11

Hi,
Yes I use docker + SSL (lets encrypt and certbot) + FQDN.
Regarding your settings, I'm not an expert but 2 things seem strange to my eyes :
1/ I think you could remove ":443" here :

APP_BASE_URL=https://myserver.local:443

2/ I wonder if NGINX knows how to translate "app" and I wonder if you shouldn't put the container IP here instead of "app" :

proxy_pass http://app:22300;

I never met the error code you encounter.

You will find here below my config : (I don't use docker compose but it seems consistent) :

  • 1/ env file
APP_BASE_URL=https://www.myserver.org
APP_PORT=22300
DB_CLIENT=pg
POSTGRES_PASSWORD=xxXXXxxxXXX
POSTGRES_DATABASE=joplin
POSTGRES_USER=joplin
POSTGRES_PORT=5432
POSTGRES_HOST=pg
  • 2/ docker commands
sudo docker run -d --restart=always --name pg --env-file .env -p 5432:5432 -v /xxx/joplin.pgdb:/var/lib/postgresql/data postgres:latest
sudo docker run -d --restart=always --name joplinserver --env-file .env --link pg:pg -p 22300:22300 joplin/server:latest
  • 3/ nginx conf
server {
    if ($host = www.myserver.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


 listen 80;
 listen [::]:80;
 server_name www.myserver.org;
 # enforce https
 return 301 https://$server_name:443$request_uri;


}

server {
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.myserver.org;

 proxy_read_timeout 720s;
 proxy_connect_timeout 720s;
 proxy_send_timeout 720s; 

 ssl_session_cache shared:SSL:1m;
 ssl_session_timeout 1440m;
 ssl_buffer_size 8k;
 ssl_protocols  TLSv1.2 TLSv1.3;
 ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kE$
 ssl_prefer_server_ciphers on;
 ssl_stapling on;
 ssl_stapling_verify on;

location / {
    proxy_redirect off;
    proxy_pass http://127.0.0.1:22300;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        client_max_body_size 500M;
}


    ssl_certificate /etc/letsencrypt/live/www.myserver.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.myserver.org/privkey.pem; # managed by Certbot
}

Bruno
PS : I sometimes use a variant for NGINX with "NGINX PROXY MANAGER" docker image by JLESAGE, it's a great image : it works easily with joplin and it deals with letsencrypt public cert. You just have to add a proxy with location "http://JOPLIN.CONTAINER.IP.ADDRESS:22300".