Cannot load certificate for localhost

chengtie · November 4, 2021, 2:24pm

I would like to run a project by docker in my localhost in MacOS.

Here is the docker-compose.yml:

version: "3"
services:
  frontend:
    restart: unless-stopped
    image: staticfloat/nginx-certbot
    ports:
      - 80:80/tcp
      - 443:443/tcp
    environment:
      CERTBOT_EMAIL: chengtie@gmail.com
    volumes:
      - ./conf.d:/etc/nginx/user.conf.d:ro
      - letsencrypt:/etc/letsencrypt
  10studio:
    image: bitnami/nginx:latest
    restart: always
    volumes: 
      - ./build:/app
      - ./default.conf:/opt/bitnami/nginx/conf/server_blocks/default.conf:ro
      - ./configs/config.prod.js:/app/lib/config.js
    depends_on: 
    - frontend

volumes:
  letsencrypt:

networks:
  default:
    external:
      name: 10studio

Here is default.conf:

upstream funfun {
   server 178.62.87.72:443;
}
server {
    listen              443 ssl;
    server_name localhost;
    ssl_certificate /etc/letsencrypt/live/localhost/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/localhost/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;
    add_header X-Frame-Options "";
    proxy_ssl_name "www.funfun.io";
    proxy_ssl_server_name on;
    location ~ /socialLoginSuccess {
        rewrite ^ '/#/socialLoginSuccess' redirect;
     }
    location ~ /auth/(.*) {
        proxy_pass  https://funfun/10studio/auth/$1?$query_string;
        proxy_set_header Host localhost;
     }
    location / {
        proxy_set_header    Host                $host;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    Accept-Encoding     "";
        proxy_set_header    Proxy               "";
        proxy_pass          http://localhost:3000/;
        # These three lines added as per https://github.com/socketio/socket.io/issues/1942 to remove socketio error
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }
}

And there is v4.conf under the folder conf.d which has the same content as default.conf.

I tried to run docker-compose up -d --build. The Docker Desktop showed me:

nginx 14:22:29.40 Welcome to the Bitnami nginx container
nginx 14:22:29.41 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-nginx
nginx 14:22:29.41 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-nginx/issues
nginx 14:22:29.41
nginx 14:22:29.42 INFO ==> ** Starting NGINX setup **
nginx 14:22:29.44 INFO ==> Validating settings in NGINX_* env vars
nginx 14:22:29.46 INFO ==> Initializing NGINX
realpath: /bitnami/nginx/conf/vhosts: No such file or directory
nginx 14:22:29.49 INFO ==> ** NGINX setup finished! **
nginx 14:22:29.51 INFO ==> ** Starting NGINX **
2021/11/04 14:22:29 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/localhost/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/localhost/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/localhost/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/localhost/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

Does anyone know how to successfully create the certificates?

Osiris · November 4, 2021, 2:51pm

You'd need to set up your own certificate authority for non-public hostnames. Let's Encrypt can't issue publicly valid certificates for non-public hostnames obviously.

Please see Certificates for localhost - Let's Encrypt

chengtie · November 4, 2021, 6:21pm

Thank you for your reply.

I could create locally localhost.crt and localhost.key by openssl. But now, I don't know how to mount them into the container. I tried to modify volumes in docker-compose.yml, but did not manage to make it work.

Could you help?

Osiris · November 4, 2021, 10:37pm

I'm afraid this is a Community specifically for help/discussions about Let's Encrypt and things relatively "closely" related to Let's Encrypt, such as the ACME protocol, ACME clients, perhaps also the PKI. But in my opinion (others might disagree with me) this Community is not meant for helping generic software issues such as "How to manage a Docker container" I'm afraid. It would probably be best to look for a Docker support forum for these kind of questions.

danb35 · November 4, 2021, 10:45pm

Not I. But instead of (or perhaps in addition to) a Docker support forum, I might suggest a support forum for the relevant software, which in this case appears to be Bitnami.

Osiris · November 4, 2021, 10:46pm

Oh my, Bitnami and Docker?

rg305 · November 5, 2021, 3:53am

Now do that on GoDaddy for the trifecta!

system · December 5, 2021, 3:53am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.