[GitHub] DREZZ3R opened a new issue #107: Can't use with jrcs/letsencrypt-nginx-proxy-companion

[GitBox <gi...@apache.org>]

DREZZ3R opened a new issue #107: Can't use with jrcs/letsencrypt-nginx-proxy-companion 
URL: https://github.com/apache/couchdb-docker/issues/107
 
 
   I've been trying to use couchdb and nginx-letsencrypt. It works with my node js server, but it won't work with couchdb. It always give 502 bad gateway. The node.js server is in a different sub-domain.
   ### To start _nginx_ I use this:
   ```
   docker run -d -p 80:80 -p 443:443 \
       --name nginx-proxy \
       -v /path/to/certs:/etc/nginx/certs:ro \
       -v /etc/nginx/vhost.d \
       -v /usr/share/nginx/html \
       -v /var/run/docker.sock:/tmp/docker.sock:ro \
       --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
       jwilder/nginx-proxy
   ```
   ### To start _letsencrypt-nginx-proxy-companion_ I use:
   ```
   docker run -d \
   --name nginx-proxy-letsencrypt \
       -v /path/to/certs:/etc/nginx/certs:rw \
       -v /var/run/docker.sock:/var/run/docker.sock:ro \
       --volumes-from nginx-proxy \
       jrcs/letsencrypt-nginx-proxy-companion
   
   ```
   
   ### To start couchdb I use:
   
   ```
   docker run -e COUCHDB_USER=user\
   -e COUCHDB_PASSWORD=password \
   -e "VIRTUAL_HOST=app.domain.com" \
   -e "LETSENCRYPT_HOST=app.domain.com" \
   -e "LETSENCRYPT_EMAIL=example@domain.com" \
   --volume ~/data:/opt/couchdb/data --volume ~/etc/local.d:/opt/couchdb/etc/local.d \
   --name api-couchdb --restart always -d couchdb
   
   ```
   
   The generated config file inside **nginx-proxy** container `/etc/nginx/conf.d/default` has this:
   NOTE: I tried to remove the "down" in the upstream section but didn't work. Also tried to remove http2 but didn't work.
   
   ```
   # app.domain.com
   upstream app.domain.com {
   				## Can be connected with "bridge" network
   		# api-couchdb
   			server 172.17.0.2 down;
   }
   server {
   	server_name app.domain.com;
   	listen 80 ;
   	access_log /var/log/nginx/access.log vhost;
   	return 301 https://$host$request_uri;
   }
   server {
   	server_name app.domain.com;
   	listen 443 ssl http2 ;
   	access_log /var/log/nginx/access.log vhost;
   	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
   	ssl_prefer_server_ciphers on;
   	ssl_session_timeout 5m;
   	ssl_session_cache shared:SSL:50m;
   	ssl_session_tickets off;
   	ssl_certificate /etc/nginx/certs/app.domain.com.crt;
   	ssl_certificate_key /etc/nginx/certs/app.domain.com.key;
   	ssl_dhparam /etc/nginx/certs/app.domain.com.dhparam.pem;
   	ssl_stapling on;
   	ssl_stapling_verify on;
   	ssl_trusted_certificate /etc/nginx/certs/app.domain.com.chain.pem;
   	add_header Strict-Transport-Security "max-age=31536000" always;
   	include /etc/nginx/vhost.d/default;
   	location / {
   		proxy_pass http://app.domain.com;
   	}
   }
   
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services