No IP being generated for any other container besides Nginx

[kowenhouston]

Hi there,

I have been searching for many hours for a solution but have been unable to find anything.

This is the "main" docker-compose file i'm using:

version: "2"

services:
  nginx:
    image: nginx
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/etc/nginx/conf.d"
      - "/etc/nginx/vhost.d"
      - "/usr/share/nginx/html"
      - "../../../volumes/proxy/certs:/etc/nginx/certs:ro"
    networks:
      - proxy-tier
  nginx-gen:
    image: jwilder/docker-gen
    container_name: nginx-gen
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "../../../volumes/proxy/templates/nginx-compose-v2.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro"
    volumes_from:
      - nginx
    entrypoint: /usr/local/bin/docker-gen -notify-sighup nginx -watch -only-exposed -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt-nginx-proxy-companion
    volumes_from:
      - nginx
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "../../../volumes/proxy/certs:/etc/nginx/certs:rw"
    environment:
      - NGINX_DOCKER_GEN_CONTAINER=nginx-gen

networks:
  proxy-tier:
    external:
name: nginx-proxy

Then I am attempting to start up additional websites using:

version: "2"

services:
  simple-site:
    image: nginx
    container_name: simple-site
    volumes:
      - "../../../volumes/examples/simple-site/conf.d/:/etc/nginx/conf.d"
    environment:
      - VIRTUAL_HOST=site.example.com
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=site.example.com
      - LETSENCRYPT_TEST=true
      - LETSENCRYPT_EMAIL=site@example.com
    networks:
      - proxy-tier

networks:
  proxy-tier:
    external:
      name: nginx-proxy

This works fine, I can add multiple sites by adding docker-compose files like the one above. I get this in my generated nginx config:

upstream site.example.com {
   # Container: simple-site@nginx-proxy
   server 172.18.0.3:80;
}

lets encrypt container logs:
2016-09-05 00:39:54,313:INFO:simp_le:1305: site.example.com was successfully self-verified

However, when I change the image to anything other than nginx, I loose the IP address and the SSL certs are unable to be downloaded.

version: "2"

services:
  simple-site2:
    image: tutum/apache-php
    container_name: simple-site2
    environment:
      - VIRTUAL_HOST=site2.example.com
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=site2.example.com
      - LETSENCRYPT_TEST=true
      - LETSENCRYPT_EMAIL=site2@example.com
    networks:
      - proxy-tier

networks:
  proxy-tier:
    external:
      name: nginx-proxy

Generated nginx default.conf lines:

upstream site2.example.com {
           # simple-site2
           server :80;
}

lets encrypt container logs:

2016-09-05 00:48:22,077:WARNING:simp_le:1303: site2.example.com was not successfully self-verified. CA is likely to fail as well!
2016-09-05 00:48:22,098:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2016-09-05 00:48:22,436:INFO:simp_le:1313: Generating new certificate private key
2016-09-05 00:48:22,871:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2016-09-05 00:48:23,147:ERROR:simp_le:1271: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Is there a warning log entry about unsuccessful self-verification? Are all your domains accessible from the internet? 
Challenge validation has failed, see error log.

Am I doing this the wrong way? Or is this config incorrect?

[kowenhouston]

Even when using default docker-compose this still has the same issue:

version: "2"

services:
  nginx:
    image: nginx
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/etc/nginx/conf.d"
      - "/etc/nginx/vhost.d"
      - "/usr/share/nginx/html"
      - "../../../volumes/proxy/certs:/etc/nginx/certs:ro"
    networks:
      - proxy-tier
  nginx-gen:
    image: jwilder/docker-gen
    container_name: nginx-gen
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "../../../volumes/proxy/templates/nginx-compose-v2.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro"
    volumes_from:
      - nginx
    entrypoint: /usr/local/bin/docker-gen -notify-sighup nginx -watch -only-exposed -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt-nginx-proxy-companion
    volumes_from:
      - nginx
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "../../../volumes/proxy/certs:/etc/nginx/certs:rw"
    environment:
      - NGINX_DOCKER_GEN_CONTAINER=nginx-gen

  simple-site:
    image: tutum/apache-php
    container_name: simple-site
    environment:
      - VIRTUAL_HOST=site.example.com
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=site.example.com
      - LETSENCRYPT_EMAIL=site@example.com
    networks:
      - proxy-tier

networks:
  proxy-tier:
    external:
      name: nginx-proxy

upstream site.example.com {
           # simple-site
           server :80;
}

[kowenhouston]

Figured out the issue, I don't know if this is really a "Fix" though.

removed the first if statement in a section under nginx-v2.tmpl:

    {{ $addrLen := len $value.Addresses }}
    {{/* If only 1 port exposed, use that */}}
    {{ if eq $addrLen 1 }}
        {{ with $address := index $value.Addresses 0 }}
           # {{$value.Name}}
           server {{ $address.IP }}:{{ $address.Port }};
        {{ end }}

    {{/* If a VIRTUAL_NETWORK is specified use use its IP */}}
    {{ else if $value.Env.VIRTUAL_NETWORK }}
        {{ range $i, $network := $value.Networks }}
           {{ if eq $network.Name $value.Env.VIRTUAL_NETWORK }}
   # Container: {{$value.Name}}@{{$network.Name}}
   server {{ $network.IP }}:{{ $value.Env.VIRTUAL_PORT }};
           {{ end }}
{{ end }}

to become:

    {{ $addrLen := len $value.Addresses }}
    {{/* If a VIRTUAL_NETWORK is specified use use its IP */}}
    {{ if $value.Env.VIRTUAL_NETWORK }}
        {{ range $i, $network := $value.Networks }}
           {{ if eq $network.Name $value.Env.VIRTUAL_NETWORK }}
   # Container: {{$value.Name}}@{{$network.Name}}
   server {{ $network.IP }}:{{ $value.Env.VIRTUAL_PORT }};
           {{ end }}
{{ end }}

This seemed to fix all the issues:

upstream site2.example.com {
   # Container: site2@nginx-proxy
   server 172.18.0.4:80;
}

2016-09-05 05:26:44,481:INFO:simp_le:1305: site2.example.com was successfully self-verified

Could someone shed some light on this?

[kowenhouston]

I see there is a pull request for this already. "Check for VIRTUAL_NETWORK first"

[fatk]

You're absolutely right, i've been really busy these pasts months, but i'll be checking everything and adding more examples soon.

Thanks for your comments

[kowenhouston]

Great thanks man.

Haha, I can relate to that!

[mareeba]

Please see related issues here:
#https://help.nextcloud.com/t/nextcloud-nginx-reverse-proxy-letsencrypt-in-docker-containers/1687/17