2

currently I am using nginx-proxy to route my subdomains to different docker containers. Now, I would like to add a SSL certifcate to my Owncloud container but I am failing to set it up correctly.

What I have done:

  1. Getting a certificate via certbot

I tried to get a SAN certificate by executing ./certbot-auto certonly where I have entered every single subdomain I would like to use. The certificate was generated successfully into etc/letsencrypt/live/www.mydomain.com

  1. Mounting the certificate to the owncloud container and setting up nginx-proxy

Have a quick look at my docker-compose.yml:

nginx-proxy:
  image: jwilder/nginx-proxy
  ports:
  - "80:80"
  - "443:443"
  volumes:
  - /var/run/docker.sock:/tmp/docker.sock

owncloud:
  image: owncloud
  expose:
  - 80
  - 443
  environment:
  - "VIRTUAL_HOST=owncloud.mydomain.com,www.owncloud.mydomain.com"
  - "VIRTUAL_PROTO=https"
  - "VIRTUAL_PORT=443"
  volumes:
  - "owncloud-data:/var/www/html"
  - "/etc/letsencrypt/live/www.mydomain.com:/root/ssl"

And here is an excerpt of my /etc/apache2/sites-available/default-ssl.conf (of course the one from the owncloud container)

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost

            DocumentRoot /var/www/html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            SSLEngine on

            SSLCertificateFile      /root/ssl/cert.pem
            SSLCertificateKeyFile /root/ssl/privkey.pem
            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>

            BrowserMatch "MSIE [2-6]" \
                            nokeepalive ssl-unclean-shutdown \
                            downgrade-1.0 force-response-1.0
            # MSIE 7 and newer should be able to use keepalive
            BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    </VirtualHost>
</IfModule>

Whenever I try to connect to https://www.owncloud.mydomain.com I get the ERR_CONNECTION_REFUSED error.

Any ideas? Thank you.

caiuspb
  • 159
  • 1
  • 6
  • Did you try to connect to `https://www.owncloud.mydomain.com`? – Florian Wendelborn Jul 10 '16 at 12:51
  • Thank you for your comment but unfortunateley it was https.owncloud.mydomain.com.. I have corrected it in my original post. – caiuspb Jul 10 '16 at 17:43
  • "Connection refused" means either that something is blocking the TCP connection attempt, or that nothing is listening on that IP address and port combination. It has nothing whatsoever to do with your certificate. Debug your server(s) and firewall(s) configuration with regards to listener and forwards IPs and ports first, and worry about the certificate later. – user Jul 10 '16 at 19:08
  • but my Basic Setup is ok? So it is not necessary to install the certificate on the nginx proxy? – caiuspb Jul 10 '16 at 19:28

1 Answers1

2

Finally, I found out that my docker-compose.yaml was not correct. Here is my new config:

nginx-proxy:
  image: jwilder/nginx-proxy
  ports:
  - "80:80"
  - "443:443"
  volumes:
  - /var/local/nginx/certs:/etc/nginx/certs
  - /etc/letsencrypt:/etc/letsencrypt
  - /var/run/docker.sock:/tmp/docker.sock

owncloud:
  image: owncloud
  expose:
  - 443
  environment:
  - "VIRTUAL_HOST=owncloud.mydomain.com,www.owncloud.mydomain.com"
  volumes:
  - "owncloud-data:/var/www/html"

A link to my fullchain.pem and privkey.pem is within /var/local/nginx

caiuspb
  • 159
  • 1
  • 6