3

I want to enable ssl for localhost, with nginx and a self signed certificate. I want to do this because I'm putting nginx as a reverse proxy in front of an application that redirects with https, and I don't want to modify the application

I have generated the certificate with the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt

This is my docker compose

version: '2.1'
services:

  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./data/nginx/certs:/etc/nginx/certs
      - ./data/nginx/nginx.conf:/etc/nginx/nginx.conf
    networks:
     - no-internet
     - internet
    depends_on:
      - ap-service


  back-service:
    ...
    networks:
     - no-internet


  db-service:
    ...
    networks:
     - no-internet
     - internet

networks:
  internet:
    driver: bridge
  no-internet:
    internal: true
    driver: bridge

and this is my nginx.conf

events {
  worker_connections  1024;  ## Default: 1024
}

http{
    server {
       listen 80;
       listen [::]:80;

       server_name localhost;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $remote_addr;

       location / {
           proxy_pass http://back-service:8080/;
       }
     }

    server {
       listen 443;
       listen [::]:443;

       server_name localhost;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $remote_addr;

       location / {
           proxy_pass http://back-service:8080/;
       }
     }

    server {
       listen 8000;
       listen [::]:8000;

       server_name localhost;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $remote_addr;

       location / {
           proxy_pass http://back-service:8000/;
       }
     }
}

But when there is a redirect to https://localhost/ google chrome it shows a gray page that says ERR_SSL_PROTOCOL_ERROR

The nginx log shows the following

nginx-proxy    | nginx.1    | 172.21.0.1 - - [02/Jun/2021:21:54:07 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xA4\xF3\xD75\xE13XqtL\xBF\xF5h\x11\x0B\x83\xB55P\xAF\xD1U\x9F\xD3\x17\x9A\xB3\x22}dZ\xE7 \x92\x89\x805\x14L\xE8=\xDAL\xF0\xA0\xBF\xE1\x9A \xC1\xAF\xB4\xC6\xFA\xC7n\xA5.\xBFxK\xAA\xFB\x050\x00\x22ZZ\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 158 "-" "-"
Improve this question

1 Answer 1

Reset to default
2

You must add the certificates inside server block on nginx.conf:

    server {
       listen 443 ssl;

       server_name localhost;
       ssl_certificate     /etc/nginx/certs/nginx-selfsigned.crt;
       ssl_certificate_key /etc/nginx/certs/nginx-selfsigned.key;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $remote_addr;

       location / {
           proxy_pass http://back-service:8080/;
       }
     }
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks, but it keeps giving the same error. Could it be that I am generating the certificate incorrectly?
The creation process is fine. Can you try with a curl -kv https://localhost?
it was necessary change listen 443; to listen 443 ssl; and works

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.