I'm struggling with generating certificates for my nginx proxy on Docker.
I've designed the docker-compose in the following way:
version: "3"
services:
postgres-db:
image: postgres:15.2-alpine
container_name: postgres-db
restart: unless-stopped
env_file:
- .env
volumes:
- ./postgres-data:/var/lib/postgresql/data
ports:
- "5432:5432"
networks:
- container-network
app1:
image: app1:development
container_name: app2
restart: unless-stopped
env_file:
- .env
ports:
- "3002:3000"
networks:
- container-network
app2:
image: app2:development
container_name: app2
restart: unless-stopped
env_file:
- .env
ports:
- "3001:3000"
networks:
- container-network
nginx:
image: nginx:latest
container_name: nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./certbot/www/:/var/www/certbot/:ro
- ./certbot/conf/:/etc/letsencrypt/:ro
networks:
- container-network
certbot:
image: certbot/certbot:latest
container_name: certbot
volumes:
- ./certbot/www/:/var/www/certbot/:rw
- ./certbot/conf/:/etc/letsencrypt/:rw
networks:
container-network:
driver: bridge
And my nginx conf is the following:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name app1.com www.app1.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# Redirect all http traffic to https
server {
listen 443 ssl;
server_name app1.com www.app1.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/app1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app1.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://app:3000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name app2.app1.com
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# Redirect all http traffic to https
server {
listen 443 ssl;
server_name app2.app1.com
server_tokens off;
ssl_certificate /etc/letsencrypt/live/app2.app1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app2.app1.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://app:3000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
I've managed to generate the necessary certificates using the script provided here, yet when accessing my website, my browser is warning me about ERR_CERT_AUTHORITY_INVALID
errors, and telling me that the issued certificate has a "localhost" common name.
All the files are running and nginx doesn't seem to complain too much...
To be clear, this is not what's expected, I'm expecting a certificate for my app.com domain.
Am I missing a certificate or a step in the process?