I built my docker Django app with Django-cookiecutter ( It makes a bootstrap application that is ready for production). The application works fine on my local machine with no errors. I pushed the production images to AWS ECR and used docker context ecs to deploy the application.
Domain converdfile.com is registered at namecheap.
Created a hosted zone converdfile.com on AWS.
On https://dnschecker.org, the A and CNAME, NS and SOA records show as propagated (with the expected four NS values).
I imported my SSL certificate to AWS ACM and attached it to the Network load balancer that was created for me when I deployed the docker-compose file.
It is attached to port 443.
I used https://decoder.link/sslchecker to check my SSL certificate and it works fine.
The hosted zone A and CNAME record both point to the NLB that was created.
When I go to convertdfile.com it gives me a 404 error page
I used https://letsdebug.net/ to test what is wrong and it said
www.convertdfile.com has an A (IPv4) record (35.153.250.60) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with www.convertdfile.com/35.153.250.60: Get "http://www.convertdfile.com/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
I checked my logs and found out that there is something wrong with my traefik container it displayed
this at first
"Unable to obtain ACME certificate for domains \"convertdfile.com\": unable to generate a certificate for the domains [convertdfile.com]: error: one or more domains had a problem:\n[convertdfile.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 54.210.108.238: Fetching http://convertdfile.com/.well-known/acme-challenge/TMGKwtblVaaHETrz1QkZvNl9s3rLNBJ5Wyza_9DDU5o: Timeout during connect (likely firewall problem), url: \n" routerName=flower-secure-router@file rule="Host(`convertdfile.com`)" providerName=letsencrypt.acme
then later changed to this
Cannot retrieve the ACME challenge for token letsdebug-test: cannot find challenge for token letsdebug-test" providerName=letsencrypt.acme
I have troubleshooter all I can think of and don't know what else to do
I checked the security group attached to it and it allows in coming traffic on the loadbalncer.
Here is docker-compose file
version: '3'
volumes:
production_postgres_data: {}
production_postgres_data_backups: {}
production_traefik: {}
services:
django: &django
image: public.ecr.aws/t6g1j7b6/image_converter:django
env_file:
- ./.envs/.production/.django
- ./.envs/.production/.postgres
command: /start
networks:
- proxy
- default
postgres:
image: public.ecr.aws/t6g1j7b6/image_converter:postgres
volumes:
- production_postgres_data:/var/lib/postgresql/data:Z
- production_postgres_data_backups:/backups:z
env_file:
- ./.envs/.production/.postgres
traefik:
image: public.ecr.aws/t6g1j7b6/image_converter:traefik
depends_on:
- django
volumes:
- production_traefik:/etc/traefik/acme
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
- "0.0.0.0:5555:5555"
networks:
proxy:
and here is my traefik.yml file
log:
level: INFO
entryPoints:
web:
# http
address: ":80"
http:
# https://docs.traefik.io/routing/entrypoints/#entrypoint
redirections:
entryPoint:
to: web-secure
web-secure:
# https
address: ":443"
flower:
address: ":5555"
certificatesResolvers:
letsencrypt:
# https://docs.traefik.io/master/https/acme/#lets-encrypt
acme:
email: "pawo@fessburn.com"
storage: /etc/traefik/acme/acme.json
# https://docs.traefik.io/master/https/acme/#httpchallenge
httpChallenge:
entryPoint: web
http:
routers:
web-secure-router:
rule: "Host(`convertdfile.com`)"
entryPoints:
- web-secure
middlewares:
- csrf
service: django
tls:
# https://docs.traefik.io/master/routing/routers/#certresolver
certResolver: letsencrypt
flower-secure-router:
rule: "Host(`convertdfile.com`)"
entryPoints:
- flower
service: flower
tls:
# https://docs.traefik.io/master/routing/routers/#certresolver
certResolver: letsencrypt
middlewares:
csrf:
# https://docs.traefik.io/master/middlewares/headers/#hostsproxyheaders
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
headers:
hostsProxyHeaders: ["X-CSRFToken"]
services:
django:
loadBalancer:
servers:
- url: http://django:5000
flower:
loadBalancer:
servers:
- url: http://flower:5555
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
providers:
# https://docs.traefik.io/master/providers/file/
file:
filename: /etc/traefik/traefik.yml
watch: true
If there is something I am doing wrong or missing please help out. I have been on this for almost a week now. I am a beginner and don't have anywhere else to turn to.