502 error while setting up SSL, and configuring listmonk on subdomain using nginx (on Docker)

[pranjalmishraa]

I am trying to setup listmonk on subdomain (DNS managed by cloudflare, Proxy off), Hosted on EC2 ( Open port 9000 to public)
However I am constantly getting 502 error from NGINX.

Followed tutorial : https://gist.github.com/MaximilianKohler/e5158fcfe6de80a9069926a67afcae11

I tried searching the similar problem in issues, I know that there were multiple issues that possibly solves the problem, However I am failing to fix this even after trying almost all the solutions listed (including changing the port to 9003). (Been trying from last 3-4 days)

Listmonk worked fine while opening with IP pre SSL configuration and proxy.

Problem starts post configuration of subdomain and SSL.

One thing that I noticed is that "app" and "db" docker containers are restarting every few seconds.

[knadh]

listmonk should never restart automatically unless you restart it, or you change any settings on the admin UI.

Please examine the Docker logs for the listmonk container to figure out why it's restarting, which is causing the 502.

[MaximilianKohler]

You should post your configs. You probably have an error in your configs that's causing listmonk to restart. I think my 502 error was due to a firewall, but yours may be the restart issue. I never had a 502 error with EC2 + docker. That setup should be pretty straightforward.

[pranjalmishraa]

Checked logs for app and db container.

Config.toml

[app]

address = "0.0.0.0:9000"

admin_username = "listmonk"
admin_password = "67u2c0xVzR9o5"

[db]
host = "listmonk_db"
port = 5432
user = "listmonk"
password = "67u2c0xVzR9o5"

database = "listmonk"

ssl_mode = "disable"
max_open = 25
max_idle = 25
max_lifetime = "300s"

params = ""

[pranjalmishraa]

docker-compose.yml

version: "3.7"

x-app-defaults: &app-defaults
  restart: unless-stopped
  image: listmonk/listmonk:latest
  ports:
    - "9000:9000"
  networks:
    - listmonk

x-db-defaults: &db-defaults
    image: postgres:11
    ports:
      - "9432:5432"
    networks:
      - listmonk
    environment:
      - POSTGRES_PASSWORD=kjdsgi4358973
      - POSTGRES_USER=yourbrandmate
      - POSTGRES_DB=listmonk
    restart: unless-stopped

services:
  db:
    <<: *db-defaults
    volumes:
      - type: volume
        source: listmonk-data
        target: /var/lib/postgresql/data

app:
    <<: *app-defaults
    depends_on:
      - db
    command: "./listmonk --static-dir=/listmonk/static"
    volumes:
      - ./config.toml/:/listmonk/config.toml
      - ./static:/listmonk/static
  
  nginx:
    image: nginx:mainline-alpine
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    networks:
      - listmonk
    depends_on:
      - app
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

  certbot:
    image: certbot/certbot
    restart: unless-stopped
    container_name: certbot
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    networks:
      - listmonk
    depends_on:
      - nginx
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
networks:
  listmonk:

volumes:
  listmonk-data:

nginx.conf

server {
    listen 80;
    server_name listmonk.yourbrandmate.agency;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name listmonk.yourbrandmate.agency;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/listmonk.yourbrandmate.agency/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/listmonk.yourbrandmate.agency/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass  http://app:9000;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

[MaximilianKohler]

Checked logs for app and db container.

Looks like there are a bunch of clues there. You can do a web search for those errors. I think it's better to post the raw code rather than screenshots, so it can be found in searches by other people, and it's easier to copy-paste.

Change image: postgres:11 to image: postgres:13?

Your IP is exposed in the screenshot, which is a security vulnerability. You should set a hostname to mask it.

[pranjalmishraa]

Thanks for pointing out.
Updating '''image: postgres:11''' to '''image: postgres:13?''' worked out.

I reinitiated the installation from scratch this time, releasing the previous IP and associating a new one.

This query is resolved. Thanks for the help.