I have a Fastapi app hosted on EC2 instance using docker-compose.yml. Currently, the app is not secured (HTTP & not HTTPS). I am trying to secure the app via a self-signed cert by following the tutorial Deploy your FastAPI API to AWS EC2 using Nginx.
I have the following in the fastapi_nginx file in the /etc/nginx/sites-enabled/
server {
listen 80;
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
server_name x.xx.xxx.xxx;
location / {
proxy_pass http://0.0.0.0:8000/docs;
}
}
But it doesn’t seem to work. When I do https://x.xx.xxx.xxx, I get the error:
This page isn’t working
x.xx.xxx.xxx didn’t send any data.
ERR_EMPTY_RESPONSE
But http://x.xx.xxx.xxx is working like before.
I am not sure if I am missing anything or making any mistakes.
P.S.: I also tried doing the steps mentioned in the article here and still it wasn’t working.
Also, the inbound in security groups
2
Answers
You are redirecting https traffic to /docs, have you tried
proxy_pass http://localhost:8000;?Also 0.0.0.0 is not always a good solution, it means to all IP addresses on the local machine as referred here. Try 127.0.0.1 or localhost.
You can check any errors in
/var/log/nginx/error.log.Finally, see if your security group and route table allow the traffic.
Since you make use of the
docker-compose.yml. You can probably configure as follows:Extend your
docker-compose.ymlhaving nginx as well.In the below mounts the
nginx.confis the file you have defined locally, certs are certificates. Also, it would be best to keep in the same network as per the fastapi app so that they communicate.nginx.confto be modified is to point to the Docker service name of the fastapi app:An example snippet below:
Additionally, I could also suggest looking into caddy. The certification process and renewal is automatically done.