I am trying to run certbot on an ECS instance which is running a docker image (docker.io/existdb/teipublisher). The image runs well and I have associated it with a custom subdomain teipub.dh-dev.com using an elastic IP.
Trying to install and run certbot so I can have an Https connection has proven to be surprisingly difficult.
running as root, I install nginx with:
sudo amazon-linux-extras list | grep nginx
sudo amazon-linux-extras enable nginx1
sudo yum clean metadata
sudo yum -y install nginx
then, following this from nginx I create /etc/nginx/conf.d/teipub.dh-dev.com.conf with the content:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name teipub.dh-dev.com;
}
but now when running sudo nginx -c /etc/nginx/nginx.conf to reload the new configuration I get
Which makes sense to me because when I built the task definition to run my image on the ECS cluster I used a portMapping between the hostPorts 80 and 443 and the corresponding containerPorts, which means something is already listening on port 80 (as well as 443).
running sudo systemctl status nginx, sudo systemctl status httpd or sudo systemctl status apache2 on a clean ECS EC2 instance that is running the docker image cannot find those services. So nginx is not installed let alone running before I try to run it.
So my question is: isn't there already a webserver on the ECS instance? What is it and can I install the certbot on it? Or else, what is listening on port 80?
Alternatively - is there a different way to use certbot on an ECS instance?
BTW, and I don't think this is relevant, my main domain (dh-dev.com and www.dh-dev.com) allows https connections, probably through a certificate supplied by my hosting provider.
===Update===
following @dave_thompson_085's comment, I now understand (see image below) that a process called docker-proxy is listening on ports 80 and 443. Which is why I cannot use nginx to configure certbot on these ports. Any ideas on how to progress most welcome...
