Question 292221 in Docker Question posted in
The official documentation can be found here.

Docker – How to configure certificate for fastapi app

I created two applications (backend (fastapi. Works on 8000 port), frontend (reactjs. Works on 80 port)) they are communicate each with other.

My docker-compose file:

version: '3.7'
services:
  frontend:
    container_name: "frontend"
    build: 
      context: ./frontend
    stop_signal: SIGTERM
    ports:
      - "80:80"
    volumes:
      - ./uploads:/app/uploads
    networks:
      - good_network
    depends_on:
      - backend

  backend:
    container_name: "backend"
    build:
      context: ./backend
    stop_signal: SIGTERM
    ports:
      - "8000:8000"
    networks:
      - good_network
    volumes:
      - ./uploads:/app/uploads
    depends_on:
      - postgres

  postgres:
    container_name: "postgres"
    image: postgres:16.0
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -d sugar -U postgres" ]
      interval: 5s
      timeout: 5s
      retries: 5
      start_period: 5s
    restart: unless-stopped
    ports:
      - "5432:5432"
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    networks:
      - good_network

networks:
  good_network:

volumes:
  postgres_data:

help me with configuration a certificate :(.

My tries:

uvicorn.run(..., ssl_keyfile="./privkey.pem", ssl_certfile="./fullchain.pem")  # Problem with cors :/

I’ve tried to use certbot, but i created a certfiles, but i didn’t understand what to do with it…

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I sloved this via nginx and subdomain for backend.

    My nginx.conf:

    events {
  worker_connections 1024;
}

http {

    # backend

    upstream back {
        server back.mysite.ru:8000;
    }

    server {
        listen 80;
        server_name back.mysite.ru;

        location / {
            proxy_pass http://back;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto http;
        }
    }

    server {
        listen 443 ssl;
        server_name back.mysite.ru;

        ssl_certificate /etc/letsencrypt/live/back.mysite.ru/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/back.mysite.ru/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/back.mysite.ru/chain.pem;

        location / {
            proxy_pass http://back;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
        }
    }

    # frontend

    upstream front {
        server mysite.ru:80;
    }

    server {
        listen 80;
        server_name mysite.ru;

        location / {
            proxy_pass http://front;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto http;
        }
    }

    server {
        listen 443 ssl;
        server_name mysite.ru;

        ssl_certificate /etc/letsencrypt/live/mysite.ru/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite.ru/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/mysite.ru/chain.pem;

        location / {
            proxy_pass http://front;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
        }
    }
}

    My nginx in docker container:

    nginx:
    build: ./nginx
    ports:
      - "443:443"
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
    depends_on:
      - frontend
      - backend

    My nginx Dockerfile:

    FROM nginx

COPY nginx.conf /etc/nginx/nginx.conf

  2. 0

    Try to include this in a place where you define "app".
    This adds CORS middleware to allow origins and requests to come.

    app.add_middleware(
CORSMiddleware,
allow_origins=["*"],  # Set this to the specific origin(s) you want to allow
allow_credentials=True,
allow_methods=["*"],  # Set this to the specific HTTP methods you want to allow
allow_headers=["*"],  # Set this to the specific HTTP headers you want to allow
)
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search