I am trying to setup ssl on my django + docker + nginx environment. However I encountered this error:
*19 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.128.1, server: hello-1.local, request: "GET / HTTP/1.1", upstream: "https://192.168.128.4:443/", host: "hello-1.local"
My Nginx config:
client_max_body_size 10M;
upstream web {
ip_hash;
server web:443;
}
server {
listen 80;
server_name hello-1.local;
return 301 https://$host$request_uri;
}
server {
location /static/ {
autoindex on;
alias /src/static/;
}
location /media/ {
autoindex on;
alias /src/media/;
}
``
location / {
proxy_pass https://web/;
}
listen 443 ssl;
server_name hello-1.local;
ssl_certificate /etc/certs/hello-1.local.crt;
ssl_certificate_key /etc/certs/hello-1.local.key;
}
docker-compose.yml:
version: "3"
volumes:
local_postgres_data: {}
local_postgres_data_backups: {}
services:
nginx:
image: nginx:alpine
container_name: nz01
ports:
- 443:443
- 80:80
volumes:
- ./src:/src
- ./config/nginx:/etc/nginx/conf.d
- ./config/certs:/etc/certs
depends_on:
- web
networks:
- djangonetwork
web:
build:
context: .
dockerfile: compose/django/Dockerfile
container_name: dz01
depends_on:
- db
volumes:
- ./src:/src
expose:
- 8000
links:
- redis
env_file:
- ./.envs/.django
networks:
- djangonetwork
db:
build:
context: .
dockerfile: compose/postgres/Dockerfile
container_name: pz01
env_file:
- ./.envs/.postgres
volumes:
- local_postgres_data:/var/lib/postgresql/data
- local_postgres_data_backups:/backups
networks:
- djangonetwork
redis:
image: redis:alpine
container_name: rz01
ports:
- "6379:6379"
networks:
- djangonetwork
networks:
djangonetwork:
driver: bridge
In browser, I get 502 Bad Gateway error and without ssl, the website run well. What could be the problem?
Best Answer
So what is the upstream?
The upstream is defined here:
My first reading of this is, that the Nginx cannot properly connect to the upstream-server named
web
.This can have multiple reasons:
web
web
is not serving https/port 443web
does not use a valid and trusted certificate for the hostnameweb
Taking a look at your docker-compose.yml:
web
is exposed to port 8000, but you want to connect to port 443 in Nginx, also using the wrong protocol (I guess)So the solution would be to change you upstream-config in nginx.conf like this:
and the location-block like this (https --> http):
Regarding SSL/TLS with proxies/upstreams: Please take a look into Nginx-docs around this: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify