Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Evgeny Koposov2018-06-23 20:23:46
Nginx
Evgeny Koposov, 2018-06-23 20:23:46

How to set up https on Docker+Nginx+Yii2-starter-kit?

Good afternoon.

For several days now, I have not been able to set up https on the project.
We have:
- ubuntu 16.04
- Docker+Nginx
- yii2-starter-kit I

studied the manuals for a long time and understood the following algorithm:
1. Generate certificates with certbot 2.
Set up access to certificate files and port 443 in docker
port 443 and the path to the certificates.
4. Set up env for yii so that there is access via https

But as soon as I change it, I add the path of the certificate to the nginx config - the site becomes unavailable, neither via http nor via https.

Configs:
vhost.conf (nginx config):

server {
    server_name jekacompas.ml;
  listen 80;
    listen 443 ssl; # default_server;
    # выше можно добавить default_server для клиентов без SNI

    ssl_certificate /etc/letsencrypt/live/jekacompas.ml/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jekacompas.ml/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/jekacompas.ml/chain.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    #resolver 127.0.0.1 8.8.8.8;

    # исключим возврат на http-версию сайта
    add_header Strict-Transport-Security "max-age=31536000";

    # явно "сломаем" все картинки с http://
    add_header Content-Security-Policy "img-src https: data:; upgrade-insecure-requests";

  root /app;
    index index.php index.html;
    charset utf-8;

    location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|pdf|ppt|txt|bmp|rtf|js)$ {
      access_log off;
      expires max;
    }

    location / {
        root /frontend;
        try_files $uri /frontend/web/index.php?$args;
    }

    location /backend {
        try_files  $uri /backend/web/index.php?$args;
    }

    # storage access
    location /storage {
        try_files  $uri /storage/web/index.php?$args;
    }

    client_max_body_size 32m;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass php-fpm;
        fastcgi_index index.php;
        include fastcgi_params;

        ## Cache
        # fastcgi_pass_header Cookie; # fill cookie valiables, $cookie_phpsessid for exmaple
        # fastcgi_ignore_headers Cache-Control Expires Set-Cookie; # Use it with caution because it is cause SEO problems
        # fastcgi_cache_key "$request_method|$server_addr:$server_port$request_uri|$cookie_phpsessid"; # generating unique key
        # fastcgi_cache fastcgi_cache; # use fastcgi_cache keys_zone
        # fastcgi_cache_path /tmp/nginx/ levels=1:2 keys_zone=fastcgi_cache:16m max_size=256m inactive=1d;
        # fastcgi_temp_path  /tmp/nginx/temp 1 2; # temp files folder
        # fastcgi_cache_use_stale updating error timeout invalid_header http_500; # show cached page if error (even if it is outdated)
        # fastcgi_cache_valid 200 404 10s; # cache lifetime for 200 404;
        # or fastcgi_cache_valid any 10s; # use it if you want to cache any responses
    }
}

## PHP-FPM Servers ##
upstream php-fpm {
    server app:9000;
}

docker-compose.yml
version: "3"

services:
  app:
    build: docker/php
    volumes:
      - ./:/app
    depends_on:
      - db
      - mailcatcher
    env_file:
      - .env

  webpacker:
    image: node:9-alpine
    working_dir: /app
    volumes:
      - ./:/app
    command: /bin/true

  nginx:
    image: nginx:1.12-alpine
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./:/app
      - ./docker/nginx/vhost.conf:/etc/nginx/conf.d/vhost.conf
      - /etc/letsencrypt/live/jekacompas.ml/fullchain.pem:/etc/letsencrypt/live/jekacompas.ml/fullchain.pem
      - /etc/letsencrypt/live/jekacompas.ml/chain.pem:/etc/letsencrypt/live/jekacompas.ml/chain.pem
      - /etc/letsencrypt/live/jekacompas.ml/privkey.pem:/etc/letsencrypt/live/jekacompas.ml/privkey.pem
    depends_on:
      - app

  mailcatcher:
    image: schickling/mailcatcher:latest
    ports:
      - 1080:1080

  db:
    image: mysql:5.7
    volumes:
      - /var/lib/mysql
      - ./docker/mysql/config.cnf:/etc/mysql/conf.d/config.cnf
    ports:
      - 3306:3306
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: _
      MYSQL_USER: _
      MYSQL_PASSWORD: _

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
O
OnYourLips, 2018-06-23
@OnYourLips

Why do you mark the question from the series "how to set up software for starting" as medium complexity?

But, as soon as I change it, I add the path of the certificate to the nginx config - the site becomes unavailable, neither via http nor via https.
Is the nginx process running?
I will give advice from best practice: let nginx in docker work only via http. https should already be on the external proxy nginx.
And for this external one, already look at the logs - there will be an error message.

Similar questions
E
Emanue12017-07-28 14:53:52
Protect request from client to server? 2Reply
E
Elizabeth Lawrence2019-11-08 01:12:02
How to increase server response timeout for a specific link in NGINX? 1Reply
P
Peter Conscience2017-06-09 08:22:52
Nginx Redirect. An extra "/" is added, what should I do? 0Reply
E
Erkebai2015-06-30 19:30:37
How to install ZeroMQ for Nginx + php fpm on ubuntu 14.04? 1Reply
K
Kirill Kazakov2015-07-03 03:43:30
How to remove the error nginx Failed to read PID from file /run/nginx.pid: Invalid argument? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question