So i’m using docker-compose to set up local dev environments while I’m working on WordPress sites.
And now i’m trying to fix so I can get an self signed ssl certificate for that local dev environment. But all I end up with when i’m trying to visit the site is ERR_CONNECTION_CLOSED and nothing in the error log or anything.
So this is how my docker-compose.yml file looks like:
version: '3.1'
services:
wordpress:
image: wordpress:5.8-fpm
restart: always
container_name: wordpress
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: exampleuser
WORDPRESS_DB_PASSWORD: examplepass
WORDPRESS_DB_NAME: exampledb
volumes:
- ./wp:/var/www/html
- ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
depends_on:
- db
db:
image: mysql:5.7
restart: always
container_name: db
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- db:/var/lib/mysql
ports:
- "8086:3306"
nginx:
image: nginx:latest
container_name: nginx
ports:
- '80:80'
- '443:433'
volumes:
- ./nginx:/etc/nginx/conf.d
- ./logs/nginx:/var/log/nginx
- ./wp:/var/www/html
- ./certs:/etc/cert
depends_on:
- wordpress
restart: always
mailhog:
image: mailhog/mailhog
ports:
- "1025:1025" # smtp server
- "8025:8025" # web ui
volumes:
db:
And this is how my nginx config file looks like:
server {
listen 80;
listen [::]:80;
server_name dev.mydomain.com;
root /var/www/html;
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
server {
listen 443 ssl ssl;
server_name dev.mydomain.com;
root /var/www/html;
index index.php;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_certificate /etc/cert/mydomain.com.crt;
ssl_certificate_key /etc/cert/mydomain.com.key;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
and to create the cert files I used openssl on the wsl2 (ubuntu 20.04) with this command:
openssl req -newkey rsa:2048 -nodes -keyout mydomain.com.key -x509 -days 365 -out mydomain.com.crt
So I can visit the site without https, and everything is working fine. But when i’m trying to visit the site with https I get the error ERR_CONNECTION_CLOSED, and I have no idea where to start. I have tried many different solutions but so far no luck.
Also good to be know that I have pointed dev.mydomain.com to 127.0.0.1 in the dns. And also added it in my host file on Windows.
But I have a feeling that there is something i’m missing here.
And my plan is to have a wildcard domain pointed to localhost, and make the docker-compose installation more or less automatic to set up self signed certificates when I run docker-compose up -d
So I hope someone out there have the solution or can point me to the right direction 🙂
4
Answers
For anyone that will look at this, I found an solution that works really good for me. What I ended up doing was to run it with ngrok instead. And have that implement in the docker-compose file. I can choose to jsut run with an domain name that ngrok gives me. Or use my own(This needs a premium account if so). So this is how my docker-compose.yml file look like now:
As you can see here i'm using wernight/ngrok docker container to make this work
Local dev: Be your own CA
This is the best tuturial you would have on the web for creating ssl locally
https://www.youtube.com/watch?v=oxDUdjbdfR0&t=1558s
Production : Just use certbot and it will do the trick
command will be like this
Looks like you may have a DNS resolution problem. Use the Docker embeded DNS resolver inside the nginx location:
I would also recommend use of a root CA and the
ssl_trusted_certificate
directive.CURITY EXAMPLE
For something to compare against, see this Curity example, which uses DNS via the hosts file, wildcard certs, a root CA, docker compose and nginx:
This is quite an advanced sample with two forms of Mutual TLS, though it also has a lot in common with your requirements. So hopefully it will help you to resolve your problem.
HTTPS uses port 443, but SSL/TLS does not itself use any port.
In your docker config , there is a line that contains
- '443:433'
. Is this a typo or is your actual port mapping? For network port mapping, check this document: https://docs.docker.com/compose/networking/