jwilder/nginx-proxy: Not able to integrate ssl with Nginx

Question

We are working on setting up multiple website hosting with single port and jwilder/nginx-proxy via SSL, We are able to deploy the solution without ssl and its working fine but while we are trying to put it with SSL its failing on HTTPs Call. Our docker-compose file is as below:

docker-compose.yml

site1:
  build: site1
  environment:
    VIRTUAL_HOST: site1.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

site2:
  build: site2
  environment:
    VIRTUAL_HOST: site2.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

site3:
  build: site3
  environment:
    VIRTUAL_HOST: site3.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

nginx-proxy:
  image: jwilder/nginx-proxy:alpine
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - certs:/etc/nginx/certs:ro

  restart: always
  privileged: true

PS: the "certs" folder is kept in the same folder as the docker-compose file.

Using self signed certificate using openssl

Folder structure is like:

Main_folder-|
            |- docker-compose.yml
            |
            |- certs/.csr and .key files
            |
            |- site1/Dockerfile + Nodejs
            |- site2/Dockerfile + Nodejs
            |- site3/Dockerfile + Nodejs

Please suggest the possible cause of the issue and solution over same.

Output of docker ps:

CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                                      NAMES
c71b52c3e6bd        compose_site3   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site3_1
41ffb9ec3983        jwilder/nginx-proxy   "/app/docker-entry..."   3 days ago          Up 3 days           0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   compose_nginx-proxy_1
a154257c62ec        compose_site1   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site1_1
3ed556e9287e        compose_site2   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site2_1

Answer 1

So after spending so much time on it finally I am able to solve the issue. So for ssl integration with jwilder/nginx-proxy there is no mandate to name the certificate and key in the name of domain instead it can be of any name just you need to mention the certificate name in docker-compose file (I found this approach by just hit and trial). So your docker compose file should look like:

site1:
  build: site1
  environment:
    VIRTUAL_HOST: site1.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always

site2:
  build: site2
  environment:
    VIRTUAL_HOST: site2.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always

site3:
  build: site3
  environment:
    VIRTUAL_HOST: site3.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always

nginx-proxy:
  image: jwilder/nginx-proxy:alpine
  ports:
    - "80:80"
    - "443:443"
  environment:
    DEFAULT_HOST: domainlocal.com #default host
    CERT_NAME: mycertificate # Wildcard Certificate name without extension  
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - /etc/ssl/certs:/etc/nginx/certs  #certificate path in docker container

  restart: always
  privileged: true

and just build and run the compose using "docker-compose up --build" and congrats now you are by on secured layer.