0

My goal is to have a django app running on an EC2 instance using nginx inside of a docker container.

I have the app. I have a domain. I have an EC2 instance. I'm trying to bring it all together.

To configure my app with nginx I need ssl certificates. I want to use let's encrypt. To use let's encrypt I need to validate my domain.

But my domain, or rather the A-Record of my domain, right now is not pointing to anything. Thus, trying to obtain the certificates with certbot sudo certbot certonly --standalone --preferred-challenges http -d mydomain.dev gives me:

http://mydomain.dev/.well-known/acme-challenge/ko3tofGIoo93e-VFPX9CB__CqcNp1ZPazcQR1G5LsGE: Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

Ok. So my first question to understand this is: Where do I point my A record? I tried pointing it to my own IP and to my EC2 instance, which is an ubuntu server.

But on this server there is also nothing running at the moment. So it makes sense to me that it doesn't work. Is it even possible what I am trying to do?

When that works another doubt I have is about nginx within the docker container... Once I have those certs and put it into my configuration and spin it up on my EC2 instance, how does my domain interact with it? Is the nginx container the same as if I had it on the server installed? Sorry if those questions are too simple, but I am not a network expert trying to figure out what is going on under the hood.

Any explanation, help or hints I am very grateful for.

If needed:

This is how my nginx conf should look like at the end: 

services:
  django:
    build:
      context: .
      dockerfile: ./compose/production/django/Dockerfile
    image: my_webiste_production_django
    env_file:
      - ./.envs/.production/.django
      - ./.envs/.production/.postgres
    command: /start

  nginx:
    image: nginx
    restart: always
    ulimits:
      nproc: 65535
      nofile:
        soft: 49999
        hard: 65535
    volumes:
      - /some/path/www/html:/usr/share/nginx/html
      - /some/path/log:/var/log/nginx
      - /some/path/compose/production/nginx/sites-enabled/sitefitnesshq.conf:/etc/nginx/conf.d/default.conf
      - /etc/letsencrypt/live/mydomain.com/fullchain.pem:/etc/letsencrypt/live/mydomain.com/fullchain.pem
      - /etc/letsencrypt/live/yourdomain.com/privkey.pem:/etc/letsencrypt/live/mydomain.com/privkey.pem
      - /etc/letsencrypt/live/yourdomain.com/chain.pem:/etc/letsencrypt/live/mydomain.com/chain.pem
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - django
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        window: 60s
Micromegas
  • 231
  • 1
  • 10
  • no one any ideas? – Micromegas Jan 15 '20 at 16:37
  • If you have access to configure the dns provider try with dns challenge, https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation – Federico Sierra Jan 15 '20 at 22:44
  • Thanks for the link Federico! I do have access to the DNS provider. My problem is that I run nginx inside of a docker container so I think the process is different. I'm trying to follow this now: https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx but it also looks like an awfully complicated process.... Anyone knows if I could use an AWS certificate for my config? I think I pose a new question for this, but maybe someone knows? – Micromegas Jan 17 '20 at 09:21
  • 1
    To use a aws certificate you need put in front of your instance a alb/elb load balancer. Maybe this is the best approach – Federico Sierra Jan 20 '20 at 21:56
  • Thanks Federico! I managed without the Load Balancer, with the tutorial I linked. Now I have a problem linking multiple primary domains with it, but I posted another question. Thanks for your help on this! – Micromegas Jan 21 '20 at 13:32

0 Answers0