I have a project that contains Django - Docker - Postgresql - Nginx
I followed this tutorial for adding SSL to my project using LetsEncrypt Link Before following this tutorial, my project was live on digitalocean succesfully. After that i got nginx 502 gateway error on my browser and when i check the certificate, certificate is verified and my connection is secure. When i check the log of proxy container on terminal i saw the [error] 9#9: *1 connect() failed (111: Connection refused) while connecting to upstream error upstream: uwsgi://my_ip:9000.
my docker-compose-prod-yml file:
version: "3.9"
services:
app:
build:
context: .
dockerfile: ./Dockerfile
restart: always
command: /start
environment:
- DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
- DJANGO_ALLOWED_HOSTS=${DOMAIN}
depends_on:
- postgres
proxy:
build:
context: ./docker/proxy
restart: always
depends_on:
- app
ports:
- 80:80
- 443:443
volumes:
- certbot-web:/vol/www
- proxy-dhparams:/vol/proxy
- certbot-certs:/etc/letsencrypt
environment:
- DOMAIN=${DOMAIN}
certbot:
build:
context: ./docker/certbot
command: echo "Skipping..."
environment:
- EMAIL=${ACME_DEFAULT_EMAIL}
- DOMAIN=${DOMAIN}
env_file:
- ./.env
volumes:
- certbot-web:/vol/www
- certbot-certs:/etc/letsencrypt/
depends_on:
- proxy
postgres:
image: "postgres:latest"
container_name: postgres_data
volumes:
- postgres_data:/var/lib/postgresql/data/
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=te7eyp9cc
- POSTGRES_DB=dj-crm-tenant
ports:
- "54320:5432"
volumes:
certbot-web:
proxy-dhparams:
certbot-certs:
postgres_data:
my defult-ssl-conf.tpl file:
server {
listen 80;
server_name ${DOMAIN} www.${DOMAIN};
location /.well-known/acme-challenge/ {
root /vol/www/;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name ${DOMAIN} www.${DOMAIN};
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
include /etc/nginx/options-ssl-nginx.conf;
ssl_dhparam /vol/proxy/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location /static {
alias /vol/static;
}
location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
I think i get this error because of nginx config file and i tried a lot of combination but i could'nt change this error. Please help me!
I tried add to my nginx config file
listen 443 ssl http2;
listen [::]:443 ssl http2;
proxy_pass http://localhost:8000/;
proxy_pass http://localhost:9000/;
Try proxy_pass instead of uwsgi in location and use proxy configuration mentioned below.
defult-ssl-conf.tpl
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header User-Agent $http_user_agent;
proxy_pass http://app:8000/;
}