Score:0

Server

Server refused to connect after installing SSL via Certbot | Docker + Nginx, AWS Lightsail

Pranav

9/11/23, 2:25 AM

I have successfully managed to install SSL via certbot into my Nginx Docker container, but after installation, all traffic routed via HTTPS refuses to connect.

curl https://www.example.com or curl https://the_ip_of_server

curl: (7) Failed to connect to example.com port 443 after 9822 ms: Connection refused

~Port 443 is open on the server(AWS Lisghtsail)

curl http://www.example.com

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.21.6</center>
</body>
</html>

but when curl http://the_ip_of_server

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.21.6</center>
</body>
</html>

here is nginx.conf

#Limit Concurrency
limit_conn_zone $binary_remote_addr zone=per_ip:10m;

server {
server_name example.com www.example.com;

location / {
    proxy_pass http://flask:8080/;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_intercept_errors on;

    limit_conn per_ip 12;
}

error_page 404 /notfound.html;
location /notfound.html {
    root /var/www/html;
    internal;
}

error_page 500 502 503 504 /maintenance.html;
location /maintenance.html {
    root /var/www/html;
    internal;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
if ($host = www.example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


if ($host = example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


listen 80 default_server;
server_name example.com www.example.com;
return 404; # managed by Certbot

}

docker-compose.yml

version: '3.7'

services:

flask:
  build: ./Flask App
  container_name: flask
  restart: always
  environment:
    - APP_NAME=Env
  expose:
    - 8080

nginx:
  build: ./Nginx
  container_name: nginx
  restart: always
  ports:
    - "80:80"

0 + 0

nginx

ssl-certificate

lets-encrypt

certbot

amazon-lightsail

Martin

9/11/23, 6:52 AM

Please give some more information... You have nginx running outside of docker as reverse proxy, forwarding traffic to your docker container, correct? Have you tried connecting to ```http://flask:8080/``` from the machine nginx is running on? Is something interesting inside the logs of nginx? Maybe the docker container exited / crashed, have you checked that?

Pranav

9/11/23, 8:47 AM

Nginx is running on a separate docker container while the flask is running on another, I tried `curl http://flask:8080/` from the Nginx container and the output is fine. and both docker containers are running fine(no crashes) on the docker network.

Martin

9/11/23, 8:55 AM

okay, did you think of publishing the 443 port of the nginx container to the host?

Pranav

9/11/23, 9:32 AM

hmm, port 80 of the container is already published to port 80 of the host. am not sure which port of the host should be assigned to port 443 of the container! I'll update the question with my `docker-compose` file.

Martin

9/11/23, 9:40 AM

port 443 is used for the https traffic, port 80 is only used for the unencrypted http traffic. Add a line to your compose file similar to the one publishing port 80: port 443 of the nginx container must be published to port 443 of your host system.

Pranav

9/11/23, 9:48 AM

Nope! still, Connection refused :( but `http://` works fine without SSL ofc.

Pranav

9/11/23, 9:59 AM

Oops sorry, mate! it was my fault I rebuilt the `docker-compose` ultimately it ended up recreating the `nginx.conf`, so I installed the `certbot` again and everything is fine now! :)

Pranav

9/11/23, 10:10 AM

Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/136213/discussion-between-pranav-and-martin).

Score:0

Server

Pranav

9/11/23, 10:06 AM

In order to route https traffics, I should have published the port 443 of the container to the port 443 of the host (server).

Adding - "443:443" to the nginx section of docker-compose file should solve this problem.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Server refused to connect after installing SSL via Certbot | Docker + Nginx, AWS Lightsail

TH: เซิร์ฟเวอร์ปฏิเสธที่จะเชื่อมต่อหลังจากติดตั้ง SSL ผ่าน Certbot | นักเทียบท่า + Nginx, AWS Lightsail

RO: Serverul a refuzat să se conecteze după instalarea SSL prin Certbot | Docker + Nginx, AWS Lightsail

RU: Сервер отказался подключаться после установки SSL через Certbot | Докер + Nginx, AWS Lightsail

VI: Máy chủ từ chối kết nối sau khi cài đặt SSL qua Certbot | Docker + Nginx, AWS Lightail

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.