Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nginx-proxy challenges failing #1000

Open
Serenacula opened this issue Feb 24, 2023 · 2 comments
Open

Nginx-proxy challenges failing #1000

Serenacula opened this issue Feb 24, 2023 · 2 comments
Labels
kind/failing-authorization Issue concerning failing ACME challenge

Comments

@Serenacula
Copy link

Serenacula commented Feb 24, 2023
edited

Hello, I've been having having issues with my server returning 500 errors in response to https requests. After a bit of investigating I attempted to do a force_renew.

From this, I got the following logs:

root@docker-s-1vcpu-1gb-lon1-01:/# docker exec acme-companion /app/force_renew
Creating/renewal admin.faylee-test.com certificates... (admin.faylee-test.com)
[Fri Feb 24 00:29:20 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 24 00:29:20 UTC 2023] Creating domain key
[Fri Feb 24 00:29:24 UTC 2023] The domain key is here: /etc/acme.sh/mail@domain.com/admin.faylee-test.com/admin.faylee-test.com.key
[Fri Feb 24 00:29:24 UTC 2023] Single domain='admin.faylee-test.com'
[Fri Feb 24 00:29:24 UTC 2023] Getting domain auth token for each domain
[Fri Feb 24 00:29:26 UTC 2023] Getting webroot for domain='admin.faylee-test.com'
[Fri Feb 24 00:29:26 UTC 2023] Verifying: admin.faylee-test.com
[Fri Feb 24 00:29:29 UTC 2023] admin.faylee-test.com:Verify error:2606:4700:3032::ac43:8e0c: Invalid response from https://admin.faylee-test.com/.well-known/acme-challenge/dOeYuGyEwe-L4h9lnYu4Md1VEJqzAOf5tFFVqPFnagY: 502
[Fri Feb 24 00:29:29 UTC 2023] Please check log file for more details: /dev/null
Creating/renewal faylee-test.com certificates... (faylee-test.com www.faylee-test.com)
[Fri Feb 24 00:29:30 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 24 00:29:30 UTC 2023] Creating domain key
[Fri Feb 24 00:29:33 UTC 2023] The domain key is here: /etc/acme.sh/mail@domain.com/faylee-test.com/faylee-test.com.key
[Fri Feb 24 00:29:33 UTC 2023] Multi domain='DNS:faylee-test.com,DNS:www.faylee-test.com'
[Fri Feb 24 00:29:33 UTC 2023] Getting domain auth token for each domain
[Fri Feb 24 00:29:36 UTC 2023] Getting webroot for domain='faylee-test.com'
[Fri Feb 24 00:29:36 UTC 2023] Getting webroot for domain='www.faylee-test.com'
[Fri Feb 24 00:29:36 UTC 2023] Verifying: faylee-test.com
[Fri Feb 24 00:29:39 UTC 2023] faylee-test.com:Verify error:2606:4700:3032::ac43:8e0c: Invalid response from https://www.faylee-test.com/.well-known/acme-challenge/1hvpaPiBTaUccT0RUOz-uimaOLhEkhsxPYDcx_oDFFE: 500
[Fri Feb 24 00:29:39 UTC 2023] Please check log file for more details: /dev/null

To the best of my understanding, I have followed the recommendations exactly. This is my docker-compose:

version: "3.7"

services:
    nginx:
        container_name: "nginx"
        image: "nginxproxy/nginx-proxy:latest"
        volumes:
            - "html:/usr/share/nginx/html"
            - "vhost:/etc/nginx/vhost.d"
            - "certs:/etc/nginx/certs"
            - "/var/run/docker.sock:/tmp/docker.sock:ro"
        ports:
            - "80:80"
            - "443:443"

    acme:
        container_name: "acme-companion"
        image: "nginxproxy/acme-companion:latest"
        volumes:
            - "html:/usr/share/nginx/html"
            - "vhost:/etc/nginx/vhost.d"
            - "certs:/etc/nginx/certs"
            - "acme:/etc/acme.sh"
            - "/var/run/docker.sock:/var/run/docker.sock:ro"
        environment:
            NGINX_PROXY_CONTAINER: "nginx"
            DEFAULT_EMAIL: "mail@domain.com"
        depends_on:
            - "nginx"

    strapi:
        container_name: "strapi"
        build:
            context: ./strapi/
            dockerfile: strapi.Dockerfile
        environment:
            VIRTUAL_HOST: "admin.faylee-test.com"
            LETSENCRYPT_HOST: "admin.faylee-test.com"

    nextjs:
        container_name: "nextjs"
        build:
            context: ./nextjs/
            dockerfile: nextjs.Dockerfile
            target: "production"
        environment:
            VIRTUAL_HOST: "faylee-test.com,www.faylee-test.com"
            LETSENCRYPT_HOST: "faylee-test.com,www.faylee-test.com"

volumes:
    certs:
    html:
    vhost:
    acme:

Any help would be appreciated. :)
@phken91
Copy link

phken91 commented Feb 24, 2023

i have this same issues,

@Serenacula
Copy link
Author

Serenacula commented Feb 24, 2023
edited

i have this same issues,

Okay so, I do have a work around - if you set nginx up as a dockerfile and copy in a proxy.conf, you can override the server settings.

I have set up a proxy.conf like this:

# admin.MY_DOMAIN.com
upstream strapi {
    # Container: strapi
    #     networks:
    #         website-template_default (reachable)
    #     IP address: 172.18.0.2
    #     exposed ports: 1337/tcp
    #     default port: 1337
    #     using port: 1337
    server 172.18.0.2:1337;
}
server {
    server_name admin.MY_DOMAIN.com;
    access_log /var/log/nginx/access.log vhost;
    listen 80 ;
    include /etc/nginx/vhost.d/default;
    location ^~ /.well-known/acme-challenge {
        allow all;
        alias /var/www/acme;
    }
    location / {
        proxy_pass http://strapi;
    }
}
server {
    server_name admin.MY_DOMAIN.com;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_certificate /etc/nginx/certs/admin.MY_DOMAIN.com.crt;
    ssl_certificate_key /etc/nginx/certs/admin.MY_DOMAIN.com.key;
    
    location / {
        proxy_pass http://strapi;
    }
}

upstream nextjs {
    # Container: nextjs
    #     networks:
    #         website-template_default (reachable)
    #     IP address: 172.18.0.3
    #     exposed ports: 3000/tcp
    #     default port: 3000
    #     using port: 3000
    server 172.18.0.3:3000;
}
# MY_DOMAIN.com
server {
    server_name MY_DOMAIN.com;
    access_log /var/log/nginx/access.log vhost;
    listen 80 ;
    include /etc/nginx/vhost.d/default;
        location ^~ /.well-known/acme-challenge {
        allow all;
        alias /var/www/acme;
    }
    location / {
        proxy_pass http://nextjs;
    }
}
server {
    server_name MY_DOMAIN.com;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_certificate /etc/nginx/certs/MY_DOMAIN.com.crt;
    ssl_certificate_key /etc/nginx/certs/MY_DOMAIN.com.key;
    location / {
        proxy_pass http://nextjs;
    }
}
# www.MY_DOMAIN.com
server {
    server_name www.MY_DOMAIN.com;
    access_log /var/log/nginx/access.log vhost;
    listen 80 ;
    include /etc/nginx/vhost.d/default;
    location ^~ /.well-known/acme-challenge {
        allow all;
        alias /var/www/acme;
    }
    location / {
        proxy_pass http://nextjs;
    }
}
server {
    server_name www.MY_DOMAIN.com;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_certificate /etc/nginx/certs/www.MY_DOMAIN.com.crt;
    ssl_certificate_key /etc/nginx/certs/www.MY_DOMAIN.com.key;
    location / {
        proxy_pass http://nextjs;
    }
}

This seems to have gotten around the issue. This seems like something the image should have done on our behalf though, so I'm not sure why it was necessary.

@buchdag buchdag added the kind/failing-authorization Issue concerning failing ACME challenge label Feb 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/failing-authorization Issue concerning failing ACME challenge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@phken91 @buchdag @Serenacula