skip to Main Content

I am trying to deploy my web applications in Aws. I am already running the project in AWS but it’s on the url of http://… Since I haven’t configured my project to use SSL certificates. I tried to self-sign my SSL certificates(for testing purposes) and configure my application to use those SSL certificate files in the application. I am using a tech stack of React, Nodejs, and Postgres for databases. I am using 2 Nginx images one for routing between the frontend and backend, and the second one for mapping the routing of the client side using Nginx image. Here are the codes of my docker files and nginx files. How must I change my Nginx files and routing paths in Nginx images and docker-compose files to use SSL certificates? I already tried to configure my application but it isn’t working.

I have adjusted volumes and run the files in AWS pretty smoothly the only issue I think I am having is I might have not set routing correctly. I commented on the configurations of nginx with the usage of ssh certificate configurations(since they are not working). and my website is not responding. It’s not even telling that I have reached the website but due to the SSL certificate, I am not able to access it. I can’t access the site simply because I did something wrong in the routing of nginx configurations.
(I am using url of AWS <DNS.ip-url>..com that aws provides when we use the EC2 instance)

my achitecture

These are my docker files, nginx configuration files and doceker compose file:

docker-compose.yml file:

version: "3.8"

services:
  postgres:
    image: postgres:latest
    restart: always
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=root
      - POSTGRES_DB=nanomedicine_db
    ports:  #outside:inside(container)
      - 5432:5432
    networks:
      - shared-network
    volumes:
      - postgres-volume:/var/lib/postgresql/data
      - ./db/intitial_dump.sql:/docker-entrypoint-initdb.d/intitial_dump.sql
      # - ./backup-files:/backup-files

  pgadmin:
    container_name: pgadmin4_container
    image: dpage/pgadmin4
    restart: always
    environment:
      PGADMIN_DEFAULT_EMAIL: [email protected]
      PGADMIN_DEFAULT_PASSWORD: root
      PGADMIN_LISTEN_PORT: 5050
    ports:
      - 5050:5050
    networks:
      - shared-network
    depends_on:
      - postgres
    volumes:
      - pgadmin-volume:/var/lib/pgadmin
  
  nginx:
    image: nginx
    # container_name: nginx_container
    restart: always
    volumes:
      - ./default.conf:/etc/nginx/conf.d/default.conf
    ports:
      - 80:80
    networks:
      - shared-network
    depends_on:
      - server
      - client

  server:
    container_name: nanomedicine_server
    restart: unless-stopped
    image: nanomedicine-server-image:1.0.0
    build:
      context: nanomedicine-backend 
      target: production
      dockerfile: Dockerfile
    ports:  #outside:inside(container)
      - 8080:8080
    networks:
      - shared-network
    depends_on:
      - postgres

  client:
    container_name: nanomedicine_client
    restart: unless-stopped
    image: nanomedicine-client-image:1.0.0
    build:
      context: nanomedicine-frontend
      dockerfile: Dockerfile
    ports:  #outside:inside(container)
      - 3000:3000

    networks:
      - shared-network
    depends_on:
      - server
volumes:
  postgres-volume:
  pgadmin-volume:
networks:
  shared-network:

Front end Docker file:

FROM node:14.14.0-alpine as builder

ENV NODE_ENV=production

WORKDIR /usr/src/client

COPY package.json .
COPY package-lock.json .

RUN npm install

COPY . .

RUN npm run build

FROM nginx 
EXPOSE 3000
COPY ./nginx/nanomedicine.conf /etc/nginx/conf.d/nanomedicine.conf
COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
COPY --from=builder /usr/src/client/build /usr/share/nginx/html

CMD ["nginx", "-g", "daemon off;"]

1’st nginx configurations usage in frontend route mapping
nanomedicine.conf:

server {
    listen 3000;
    server_name localhost;
    #server_name ec2-3-129-177-192.us-east-2.compute.amazonaws.com;
    #return 301 https://$host$request_uri;

    location / {
        root /usr/share/nginx/html;
        index index.html;
        # try_files $uri $uri/ /index.html;
    }
}

# server {
#     listen                443 ssl;
#     server_name           ec2-3-129-177-192.us-east-2.compute.amazonaws.com;
#     ssl_certificate       certs/devopsbyexample.pem;
#     ssl_certificate_key   certs/devopsbyexample-key.pem;
#     ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
#     ssl_ciphers           HIGH:!aNULL:!MD5;

#     location / {
#         root   /usr/share/nginx/html;
#         index  index.html;
#         try_files $uri $uri/ /index.html;
#     }
# }

nginx.conf

user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    include /etc/nginx/conf.d/nanomedicine.conf;
}

Server side / backend Dockerfile:

FROM node:14 AS Production

ENV NODE_ENV=production

WORKDIR /usr/src/server

COPY package.json .
COPY package-lock.json .

RUN npm install

COPY . .

#RUN npm run build

CMD ["sh", "-c", "npm run start:production"]

Main default.conf file:

upstream client {
    server client:3000;
}

upstream api {
    server server:8080;
}

server {
    listen 80;

    location / {
        proxy_pass http://client;
    }

    location /sockjs-node {
        proxy_pass http://client;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    location /api {
        rewrite /api/(.*) /$1 break;
        proxy_pass http://api;
    }
}
##production
# server {
#     listen 80;
#     return 301 https://$host$request_uri;
# }

# server {
#     listen 443 ssl;
#     server_name ec2-3-129-177-192.us-east-2.compute.amazonaws.com;
#     ssl_certificate /path/to/your/ssl_certificate.crt;
#     ssl_certificate_key /path/to/your/ssl_certificate.key;
#     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#     ssl_ciphers HIGH:!aNULL:!MD5;

#     location / {
#         proxy_pass http://client;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header Host $http_host;
#         proxy_set_header X-Real-IP $remote_addr;
#     }

#     location /sockjs-node {
#         proxy_pass http://client;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header Connection "Upgrade";
#     }

#     location /api {
#         rewrite /api/(.*) /$1 break;
#         proxy_pass http://api;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header Host $http_host;
#         proxy_set_header X-Real-IP $remote_addr;
#     }
# }

my SSL pem file
devopsbyexample.com:

-----BEGIN TRUSTED CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIUIPErUbTtYh5J2F28HBctA3p0nxUwDQYJKoZIhvcNAQEL
BQAwgYMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDEUMBIGA1UEBxMLR2FpbmVz
dmlsbGUxHjAcBgNVBAoTFVVuaXZlcnNpdHkgb2YgRmxvcmlkYTEVMBMGA1UECxMM
Tml0aGluJ3MgU1NMMRowGAYDVQQDExFEZXZPcHMgYnkgRXhhbXBsZTAeFw0yMzA3
MDgyMDQxMDBaFw0yNDA3MDcyMDQxMDBaMIGlMQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCRkwxFDASBgNVBAcTC0dhaW5lc3ZpbGxlMR4wHAYDVQQKExVVbml2ZXJzaXR5
IG9mIEZsb3JpZGExFTATBgNVBAsTDE5pdGhpbidzIFNTTDE8MDoGA1UEAwwzKi5l
YzItMy0xMjktMTc3LTE5Mi51cy1lYXN0LTIuY29tcHV0ZS5hbWF6b25hd3MuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorTojAoKHju/lU2do8oU
BGA0v1QNTzLPrB6hFys4TM/aEKnYIgB6lqK86GFLdnzt5TdzT2Zym1SkgOU8rB00
1LMnaAMaYtOp0FWZZyD9JJKJR6l4056VbXYOmA4r1vQxHwK4DrpYyoumPI08E1GZ
4/q70ZooQXLTzFMJ4iWeFABuVyjOOf1ouKzSbqZJKPsrqJe28QCLclbgkb8pH6xP
51FhAoHt45FdB+2guf5NS4xttZ0NNciHish0b0lzttBaEiOQrOHTG/qKcE5eTs8l
SizxDFgBOv7LxuTt0BAOE9VbQRZN41HVipmGfZ+XbpqX/CBLVnFo7WurS8pbRJp6
LQIDAQABo4G+MIG7MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUw1LTuCQHyR3dyvJ9
uX+Bm/if7vYwHwYDVR0jBBgwFoAUpWqPEZDupIxnxTmVhmQ50SU4TDowPAYDVR0R
BDUwM4IxZWMyLTMtMTI5LTE3Ny0xOTIudXMtZWFzdC0yLmNvbXB1dGUuYW1hem9u
YXdzLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAaACxtSkXKdX0w6dA+cTOJxY4YIJF
mzolAdNBSyaZmKwnuIct5Z6rMcDEweSN1JzJHjDBEtVRZb8UTa78Jv5VdaU97Fmz
jgIdlESMITqBVrDOgc3wIrDxFKTWCRspmLBcLeK/jI084WFzWFgYI3g4k0xcgpxe
Udi/FFtD215td8q8A43wzWRWBqQy7KBaTWKkZAy4RPOxttAedpyhK60WWRDLe/aR
MtmMFFrMUU7JLlLGAtpndx5bAkhkdAZx0QZh13OTYJ0L8U3XDT1Q+Oz7otXFrf4D
mDOiB4D9GmNzGCrWtW0qdbunjb3Oyyc0b7q9KRBgB7rhQCLB8uyGpTXE4g==
-----END TRUSTED CERTIFICATE-----

SSL private key:
devopsbyexample-key.pem:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAorTojAoKHju/lU2do8oUBGA0v1QNTzLPrB6hFys4TM/aEKnY
IgB6lqK86GFLdnzt5TdzT2Zym1SkgOU8rB001LMnaAMaYtOp0FWZZyD9JJKJR6l4
056VbXYOmA4r1vQxHwK4DrpYyoumPI08E1GZ4/q70ZooQXLTzFMJ4iWeFABuVyjO
Of1ouKzSbqZJKPsrqJe28QCLclbgkb8pH6xP51FhAoHt45FdB+2guf5NS4xttZ0N
NciHish0b0lzttBaEiOQrOHTG/qKcE5eTs8lSizxDFgBOv7LxuTt0BAOE9VbQRZN
41HVipmGfZ+XbpqX/CBLVnFo7WurS8pbRJp6LQIDAQABAoIBAEEx5AxY6Xz7y+Rz
WTsL+cFXG0uezkZxwaziCQJTmxeMIYCTzbqyHmzFgJRMiAROQrSZ52ZlUn7TB6du
M0Vz3ntr3dpbg/MdhOmpovIj0csZvFAuo++Hl7Booahj5UUYS6Z1XHLqUDG4iz+w
B+ZlyBgFm8R81KyE6kDw9QDcud6hOfLHNPWk+OWlfVWNV5uz0OlnII3EbMnV+BIC
rbQR7DNhy7b6Q8w7PdhyNlIt69p60rg+kz2IGchgWfX2ZgrIHKxiuLUFs/3QyP0e
I+83zK2KovVxZj0RRF5WG6l9E48VMWWMZQAPGJ8VxrdwP92cDYjOvsm/TGXC72ag
dwRYerECgYEAxd3CU9qZYb6Yd31Uoe/xK0kyDTm+IiL6tGBtEIQRhiM3CPkr/d5x
XkgDhqJaw1TSC8/poGGfzWnBmHfSwfVYPgauwfJEveZjH4ibPEtipUmC1qUjyQbE
GNQPPktvGS90jjDw3ru/UQ8aTB5e8OLHK97C21PmPgg/SzbDzCdIzfcCgYEA0oKr
dk8SdvGsIecdgYs02cGL29C2oSrVi2D7/6nXYhsAp7vpd2KaxOJ2kp78qTHRYKiV
Z3xFgwZfZLLKYHq2O74YxPuYHuJ8e+NhO9qFYS8JKtGx5wg1iag2uU9G3mQAFu5l
/AmzlA8bgEcV/0ep+rW25S8iGFLLOm/ibxeNf/sCgYAVVVWQaO9EpKIXsAGh/BbK
jffBiUpAr/jL3eGkeDjTd5SFeSgPFR6wBZ+rsnGKwehrsZ0E18G9Cfv/jlvA4c0D
0wCglJhoySBC1B24oIAgRg6/ScrT79DQxHxoQQXXd1BfzFMMEL4N5Uz2jAe8fRbw
WfI0Z5VZdtYsK9lsd4fX/QKBgQC7f8HC9fkHUoi0BcvFJ72iOv8cghE5ChL8Ox0Z
giiibFSwEfKH8J7TwLZGMC/xb7sDcgTpEMpFQvbSlWEmgAYyvkYHpeS/lZG1MzjW
+/MTNbbfmbjwg+JTwy1C7va7fKyLwDm8PNPji3U+U5KnNyiScyn9hnbC3XPAkAlK
U9sn4wKBgCOklphy7rNsF9PsHoDwfVGLcjalesZCUW6B3iijPzOnjH8Rk/cTMHUE
I4MDDhXUK1NcL5h+lCK8UFik7uvduhPUj4hQYJ2nIg5EpaGrBKSO/bOy1NCpt5Vz
jWDbq6pNl4WfJRbw8hW/sfBPzI5FWPXnGeyw5U9y1PiQNhHlBPAX
-----END RSA PRIVATE KEY-----

devopsbyexample.csr

-----BEGIN CERTIFICATE REQUEST-----
MIIDOjCCAiICAQAwgaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJGTDEUMBIGA1UE
BxMLR2FpbmVzdmlsbGUxHjAcBgNVBAoTFVVuaXZlcnNpdHkgb2YgRmxvcmlkYTEV
MBMGA1UECxMMTml0aGluJ3MgU1NMMTwwOgYDVQQDDDMqLmVjMi0zLTEyOS0xNzct
MTkyLnVzLWVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCitOiMCgoeO7+VTZ2jyhQEYDS/VA1PMs+sHqEX
KzhMz9oQqdgiAHqWorzoYUt2fO3lN3NPZnKbVKSA5TysHTTUsydoAxpi06nQVZln
IP0kkolHqXjTnpVtdg6YDivW9DEfArgOuljKi6Y8jTwTUZnj+rvRmihBctPMUwni
JZ4UAG5XKM45/Wi4rNJupkko+yuol7bxAItyVuCRvykfrE/nUWECge3jkV0H7aC5
/k1LjG21nQ01yIeKyHRvSXO20FoSI5Cs4dMb+opwTl5OzyVKLPEMWAE6/svG5O3Q
EA4T1VtBFk3jUdWKmYZ9n5dumpf8IEtWcWjta6tLyltEmnotAgMBAAGgTzBNBgkq
hkiG9w0BCQ4xQDA+MDwGA1UdEQQ1MDOCMWVjMi0zLTEyOS0xNzctMTkyLnVzLWVh
c3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20wDQYJKoZIhvcNAQELBQADggEBAJzA
tn7Olw/Lli+6M6v8twOttYHDnbz1Y1fOGQ7ntuxqK2HDdhDzQkrOGRYTfei6TO4K
Z8zNxCg4E2UYRMgj7AiZDO1uEf4BTorT2ccser+lwOYwffk/GV2qa/OUSeHYIkSy
7HEerqKUN9ONMEt9cABQBTCyM2tKbproXmeO3/cv1oSZtIGz3m8LTmuXnrcEG1+4
HDaC5Oq+Wig5wrCkVmO78tNoQ3oJOmwMq3Zuc9bSTzJEJK1pb38/GUXIKxJSMz07
B3dfGUSKFNBZAo6mkhSI7OiKseLbL7ByvfjSQtMs+xF0stYInhhrCFfC+XujGnzr
QPt9UdL74aNRepDUqKE=
-----END CERTIFICATE REQUEST-----

2

Answers


  1. look at the commented data in your nanomedicine.conf it means it asks for the ssl_certificate and ssl_certificate key. give your self-signed ssl data here.

      server {
      listen                443 ssl;
      server_name           ec2-3-129-177-192.us-east 2.compute.amazonaws.com;
      ssl_certificate       certs/devopsbyexample.pem;
      ssl_certificate_key   certs/devopsbyexample-key.pem;
      ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers           HIGH:!aNULL:!MD5;
     }
    
    Login or Signup to reply.
  2. This looks like quite a complex set up for a fairly simple requirement.

    As I understand the requirement, you want the following:

    • 1 Host, in this case an AWS EC2 Instance.
    • Everything in Docker Container, accessible via SSL
    • Container are:
      • React Application
      • Nginx ProxyServer
      • NodeJS/Express Server
      • Postgres Database

    This requirement is exactly what we have, and I created a setup also using Docker Containers on 1 AWS EC2 instance.
    Everything runs in containers, and Nginx Proxyserver handles which requests go to which Docker Container.

    It all explained in a lot of detail here: ‘Nginx in Docker

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search