nginx can't find /etc/letsencrypt/options-ssl-ngin.conf file

I'm trying to serve a python-django webapp using a linux box (running ubuntu 18.04) with nginx, gunincorn, letsencrypt and docker. After following a number of online tutorials I have been successful in serving the app via http through port 80 by following this tutorial http://pawamoy.github.io/2018/02/01/docker-compose-django-postgres-nginx.html.

However, I am now really struggling with deploying via https through port 443. I think maybe I am not understanding a fundamental docker concept. The error I get when running sudo docker-compose up is below.

NGINX ERROR:

nginx_1 | nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/local_ssl.conf:28

I believe this is because I have not linked the options-ssl-nginx.conf file in the docker-compose.yml file, maybe through a volume? I do not know if this is right though. The relevant parts of my docker-compose.yml file and nginx.conf files are below:

docker-compose.yml:

version: '3'

services:

  # database containers
  database1:
    ...

  # web container
  djangoapp:
    ...

  # reverse proxy container (nginx)
  nginx:
    image: nginx:latest
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./config/nginx/conf_ssl.d/:/etc/nginx/conf.d
      - static:/opt/services/djangoapp/static
      - media:/opt/services/djangoapp/media
      - ~/nginxlogs:/var/log/nginx
      - /etc/letsencrypt
      - /var/www/certbot
/live/maps.critr.org.uk
    networks:
      - nginx_network
    depends_on:
      - djangoapp

  certbot:
    image: certbot/certbot
    restart: unless-stopped
    volumes:
      - /etc/letsencrypt
      - /var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

networks:
   ...

volumes:
   ...

nginx.conf:

upstream critr_server {
    server djangoapp:8000;
}

# divert all http traffic to https
server {
    listen 80; 
    server_name maps.critr.org.uk;
    return 301 https://maps.critr.org.uk;
}

server {

    listen 443 ssl;

    server_name maps.critr.org.uk;

    ssl_certificate /etc/letsencrypt/live/maps.critr.org.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/maps.critr.org.uk/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers   HIGH:!aNULL:!MD5;


    include         /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam     /etc/letsencrypt/ssl-dhparams.pem;


    location /.well-known {
        root /opt/services/djangoapp/static/;
    }   

    location /static/ {
        alias /opt/services/djangoapp/static/;
    }   

    location /media/ {
        alias /opt/services/djangoapp/media/;
    }   

    location / { 
        proxy_pass https://critr_server;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }   
}

I believe this is a problem with not understanding volumes in docker-compose? Though I've been trying to solve this for almost a week now and come up with nothing.


Solution 1:

It seems you are missing /etc/letsencrypt/options-ssl-nginx.conf this file is the default configuration for all sites using a certbot installer. So this file normally gets created during the certificate installation (or issuing and installation) which mainly happens manually by someone whois configuring the system for the first time.

So you can either:

  1. Get the latest version of this file from its GitHub location at https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf and put it back where it should be
  2. OR change your nginx.conf file and replace the line that gives the error (the line that includes that file) with the content of it you get from Github.

Solution 2:

You can find /etc/letsencrypt/options-ssl-nginx.conf file like this on CentOs.

sudo yum install yum-utils
repoquery --list python2-certbot-nginx

Or like this for Ubuntu.

dpkg -L python2-certbot-nginx

and copy the file to /etc/letsencrypt dir.

sudo cp /usr/lib/python2.7/site-packages/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf /etc/letsencrypt/

If you want to use nginx and letsencrypt in Docker, read this tutorial