Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mshafnas's avatar

Nginx certbot docker

I have setup the nginx with certbot in docker, when I try to access the website it shows page is not redirecting properly but with port 9001 I am able to access the website. please note that I am service two different websites on port 80 and 9001, here is my conf file

# Upstream configuration
upstream botpress_server {
    server botpress:3000;
}

# Disable sending the server identification
server_tokens off;

# Prevent displaying Botpress in an iframe (clickjacking protection)
# add_header X-Frame-Options SAMEORIGIN;

# Prevent browsers from detecting the mimetype if not sent by the server.
# add_header X-Content-Type-Options nosniff;

# Force enable the XSS filter for the website, in case it was disabled manually
# add_header X-XSS-Protection "1; mode=block";

add_header Content-Security-Policy "frame-ancestors *;";

# Configure the cache for static assets
proxy_cache_path /srv/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;

# Set the max file size for uploads (make sure it is larger than the configured media size in botpress.config.json)
client_max_body_size 15M;

# Server Block for SSL and Port 9000
server {
    listen 9000 ssl;
    listen [::]:9000 ssl;
    server_name redladdersa.com;

    ssl_certificate /etc/letsencrypt/live/redladdersa.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/redladdersa.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # Enable caching of assets by NGINX to reduce load on the server
    location ~ .*/assets/.* {
        proxy_cache my_cache;
        proxy_ignore_headers Cache-Control;
        proxy_hide_header Cache-Control;
        proxy_hide_header Pragma;
        proxy_pass http://botpress_server;
        proxy_cache_valid any 30m;
        proxy_set_header Cache-Control max-age=30;
        add_header Cache-Control max-age=30;
    }

    # Add specific headers for WebSockets
    location /socket.io/ {
        proxy_pass http://botpress_server/socket.io/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    # All other requests should be directed to the server
    location / {
        proxy_pass http://botpress_server;
    }
}

# Server Block for SSL and Port 9001
server {
    listen 9001 ssl;
    listen [::]:9001 ssl;
    server_name redladdersa.com;

    ssl_certificate /etc/letsencrypt/live/redladdersa.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/redladdersa.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://botpress_server;
    }
}

# Server Block for Botpress Server on Port 3000
server {
    listen 3000 ssl;
    listen [::]:3000 ssl;
    server_name redladdersa.com;

    ssl_certificate /etc/letsencrypt/live/redladdersa.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/redladdersa.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        proxy_pass http://botpress_server;
    }
}

# Server Block for Laravel Server on Port 80 with SSL redirect
server {
    listen 80 ssl;
    index index.php index.html;
    root /var/www/html/public;
    server_name redladdersa.com;

    location / {
        try_files $uri /index.php?$args;
    }

    location /css/ {
        alias /var/www/html/public/css/;
    }

    location /vendor/ {
        alias /var/www/html/public/vendor/;
    }

    location /js/ {
        alias /var/html/public/js/;
    }

    location /images/ {
        alias /var/www/html/public/images/;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass laravel-app:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
    

    ssl_certificate /etc/letsencrypt/live/redladdersa.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/redladdersa.com/privkey.pem; # managed by Certbot

    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name redladdersa.com;

    ssl_certificate /etc/letsencrypt/live/redladdersa.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/redladdersa.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        return 301 https://$host$request_uri;
    }
}
0 likes
0 replies

Please or to participate in this conversation.