nginxdocker-composenginx-reverse-proxyjwilder-nginx-proxy

How do I set up a container without a subdomain using nginx-proxy?

I have several services running in Docker containers, all behind an an Nginx reverse proxy (using nginx-proxy/nginx-proxy). All of the services run on different subdomains, and they are all working correctly with HTTPS etc.

I am now trying to host another container that uses Nginx to serve a static Web site on the domain itself, without a subdomain, but I am struggling to get it to work.

Here is my minimal docker-compose.yml:

version: "3"

services:
  example:
     image: nginx 
     expose:
       - 80
       - 443
     restart: unless-stopped
     environment:
       VIRTUAL_HOST: domain.tld
       LETSENCRYPT_HOST: domain.tld
     container_name: example
     volumes:
       - ./content:/usr/share/nginx/html

networks:
  default:
    external:
      name: nginx-proxy

This does not work: it shows a 500 Internal Server Error whether I try to access it through HTTP or HTTPS. If I do the exact same thing but using subdomain.domain.tld for the VIRTUAL_HOST and LETSENCRYPT_HOST environment variables, it works fine for both.

If I add the following to the docker-compose.yml file:

    ports:
      - "8003:80"
      - "8443:443"

...then I can access the site at http://domain.tld:8003, but https://domain.tld:8443 shows a failure to connect and https://domain.tld still shows a 500 error. http://domain.tld redirects to https://domain.tld.

Solution

  • The issue was that I had AAAA records for the root domain, but not the subdomains, and I was using nginx-proxy/acme-companion to automatically generate my SSL certificates.

    The nginx-proxy/acme-companion documentation states the following under the ‘Requirements’ heading:

    If your (sub)domains have AAAA records set, the host must be publicly reachable over IPv6 on port 80 and 443.

    So, per the nginx-proxy/nginx-proxy documentation, to enable IPv6:

    You can activate the IPv6 support for the nginx-proxy container by passing the value true to the `ENABLE_IPV6 environment variable:

    docker run -d -p 80:80 -e ENABLE_IPV6=true -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx

    My final docker-compose.yml looks like this:

    version: "3"

services:
   example:
     image: nginx 
     expose:
       - 80
       - 443
     restart: unless-stopped
     environment:
       VIRTUAL_HOST: domain.tld,www.domain.tld
       LETSENCRYPT_HOST: domain.tld,www.domain.tld
     container_name: example
     volumes:
       - ./content:/usr/share/nginx/html:ro
       - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro

networks:
  default:
    external:
      name: nginx-proxy