin/bash /app/entr…"   3 days ago     Up 6 minutes                                                                                      nginx-proxy-acme

I can access the testserver from the browser of any computer from within my home network, but not from the nginx-proxy container. Although as shown above its the same network.

simon@simon-server:/intenso/docker/volumes/nginx-proxy-manager$ docker exec -it nginx-proxy bash
root@f71bb7f4bdbf:/app# wget 192.168.103.44:8086
--2023-09-18 09:48:14--  http://192.168.103.44:8086/
Connecting to 192.168.103.44:8086... ^C  **<=== its not connecting, so something here is wrong.**
root@f71bb7f4bdbf:/app# wget http://testserver
--2023-09-18 09:48:28--  http://testserver/
Resolving testserver (testserver)... 172.18.0.6
Connecting to testserver (testserver)|172.18.0.6|:80... failed: Connection refused.

From the server itself (host of docker), it works fine:

simon@simon-server:~$  wget 192.168.103.44:8086
--2023-09-18 09:47:04--  http://192.168.103.44:8086/
Verbindungsaufbau zu 192.168.103.44:8086 … verbunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 200 OK
Länge: nicht spezifiziert [text/html]
Wird in ‘index.html’ gespeichert.

index.html                                    [ <=>                                                                                  ]   7,06K  --.-KB/s    in 0s

2023-09-18 09:47:04 (139 MB/s) - ‘index.html’ gespeichert [7225]

@SchoNie
Copy link
Contributor

SchoNie commented Sep 18, 2023

Please post your full rendered nginx config.
docker exec -t yourproxycontainer nginx -T

But did you try the -e 'VIRTUAL_PORT=8080'? nginx-proxy cannot reach your container over port 80 because it is not published.
That command tells nginx-proxy to not use 80, but 8080 which you have published.

@backupandforkacc
Copy link
Author

Thank you @SchoNie !
Yes, I tried as you told me, stopped the testserver container, removed it and added the virtual port to the docker config:
docker run -d --name testserver --network nextcloudpi -p 8086:8080 -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro -e 'LETSENCRYPT_EMAIL=letsencrypt@regenpost.de' -e 'LETSENCRYPT_HOST=test.bardhome.de, test.bardhome.eu' -e 'VIRTUAL_HOST=test.bardhome.de, test.bardhome.eu' -e 'VIRTUAL_PORT=8080' nginxdemos/nginx-hello
Still have the issue.

Here the output:


simon@simon-server:/intenso/docker/volumes$  docker exec -t nginx-proxy nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  10240;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
daemon off;

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/avif                                       avif;
    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/default.conf:
# nginx-proxy version : 1.3.1-40-g67ab97e
# Networks available to the container running docker-gen (which are assumed to
# match the networks available to the container running nginx):
#     nextcloudpi
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
    default $http_x_forwarded_proto;
    '' $scheme;
}
map $http_x_forwarded_host $proxy_x_forwarded_host {
    default $http_x_forwarded_host;
    '' $http_host;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
    default $http_x_forwarded_port;
    '' $server_port;
}
# If the request from the downstream client has an "Upgrade:" header (set to any
# non-empty value), pass "Connection: upgrade" to the upstream (backend) server.
# Otherwise, the value for the "Connection" header depends on whether the user
# has enabled keepalive to the upstream server.
map $http_upgrade $proxy_connection {
    default upgrade;
    '' $proxy_connection_noupgrade;
}
map $upstream_keepalive $proxy_connection_noupgrade {
    # Preserve nginx's default behavior (send "Connection: close").
    default close;
    # Use an empty string to cancel nginx's default behavior.
    true '';
}
# Abuse the map directive (see <https://stackoverflow.com/q/14433309>) to ensure
# that $upstream_keepalive is always defined.  This is necessary because:
#   - The $proxy_connection variable is indirectly derived from
#     $upstream_keepalive, so $upstream_keepalive must be defined whenever
#     $proxy_connection is resolved.
#   - The $proxy_connection variable is used in a proxy_set_header directive in
#     the http block, so it is always fully resolved for every request -- even
#     those where proxy_pass is not used (e.g., unknown virtual host).
map "" $upstream_keepalive {
    # The value here should not matter because it should always be overridden in
    # a location block (see the "location" template) for all requests where the
    # value actually matters.
    default false;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_proto
map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
    default off;
    https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_addr"';
access_log off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305';
    ssl_prefer_server_ciphers off;
error_log /dev/stderr;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
proxy_set_header X-Original-URI $request_uri;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
    server_name _; # This is just an invalid value which will never trigger on a real hostname.
    server_tokens off;
    http2 on;
    listen 80;
    listen 443 ssl;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    access_log /var/log/nginx/access.log vhost;
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
    return 503;
}
# bardhome.de/
upstream bardhome.de {
    # Container: nextcloud
    #     networks:
    #         nextcloudpi (reachable)
    #     IP address: 172.18.0.4
    #     exposed ports: 80/tcp
    #     default port: 80
    #     using port: 80
    #         /!\ WARNING: Virtual port published on host.  Clients
    #                      might be able to bypass nginx-proxy and
    #                      access the container's server directly.
    server 172.18.0.4:80;
}
server {
    server_name bardhome.de;
    http2 on;
    access_log /var/log/nginx/access.log vhost;
    listen 80 ;
    listen 443 ssl ;
    # No certificate found for this vhost, so use the default certificate and
    # return an error code if the user connects via https.
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
    if ($https) {
        return 500;
    }
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://bardhome.de;
        set $upstream_keepalive false;
    }
}
# test.bardhome.de/
upstream test.bardhome.de {
    # Container: testserver
    #     networks:
    #         nextcloudpi (reachable)
    #     IP address: 172.18.0.6
    #     exposed ports: 80/tcp 8080/tcp
    #     default port: 80
    #     using port: 8080
    #         /!\ WARNING: Virtual port published on host.  Clients
    #                      might be able to bypass nginx-proxy and
    #                      access the container's server directly.
    server 172.18.0.6:8080;
}
server {
    server_name test.bardhome.de;
    http2 on;
    access_log /var/log/nginx/access.log vhost;
    listen 80 ;
    listen 443 ssl ;
    # No certificate found for this vhost, so use the default certificate and
    # return an error code if the user connects via https.
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
    if ($https) {
        return 500;
    }
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://test.bardhome.de;
        set $upstream_keepalive false;
    }
}
# test.bardhome.eu/
upstream test.bardhome.eu {
    # Container: testserver
    #     networks:
    #         nextcloudpi (reachable)
    #     IP address: 172.18.0.6
    #     exposed ports: 80/tcp 8080/tcp
    #     default port: 80
    #     using port: 8080
    #         /!\ WARNING: Virtual port published on host.  Clients
    #                      might be able to bypass nginx-proxy and
    #                      access the container's server directly.
    server 172.18.0.6:8080;
}
server {
    server_name test.bardhome.eu;
    http2 on;
    access_log /var/log/nginx/access.log vhost;
    listen 80 ;
    listen 443 ssl ;
    # No certificate found for this vhost, so use the default certificate and
    # return an error code if the user connects via https.
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
    if ($https) {
        return 500;
    }
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://test.bardhome.eu;
        set $upstream_keepalive false;
    }
}

# configuration file /etc/nginx/vhost.d/default:

Strange that there should be no certificate, as the acme tells me:

Info: running acme-companion version v2.2.8-14-g9fbd668
Info: 4096 bits RFC7919 Diffie-Hellman group found, generation skipped.
Reloading nginx proxy (nginx-proxy)...
2023/09/18 10:48:16 Generated '/etc/nginx/conf.d/default.conf' from 10 containers
2023/09/18 10:48:16 [notice] 98#98: signal process started
2023/09/18 10:48:16 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
2023/09/18 10:48:16 Watching docker events
2023/09/18 10:48:16 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
Reloading nginx proxy (nginx-proxy)...
2023/09/18 10:48:17 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
2023/09/18 10:48:17 [notice] 115#115: signal process started
Creating/renewal bardhome.de certificates... (bardhome.de)
[Mon Sep 18 10:48:18 CEST 2023] Domains not changed.
[Mon Sep 18 10:48:18 CEST 2023] Skip, Next renewal time is: Mon Nov 13 15:15:36 UTC 2023
[Mon Sep 18 10:48:18 CEST 2023] Add '--force' to force to renew.
Creating/renewal test.bardhome.de certificates... (test.bardhome.de test.bardhome.eu)
[Mon Sep 18 10:48:20 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Sep 18 10:48:20 CEST 2023] Creating domain key
[Mon Sep 18 10:48:23 CEST 2023] The domain key is here: /etc/acme.sh/letsencrypt@regenpost.de/test.bardhome.de/test.bardhome.de.key
[Mon Sep 18 10:48:23 CEST 2023] Multi domain='DNS:test.bardhome.de,DNS:test.bardhome.eu'
[Mon Sep 18 10:48:23 CEST 2023] Getting domain auth token for each domain
[Mon Sep 18 10:48:26 CEST 2023] Getting webroot for domain='test.bardhome.de'
[Mon Sep 18 10:48:26 CEST 2023] Getting webroot for domain='test.bardhome.eu'
[Mon Sep 18 10:48:26 CEST 2023] test.bardhome.de is already verified, skip http-01.

@backupandforkacc
Copy link
Author

I dont know why the nginx.conf tells me there is not SSL certificate. The nginx-proxy can access them. When I log into the docker container, it tells me:


simon@simon-server:~$ docker exec -it nginx-proxy bash
root@e5da585c3252:/app# ls -lh /etc/nginx/certs
total 50K
drwx------ 3 root root    3 Sep 18 09:08 accounts
drwx------ 3 root root    3 Sep 18 09:08 archive
drwxr-xr-x 2 root root    7 Aug  3 09:59 bardhome.de
lrwxrwxrwx 1 root root   23 Aug 12 18:25 bardhome.de.chain.pem -> ./bardhome.de/chain.pem
lrwxrwxrwx 1 root root   27 Aug 18 14:21 bardhome.de.crt -> ./bardhome.de/fullchain.pem
lrwxrwxrwx 1 root root   13 Aug 12 18:25 bardhome.de.dhparam.pem -> ./dhparam.pem
lrwxrwxrwx 1 root root   21 Aug 12 18:25 bardhome.de.key -> ./bardhome.de/key.pem
-rw-r--r-- 1 root root 1.9K Aug  3 09:58 default.crt
-rw------- 1 root root 3.2K Aug  3 09:58 default.key
-rw-r--r-- 1 root root  769 Aug  3 09:58 dhparam.pem
drwx------ 3 root root    4 Sep 18 09:08 live
drwxr-xr-x 2 root root    3 Sep 18 09:08 renewal
drwxr-xr-x 5 root root    5 Sep 18 09:05 renewal-hooks
drwxr-xr-x 2 root root    7 Sep 18 11:58 test.bardhome.de
lrwxrwxrwx 1 root root   28 Sep 18 11:58 test.bardhome.de.chain.pem -> ./test.bardhome.de/chain.pem
lrwxrwxrwx 1 root root   32 Sep 18 11:58 test.bardhome.de.crt -> ./test.bardhome.de/fullchain.pem
lrwxrwxrwx 1 root root   13 Sep 18 11:58 test.bardhome.de.dhparam.pem -> ./dhparam.pem
lrwxrwxrwx 1 root root   26 Sep 18 11:58 test.bardhome.de.key -> ./test.bardhome.de/key.pem
lrwxrwxrwx 1 root root   28 Sep 18 11:58 test.bardhome.eu.chain.pem -> ./test.bardhome.de/chain.pem
lrwxrwxrwx 1 root root   32 Sep 18 11:58 test.bardhome.eu.crt -> ./test.bardhome.de/fullchain.pem
lrwxrwxrwx 1 root root   13 Sep 18 11:58 test.bardhome.eu.dhparam.pem -> ./dhparam.pem
lrwxrwxrwx 1 root root   26 Sep 18 11:58 test.bardhome.eu.key -> ./test.bardhome.de/key.pem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@backupandforkacc @SchoNie