Having a hard time deploying this container

[dimaj]

Hello,

I was able to deploy this on my local machine and it worked very well (thank you!), however, when I tried moving it to my NAS, things were not as smooth as I would've hoped them to be.

My setup is as follows:
Synology NAS with 2 containers:

• nginx
• nodepki

Nginx container is essentially a reverse proxy for my other services. So, when I go to https://myservice.mydomain.com, nginx will proxy_pass to an internal url. I thought that I would do the same thing with nodepki, but I cannot figure out proper environment variables for everything to just work. All my service subdomains have a Let's Encrypt cert installed, so I have the following connection flow: Internet ----> SSL ---> NGinx ---> HTTP ----> service

I am trying to have all the services on a single subdomain (say, certification.mydomain.com), instead of multiple. I have also used your nginx template from main readme file, where different services are at different locations.

I am pretty sure that the issue is with environment variables, but I am not sure.

Here's my nginx.conf:

server {
	listen 443 ssl;
	server_name certifications.mydomain.com;

	include /config/snippets/le_cert.conf;

	location = / {
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		rewrite ^ https://certifications.mydomain.com/webclient/ permanent;
	}

	location /api {
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://nodepki:8080/api;
	}

	location /public {
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://nodepki:8080/public;
	}

	location /webclient/ {
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://nodepki:5000/;
	}

	location /ocsp {
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://nodepki:2560;
	}

	access_log   logs/nodepki.access.log  main;
	error_log	logs/nodepki.error.log;
}

Here's my env variables:

INTERMEDIATE_CA_COMMON_NAME=Intermediate CA,
ROOT_CA_COMMON_NAME=CA,
CA_CERT_EXPIRE_IN_DAYS=3650,
OCSP_PASSPHRASE=my_ocsp_password,
INTERMEDIATE_PASSPHRASE=my_intermediate_password,
ROOT_PASSPHRASE=my_root_password,
CERT_MAX_LIFETIME_IN_DAYS=3650,
CERT_MIN_LIFETIME_IN_DAYS=1,
ORGANIZATION_NAME=My Org,
LOCALITY_NAME=Some City,
STATE_NAME=Some State,
COUNTRY_CODE=US,
CA_OSCP_SERVER_HTTP_URL=https://certifications.mydomain.com/ocsp,
CA_CRL_SERVER_HTTP_URL=https://certifications.mydomain.com/public/ca/intermediate/crl,
CA_WEBCLIENT_HTTP_URL=https://certifications.mydomain.com/webclient,
CA_OSCP_SERVER_PORT=2560,
CA_OSCP_SERVER_URL=certifications.mydomain.net/ocsp,
CA_WEBCLIENT_SERVER_PORT=8080,
CA_WEBCLIENT_BIND_IP_ADDRESS=0.0.0.0,
CA_WEBCLIENT_SERVER_URL=certifications.mydomain.net/webclient,
CA_API_SERVER_TLS_ENABLED=false,
CA_API_SERVER_TLS_PORT=443,
CA_API_SERVER_PLAIN_PORT=5000,
CA_API_SERVER_URL=certifications.mydomain.net/api,
CA_API_SERVER_BIND_IP_ADDRESS=0.0.0.0,
API_PASSWORD=my_api_password,
API_USERNAME=my_api_user

Containers are linked to each other, which is why I am able to use nodepki as a hostname in my nginx config.

Thanks for your help!

[cyjanssens]

Hello,

I just do a very smalls adaptations to make nodepki docker compliant:

https://github.com/cyjanssens/nodekpi-docker-service

Hope this help you.

[dimaj]

@cyjanssens,

Thanks for that! helps a LOT!