Did you run nginx -T
from the same place (Host or Container) you have that config file and where that script runs?
Yes, now i did. Below is are the commands i ran with outputs..
[ec2-user@ip-172-31-33-125 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
1da0c3c27af4 project_x1-proxy "/docker-entrypoint.…" 4 hours ago Up 4 hours 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp project_x1-proxy-1
020c875d6f59 app:app "python manage.py ru…" 4 hours ago Up 4 hours
django_container1
95fa9a82dd6f mysql:8.0 "docker-entrypoint.s…" 4 hours ago Up 4 hours 3306/tcp, 33060/tcp
project_x1-db-1
[ec2-user@ip-172-31-33-125 ~]$ docker exec -it 1da0c3c27af4 nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/default.conf:
server {
listen 80;
server_name djangotest.reinventintelligence.com www.djangotest.reinventintelligence.com;
location /.well-known/acme-challenge/ {
root /vol/www/;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name djangotest.reinventintelligence.com www.djangotest.reinventintelligence.com;
ssl_certificate /etc/letsencrypt/live/djangotest.reinventintelligence.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/djangotest.reinventintelligence.com/privkey.pem;
include /etc/nginx/options-ssl-nginx.conf;
ssl_dhparam /vol/proxy/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location /static {
alias /vol/static;
}
location / {
uwsgi_pass app:9000;
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
# configuration file /etc/nginx/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
# configuration file /etc/nginx/uwsgi_params:
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
Looking back through this thread I am not certain what problems still remain.
Your HTTP requests for the ACME challenge do not redirect as they did earlier so should work now (see test below).
And, your HTTPS requests work apart from getting a 502 when you proxy to uwsgi. But, that's just you need to fix that app and is not related to certs.
When I try HTTPS adding /static to the path it works fine as it does not proxy because of your location
for /static.
You got a cert on Dec18 and it is still perfectly fine to use. And, your server is using it. So, not sure why you were trying to get another one in your first post. But, from the same place you ran the nginx -T
you could try this to test certbot
certbot certonly --dry-run --webroot -w /vol/www -d djangotest.reinventintelligence.com
If that dry-run (staging test) works your original command should work too. Let us know what happens with this dry-run
I can't get any output from this..below are the commands I ran.. Also regarding my first post, it was fixed. I was using wrong IPv4 domain in route53 record. After fixing this I started getting this "502 bad gateway"
[ec2-user@ip-172-31-33-125 ~]$ docker exec -it e3e414eee153 /bin/bash
bash-5.1#
bash-5.1#
bash-5.1# certbot certonly --dry-run --webroot -w /vol/www -d djangotest.reinventintelligence.com
bash: certbot: command not found
Why different?
Is certbot
NOT where nginx
is?
new container created..old one removed..
and for certbot as per the docker terminal it looks like it is not present where nginx is..
I checked the docker file and it says below..
FROM certbot/certbot:v1.27.0
COPY certify-init.sh /opt/
RUN chmod +x /opt/certify-init.sh
ENTRYPOINT
CMD ["certbot", "renew"]
But I can't find the .sh script in /opt/ path. Not sure where it is
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.