502 bad gateway error at wordpress docker-compose setup with nginx

Sadly my docker-compose setup with WordPress and Nginx and a custom SSL certificate for HTTPS does not work.

First I have to deactivate hsts manually in the browser to accept my certificate, even though I added it in the certificates list and my local server as an exception.

It always displays me a 502 bad gateway error for https://localhost, but I am able to call the unencrypted HTTP loopback URL at http://127.0.0.1:8000. What is wrong with my setup?

Thanks in advance for every helpful answer.

My docker-compose.yml:

    version: '3.6'
    
    services:
        db:
            image: mysql:5.7
            volumes:
                - data_db:/var/lib/mysql
            restart: unless-stopped
            environment:
                MYSQL_ROOT_PASSWORD: mypassword
                MYSQL_DATABASE: wordpress
                MYSQL_USER: wordpress
                MYSQL_PASSWORD: wordpress
            networks:
                - wpsite
    
        phpmyadmin:
            image: phpmyadmin/phpmyadmin:latest
            depends_on:
              - db
            restart: unless-stopped
            ports:
                - '9000:80'
            environment:
              PMA_HOST: db
              MYSQL_ROOT_PASSWORD: mypassword
            networks:
                - wpsite
    
        wordpress:
            image: wordpress:5.3.2
            container_name: wordpress
            depends_on:
                - db
            ports:
                - '8000:80'
            restart: unless-stopped
            environment:
                WORDPRESS_DB_HOST: db:3306
                WORDPRESS_DB_USER: wordpress
                WORDPRESS_DB_PASSWORD: wordpress
            volumes:
                - ./config/php.conf.uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
                - ./wp-app:/var/www/html
            networks:
                - wpsite
    
        nginx:
            image: nginx:latest
            depends_on:
                - wordpress
            container_name: nginx
            volumes:
                - ./nginx.conf:/etc/nginx/nginx.conf
                - ./certs:/etc/nginx/certs
            ports:
                - '80:80'
                - '443:443'
            networks:
                - wpsite
    
    networks:
        wpsite:
    volumes:
        data_db:

My nginx.conf:

    worker_processes  2;
    
    pid /var/run/nginx.pid;
    
    worker_rlimit_nofile 65535;
    
    #                          [ debug | info | notice | warn | error | crit ]
    
    error_log  /var/log/nginx.error_log  info;
    
    events {
        worker_connections   2000;
        # use [ kqueue | epoll | /dev/poll | select | poll ];
        # use kqueue;
    }
    
    http {
    
        include       mime.types;
        default_type  application/octet-stream;
    
    
        log_format main      '$remote_addr - $remote_user [$time_local] '
                             '"$request" $status $bytes_sent '
                             '"$http_referer" "$http_user_agent" '
                             '"$gzip_ratio"';
    
        log_format download  '$remote_addr - $remote_user [$time_local] '
                             '"$request" $status $bytes_sent '
                             '"$http_referer" "$http_user_agent" '
                             '"$http_range" "$sent_http_content_range"';
    
        client_header_timeout  3m;
        client_body_timeout    3m;
        send_timeout           3m;
    
        client_header_buffer_size    1k;
        large_client_header_buffers  4 4k;
    
        gzip on;
        gzip_min_length  1100;
        gzip_buffers     4 8k;
        gzip_types       text/plain;
    
        output_buffers   1 32k;
        postpone_output  1460;
    
        sendfile         on;
        tcp_nopush       on;
        tcp_nodelay      on;
        send_lowat       12000;
    
        keepalive_timeout  75 20;
    
        #lingering_time     30;
        #lingering_timeout  10;
        #reset_timedout_connection  on;
    
        server {
                listen 80;
                listen 443 ssl;
                ssl_certificate /etc/nginx/certs/localhost/localhost.crt;
                ssl_certificate_key /etc/nginx/certs/localhost/localhost.key;
                client_max_body_size 500M;
                add_header Strict-Transport-Security max-age=31536000;
    
                location / {
                    proxy_pass         http://127.0.0.1:8000;
                    proxy_redirect     off;
                    proxy_set_header   Host $host;
                    proxy_set_header   X-Real-IP $remote_addr;
                    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header   X-Forwarded-Host $server_name;
                    #proxy_set_header   X-Forwarded-Proto https;
                    #proxy_http_version 1.1;
                    #proxy_set_header Upgrade $http_upgrade;
                    #proxy_set_header Connection "upgrade";
                    #proxy_read_timeout 86400;
    
                }
        }
    }

My docker-compose output in bash:

    sudo docker-compose up
    Starting wordpress_db_1 ... done
    Starting wordpress              ... done
    Starting wordpress_phpmyadmin_1 ... done
    Starting nginx                  ... done
    Attaching to wordpress_db_1, wordpress_phpmyadmin_1, wordpress, nginx
    db_1          | 2020-12-11 12:16:32+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.32-1debian10 started.
    nginx         | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
    nginx         | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
    wordpress     | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.3. Set the 'ServerName' directive globally to suppress this message
    nginx         | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
    wordpress     | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.3. Set the 'ServerName' directive globally to suppress this message
    db_1          | 2020-12-11 12:16:32+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
    phpmyadmin_1  | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.4. Set the 'ServerName' directive globally to suppress this message
    nginx         | 10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled
    wordpress     | [Fri Dec 11 12:16:34.004185 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.16 configured -- resuming normal operations
    wordpress     | [Fri Dec 11 12:16:34.004235 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
    phpmyadmin_1  | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.4. Set the 'ServerName' directive globally to suppress this message
    nginx         | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
    phpmyadmin_1  | [Fri Dec 11 12:16:32.766144 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.11 configured -- resuming normal operations
    phpmyadmin_1  | [Fri Dec 11 12:16:32.766183 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
    db_1          | 2020-12-11 12:16:32+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.32-1debian10 started.
    db_1          | 2020-12-11T12:16:32.625996Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
    db_1          | 2020-12-11T12:16:32.627056Z 0 [Note] mysqld (mysqld 5.7.32) starting as process 1 ...
    nginx         | /docker-entrypoint.sh: Configuration complete; ready for start up
    db_1          | 2020-12-11T12:16:32.629055Z 0 [Note] InnoDB: PUNCH HOLE support available
    db_1          | 2020-12-11T12:16:32.629065Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
    db_1          | 2020-12-11T12:16:32.629067Z 0 [Note] InnoDB: Uses event mutexes
    db_1          | 2020-12-11T12:16:32.629069Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
    db_1          | 2020-12-11T12:16:32.629070Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
    db_1          | 2020-12-11T12:16:32.629072Z 0 [Note] InnoDB: Using Linux native AIO
    db_1          | 2020-12-11T12:16:32.629290Z 0 [Note] InnoDB: Number of pools: 1
    db_1          | 2020-12-11T12:16:32.629357Z 0 [Note] InnoDB: Using CPU crc32 instructions
    db_1          | 2020-12-11T12:16:32.630430Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
    db_1          | 2020-12-11T12:16:32.635432Z 0 [Note] InnoDB: Completed initialization of buffer pool
    db_1          | 2020-12-11T12:16:32.636946Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
    db_1          | 2020-12-11T12:16:32.648034Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
    db_1          | 2020-12-11T12:16:32.657250Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
    db_1          | 2020-12-11T12:16:32.657322Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
    db_1          | 2020-12-11T12:16:32.674418Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
    db_1          | 2020-12-11T12:16:32.675043Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
    db_1          | 2020-12-11T12:16:32.675054Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
    db_1          | 2020-12-11T12:16:32.675323Z 0 [Note] InnoDB: 5.7.32 started; log sequence number 1169658257
    db_1          | 2020-12-11T12:16:32.675397Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
    db_1          | 2020-12-11T12:16:32.675519Z 0 [Note] Plugin 'FEDERATED' is disabled.
    db_1          | 2020-12-11T12:16:32.677250Z 0 [Note] InnoDB: Buffer pool(s) load completed at 201211 12:16:32
    db_1          | 2020-12-11T12:16:32.681616Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
    db_1          | 2020-12-11T12:16:32.681628Z 0 [Note] Skipping generation of SSL certificates as certificate files are present in data directory.
    db_1          | 2020-12-11T12:16:32.682038Z 0 [Warning] CA certificate ca.pem is self signed.
    db_1          | 2020-12-11T12:16:32.682062Z 0 [Note] Skipping generation of RSA key pair as key files are present in data directory.
    db_1          | 2020-12-11T12:16:32.682406Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
    db_1          | 2020-12-11T12:16:32.682490Z 0 [Note] IPv6 is available.
    db_1          | 2020-12-11T12:16:32.682501Z 0 [Note]   - '::' resolves to '::';
    db_1          | 2020-12-11T12:16:32.682513Z 0 [Note] Server socket created on IP: '::'.
    db_1          | 2020-12-11T12:16:32.683847Z 0 [Warning] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
    db_1          | 2020-12-11T12:16:32.690930Z 0 [Note] Event Scheduler: Loaded 0 events
    db_1          | 2020-12-11T12:16:32.691172Z 0 [Note] mysqld: ready for connections.
    db_1          | Version: '5.7.32'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
    nginx         | 2020/12/11 12:16:34 [warn] 1#1: "send_lowat" is not supported, ignored in /etc/nginx/nginx.conf:51
    nginx         | nginx: [warn] "send_lowat" is not supported, ignored in /etc/nginx/nginx.conf:51