I am trying to publish my Blazor web app via an NGINX web server. I containerized the Blazor app using Docker and Docker Compose orchestration. I also have a .NET Web API that handles backend API calls, which works fine on both HTTP and HTTPS. However, NGINX throws a 400 error ("the plain HTTP request was sent to HTTPS") and sometimes a 500 internal server error.
Here are the relevant NGINX logs:
2024-07-09 10:32:55 2024/07/09 17:32:55 [crit] 16#16: *10 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while waiting for request, client: 172.24.0.1, server: 0.0.0.0:443
2024-07-09 10:32:55 2024/07/09 17:32:55 [crit] 17#17: *11 SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while waiting for request, client: 172.24.0.1, server: 0.0.0.0:443
2024-07-09 10:19:06 172.24.0.1 - - [09/Jul/2024:17:19:06 +0000] "GET / HTTP/1.1" 500 579 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
2024-07-09 10:19:06 172.24.0.1 - - [09/Jul/2024:17:19:06 +0000] "GET /favicon.ico HTTP/1.1" 500 579 "https://localhost/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" "-"
Also I am sending my docker compose , dockerfile and nginix config for references.
# Build stage
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["Euro2024/Euro2024.csproj", "Euro2024/"]
RUN dotnet restore "Euro2024/Euro2024.csproj"
COPY . .
WORKDIR "/src/Euro2024"
RUN dotnet build "Euro2024.csproj" -c ${BUILD_CONFIGURATION} -o /app/build
# Publish stage
FROM build AS publish
RUN dotnet publish "Euro2024.csproj" -c ${BUILD_CONFIGURATION} -o /app/publish
# Final stage
FROM nginx:1.23.0-alpine
WORKDIR /usr/share/nginx/html
COPY --from=publish /app/publish/wwwroot .
# Remove default nginx.conf
RUN rm /etc/nginx/conf.d/default.conf
# Copy custom nginx.conf
COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
# Copy SSL certificates
COPY ./nginx/certificate.crt /etc/nginx/ssl/tadehb.com.crt
COPY ./nginx/private.key /etc/nginx/ssl/tadehb.com.key
# Set permissions
#RUN chmod 644 /etc/nginx/ssl/certificate.crt \
#&& chmod 600 /etc/nginx/ssl/private.key \
# && chmod 644 /etc/nginx/ssl/client_certificate.crt
# Expose ports
EXPOSE 80
EXPOSE 443
# Set up entry point
ENTRYPOINT ["nginx", "-g", "daemon off;"]
version: '3.9'
services:
euro2024api:
build:
context: ./
dockerfile: DockerfileApi
ports:
- "5093:80" # HTTP
- "5094:443" # HTTPS
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_Kestrel__Certificates__Default__Password=euro2024
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
- ConnectionStrings__Local=Server=db,1433;Database=Predictions;User ID=sa;Password=Ks@15352;TrustServerCertificate=True
volumes:
- ./https/aspnetapp.pfx:/https/aspnetapp.pfx
networks:
- mynetwork
depends_on:
- db
euro2024ui:
build:
context: ./
dockerfile: DockerfileUi
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/certificate.crt:/etc/nginx/ssl/tadehb.com.crt
- ./nginx/private.key:/etc/nginx/ssl/tadehb.com.key
networks:
- mynetwork
depends_on:
- euro2024api
db:
image: mcr.microsoft.com/mssql/server:2022-latest
ports:
- '1433:1433'
environment:
- SA_PASSWORD=Ks@15352
- ACCEPT_EULA=Y
- MSSQL_PID=Express
networks:
- mynetwork
networks:
mynetwork:
# nginx.conf
# Global configuration
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# HTTP server block listening on port 80, redirects to HTTPS
server {
listen 80;
server_name tadehb.com;
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS server block listening on port 443
server {
listen 443 ssl;
server_name tadehb.com;
ssl on;
ssl_certificate /etc/nginx/ssl/tadehb.com.crt;
ssl_certificate_key /etc/nginx/ssl/tadehb.com.key;
ssl_client_certificate optional;
ssl_protocols SSLv3 TLSv1.1 TLSv1.2;
location / {
#proxy_pass https://euro2024ui:5001;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri $uri/ /index.html;
}
}
}