Publish blazor app via Nginx web server , deployment and ssl issue

Question

I am trying to publish my Blazor web app via an NGINX web server. I containerized the Blazor app using Docker and Docker Compose orchestration. I also have a .NET Web API that handles backend API calls, which works fine on both HTTP and HTTPS. However, NGINX throws a 400 error ("the plain HTTP request was sent to HTTPS") and sometimes a 500 internal server error.

Here are the relevant NGINX logs:

2024-07-09 10:32:55 2024/07/09 17:32:55 [crit] 16#16: *10 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while waiting for request, client: 172.24.0.1, server: 0.0.0.0:443
2024-07-09 10:32:55 2024/07/09 17:32:55 [crit] 17#17: *11 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while waiting for request, client: 172.24.0.1, server: 0.0.0.0:443
2024-07-09 10:19:06 172.24.0.1 - - [09/Jul/2024:17:19:06 +0000] "GET / HTTP/1.1" 500 579 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
2024-07-09 10:19:06 172.24.0.1 - - [09/Jul/2024:17:19:06 +0000] "GET /favicon.ico HTTP/1.1" 500 579 "https://localhost/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"

Also I am sending my docker compose , dockerfile and nginix config for references.

 # Build stage
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["Euro2024/Euro2024.csproj", "Euro2024/"]
RUN dotnet restore "Euro2024/Euro2024.csproj"
COPY . .
WORKDIR "/src/Euro2024"
RUN dotnet build "Euro2024.csproj" -c ${BUILD_CONFIGURATION} -o /app/build

# Publish stage
FROM build AS publish
RUN dotnet publish "Euro2024.csproj" -c ${BUILD_CONFIGURATION} -o /app/publish

# Final stage
FROM nginx:1.23.0-alpine
WORKDIR /usr/share/nginx/html
COPY --from=publish /app/publish/wwwroot .

# Remove default nginx.conf
RUN rm /etc/nginx/conf.d/default.conf

# Copy custom nginx.conf
COPY ./nginx/nginx.conf /etc/nginx/nginx.conf

# Copy SSL certificates
COPY ./nginx/certificate.crt /etc/nginx/ssl/tadehb.com.crt
COPY ./nginx/private.key /etc/nginx/ssl/tadehb.com.key

# Set permissions
#RUN chmod 644 /etc/nginx/ssl/certificate.crt \
    #&& chmod 600 /etc/nginx/ssl/private.key \
   # && chmod 644 /etc/nginx/ssl/client_certificate.crt

# Expose ports
EXPOSE 80
EXPOSE 443

# Set up entry point
ENTRYPOINT ["nginx", "-g", "daemon off;"]

---

version: '3.9'

services:

  euro2024api:
    build:
      context: ./
      dockerfile: DockerfileApi
    ports:
      - "5093:80"   # HTTP
      - "5094:443"   # HTTPS
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=euro2024
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
      - ConnectionStrings__Local=Server=db,1433;Database=Predictions;User ID=sa;Password=Ks@15352;TrustServerCertificate=True
    volumes:
      - ./https/aspnetapp.pfx:/https/aspnetapp.pfx
    networks:
      - mynetwork
    depends_on:
      - db

  euro2024ui:
    build:
      context: ./
      dockerfile: DockerfileUi
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/certificate.crt:/etc/nginx/ssl/tadehb.com.crt
      - ./nginx/private.key:/etc/nginx/ssl/tadehb.com.key
    networks:
      - mynetwork
    depends_on:
      - euro2024api

  db:
    image: mcr.microsoft.com/mssql/server:2022-latest
    ports:
      - '1433:1433'
    environment:
      - SA_PASSWORD=Ks@15352
      - ACCEPT_EULA=Y
      - MSSQL_PID=Express
    networks:
      - mynetwork

networks:
  mynetwork:

---

# nginx.conf

# Global configuration
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    # HTTP server block listening on port 80, redirects to HTTPS
    server {
        listen 80;
        server_name tadehb.com;

        location / {
            return 301 https://$host$request_uri;
        }
    }

    # HTTPS server block listening on port 443
    server {
        listen 443 ssl;
        server_name tadehb.com;

        ssl    on;

        ssl_certificate /etc/nginx/ssl/tadehb.com.crt;
        ssl_certificate_key /etc/nginx/ssl/tadehb.com.key;
        ssl_client_certificate optional;
        ssl_protocols SSLv3 TLSv1.1 TLSv1.2;


        location / {
            #proxy_pass https://euro2024ui:5001;
            #proxy_set_header Host $host;
            #proxy_set_header X-Real-IP $remote_addr;
            #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            #proxy_set_header X-Forwarded-Proto $scheme;
            try_files $uri $uri/ /index.html;
        }
    }
}