GazeIntoTheAbyss

GazeIntoTheAbyss

Docker-Compose, SSL, Nginx - getting 502

I’ve tried working through several examples of getting SSL working with Nginx on here and elsehwere and am currently a bit lost. My current file configurations and the error are all below. Without having a working example, I don’t know which files are right or wrong or how close I am to getting it working.

There’s a very long message about enabling SSL in the default runtime.exs file as well, but I believe I’m meant to ignore it when enabling SSL through nginx? I haven’t seen any of the guides mention it so I’m hoping its not that.

I’m getting a 502 with the following:

project-web-1    | The database for Myapp.Repo has already been created
project-web-1    |
project-web-1    | 07:12:39.218 [info] Migrations already up
project-web-1    |
project-web-1    | 07:12:41.030 [info] Running MyappWeb.Endpoint with cowboy 2.10.0 at 127.0.0.1:4000 (http)
project-web-1    | 07:12:41.044 [info] Access MyappWeb.Endpoint at https://example.com
project-web-1    | Database myapp created.
project-web-1    | 07:12:42.908 [info] Running MyappWeb.Endpoint with cowboy 2.10.0 at 127.0.0.1:4000 (http)
project-web-1    | 07:12:42.922 [info] Access MyappWeb.Endpoint at https://example.com
project-nginx-1  | 2023/08/30 07:12:53 [error] 22#22: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 95.145.175.160, server: example.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:4000/", host: "example.com"
project-nginx-1  | 95.145.175.160 - - [30/Aug/2023:07:12:53 +0000] "GET / HTTP/1.1" 502 559 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
project-nginx-1  | 2023/08/30 07:12:53 [error] 22#22: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 95.145.175.160, server: example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:4000/favicon.ico", host: "example.com", referrer: "https://example.com/"
project-nginx-1  | 95.145.175.160 - - [30/Aug/2023:07:12:53 +0000] "GET /favicon.ico HTTP/1.1" 502 559 "https://example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"

My runtime.exs

import Config

  config :myapp, MyappWeb.Endpoint, server: true

if config_env() == :prod do
  config :myapp, Myapp.Repo,
    url: "postgresql://#{(System.get_env("PG_USER"))}:#{(System.get_env("PG_PASSWORD"))}@#{(System.get_env("PG_HOST"))}:#{(System.get_env("PG_PORT"))}/#{(System.get_env("PG_DATABASE"))}",
    pool_size: 10,
    socket_options: if System.get_env("ECTO_IPV6") in ~w(true 1), do: [:inet6], else: []

  config :myapp, MyappWeb.Endpoint,
    url: [host: "example.com" , port: 443, scheme: "https"],
    http: [ip: {127, 0, 0, 1}, port: 4000],
    secret_key_base: System.get_env("SECRET_KEY_BASE")
end

My config.exs

config :myapp,
  ecto_repos: [Myapp.Repo]

config :myapp, MyappWeb.Endpoint,
  url: [host: "example.com"],
  render_errors: [
    formats: [html: MyappWeb.ErrorHTML, json: MyappWeb.ErrorJSON],
    layout: false
  ],
  pubsub_server: Myapp.PubSub,
  live_view: [signing_salt: "vYTu2RHp"]

config :myapp, Myapp.Mailer, adapter: Swoosh.Adapters.Local

config :esbuild,
  version: "0.17.11",
  default: [
    args:
      ~w(js/app.js --bundle --target=es2017 --outdir=../priv/static/assets --external:/fonts/* --external:/images/*),
    cd: Path.expand("../assets", __DIR__),
    env: %{"NODE_PATH" => Path.expand("../deps", __DIR__)}
]

config :logger, :console,
  format: "$time $metadata[$level] $message\n",
  metadata: [:request_id]

config :phoenix, :json_library, Jason

import_config "#{config_env()}.exs"

my docker-compose.yml

version: '3.8'
services:
  web:
    build: .
    ports:
       - '4000:4000'
    depends_on:
       - db
    env_file:
      - Myapp.env
  db:
    image: postgres:latest
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
    ports:
      - "5432:5432"
    restart: always
    volumes:
      - /pg-data:/var/lib/postgresql/data
  nginx:
      image: nginx:latest
      volumes:
        - ./nginx.conf:/etc/nginx/nginx.conf
        - /etc/nginx/ssl:/etc/nginx/ssl
      ports:
        - "80:80"
        - "443:443"
      depends_on:
        - web
      restart: always

my nginx.conf

events {
    worker_connections 1024;
  }
  
  http {
    upstream phoenix {
      server 127.0.0.1:4000;
    }
  
    server {
      listen 80;
      server_name example.com;
      return 301 https://$server_name$request_uri;
    }
  
    server {
      listen  443 ssl;
      server_name example.com;
  
      ssl_certificate /etc/nginx/ssl/fullchain.pem;
      ssl_certificate_key /etc/nginx/ssl/privkey.pem;
  
      location / {
        proxy_redirect off;
        proxy_pass http://phoenix;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
      }
    }
  }

Any info greatly appreciated.

First Post!

GazeIntoTheAbyss

GazeIntoTheAbyss

As an update if I set my upstream to the web container of my compose

upstream phoenix {
      server web:4000;
    }

and my http to

http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000],

I fix the 502 and get the connection secure icon.

I don’t know if this is acceptable though as it seems like its probably too open?
All the guides I’ve followed have used 127.0.0.1 so I assume thats the standard method but, I don’t believe any of them are using compose.

Any info appreciated

Where Next?

Popular in Questions Top

marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
itssasanka
Hi all, Trying to get some more clarity over utc_datetime and naive_datetime for Ecto: The documentation above suggests that while ...
New
JDanielMartinez
Hi! May someone helps me, please! I have two apps into an umbrella project: the first one is Database, which manages queries, and the se...
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New

Other popular topics Top

JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a > b) do {:ok, "a"} end if (a < b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
svb
Hi! Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

We're in Beta

About us Mission Statement