SWT

[Docker] nginx + certbot get 404 / not work 

docker-compose.yml should getting 
...
services:
  nginx:
    image: nginx:stable-alpine
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ...
      - $PWD/certbot/conf:/etc/nginx/ssl
      - $PWD/certbot/data:/usr/share/nginx/html/letsencrypt
    ...

  certbot:
    image: certbot/certbot:latest
    command: certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email email@gmail.com --agree-tos --no-eff-email --staging -d [your domain]
    volumes:
      - $PWD/certbot/conf:/etc/letsencrypt
      - $PWD/certbot/logs:/var/log/letsencrypt
      - $PWD/certbot/data:/usr/share/nginx/html/letsencrypt
    ...
And please edit your nginx conf *** comment all the location code unless "location ~ /.well-known/acme-challenge {" 
server {
    server_name [your domain];
    listen 80;
    root  [project path];

    index index.php index.html index.htm;

    location ~ /.well-known/acme-challenge {
         allow all; 
         root /usr/share/nginx/html/letsencrypt;
    }
}
then run docker-compose up -d if certbot success, you can find the fold "cd certbot/conf/live/[your domain]" And update the nginx conf again 
server {
    listen [::]:80;
    listen 80;

    server_name [your domain];

    location ~ /.well-known/acme-challenge {
         allow all; 
         root /usr/share/nginx/html/letsencrypt;
    }

    # redirect http to https
    return 301 https://[your domain]$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name [your domain];

    # SSL code
    ssl_certificate /etc/nginx/ssl/live/[your domain]/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/[your domain]/privkey.pem;

    client_max_body_size 20M;
    root  [project path];

    index index.php index.html index.htm;
    
    if (!-e $request_filename) {
        rewrite ^(.+)$ /index.php?q=$1 last;
    }

    location ~ .php$ {
            #try_files $uri =404;
            fastcgi_pass php:9000;
            fastcgi_index index.php;
            include  fastcgi_params;
            fastcgi_split_path_info       ^(.+\.php)(/.+)$;
            fastcgi_param PATH_INFO       $fastcgi_path_info;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            #fastcgi_read_timeout 300;
    }
}
*** If you do it for wordpress, please install "Really Simple SSL" & "CloudFlare Flexible SSL Plugin" plugin first, then follow the instruction to fix all issue.
Back