I would like to deploy SSL certificate on my website to support https protocol.
Using Certbot 2.8.0, I successfully get the certificate:
~$ sudo certbot certonly --standalone -d www.toxiverse.com -d toxiverse.com
It returns:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/toxiverse.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/toxiverse.com/privkey.pem
This certificate expires on 2024-04-16.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Then I copy the certificates to folder /root/ssl for convenience:
$ sudo -s scp /etc/letsencrypt/live/toxiverse.com/privkey.pem /root/ssl
$ sudo -s scp /etc/letsencrypt/live/toxiverse.com/fullchain.pem /root/ssl
$ sudo -s scp /etc/letsencrypt/live/toxiverse.com/cert.pem /root/ssl
$ sudo -s scp /etc/letsencrypt/live/toxiverse.com/chain.pem /root/ssl
And then I changed dockerfile to:
FROM python:3.8
RUN useradd toxpro
WORKDIR /home/toxpro
COPY requirements.txt requirements.txt
RUN python -m venv venv
RUN venv/bin/pip install -r requirements.txt
# netcat is a program
# necessary for troubleshooting
# the networking
RUN apt-get update && apt-get install -y netcat-traditional
COPY app app
COPY ssl ssl
RUN pip install pyopenssl
RUN mkdir logs
RUN mkdir data
RUN mkdir instance # this is necessary for digital ocean
COPY boot.sh ./
RUN chmod +x boot.sh
COPY boot_worker.sh ./
RUN chmod +x boot_worker.sh
COPY boot_dashboard.sh ./
RUN chmod +x boot_dashboard.sh
RUN apt-get install libxrender1
ENV FLASK_APP app.py
RUN chown -R toxpro:toxpro ./
USER toxpro
EXPOSE 5000
As well as docker-compose-do.yml:
version: '2'
services:
redis:
image: redis
volumes:
- ./redis:/usr/local/etc/redis
toxpro:
build: .
env_file:
- docker-environment-do.env
ports:
- "443:5000"
image: toxpro:lastest
volumes:
- ./instance/:/home/toxpro/instance
- ./data/:/home/toxpro/data
- ./root/ssl/fullchain.pem:/home/toxpro/fullchain.pem
- ./root/ssl/privkey.pem:/home/toxpro/privkey.pem
entrypoint: ["./boot.sh"]
stdin_open: true
tty: true
worker:
build: .
env_file:
- docker-environment-do.env
depends_on:
- redis
- toxpro
entrypoint: ["./boot_worker.sh"]
volumes:
- ./instance/:/home/toxpro/instance
- ./data/:/home/toxpro/data
- ./root/ssl/fullchain.pem:/home/toxpro/fullchain.pem
- ./root/ssl/privkey.pem:/home/toxpro/privkey.pem
volumes:
instance_vol:
boot.sh:
#!/bin/bash
source venv/bin/activate
exec gunicorn -b :5000 --worker-tmp-dir /dev/shm --certfile ssl/cert.pem --keyfile ssl/privkey.pem --workers=2 --timeout 90 --access-logfile - --error-logfile - "app:create_app()"
boot_worker.sh:
#!/bin/bash
source venv/bin/activate
exec rq worker toxpro-tasks --name toxpro-tasks --url redis://toxpro-redis-1:6379
#!/bin/bash And then copy local to server:
scp -r ./* [email protected]:/home/toxpro
Then compose the containers on server:
sudo docker compose -f docker-compose-do.yml up -d --build --force-recreate
the three containers successfully started. However, when I try to connect to the website by SSL, it showed "wrong version number":
--2024-01-17 23:14:16-- https://toxiverse.com/
Resolving toxiverse.com (toxiverse.com)... 192.241.131.84
Connecting to toxiverse.com (toxiverse.com)|192.241.131.84|:443... connected.
OpenSSL: error:0A00010B:SSL routines::wrong version number
Unable to establish SSL connection.
The website doesn't work as well when I try to open it. Is there any mistake I made in the process deploying SSL certificates?
I tried re-apply for the certificates but it doesn't work.