docker - Nginx 无法访问 SSL 证书
问题描述
尝试使用 NGINX 和 DOCKER 设置 HTTPS 服务器。检查 nginx 配置文件时不断收到相同的错误nginx -t
:
2020/11/13 13:37:52 [emerg] 6#6: cannot load certificate "/etc/nginx/certs/cert.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/cert.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: [emerg] cannot load certificate "/etc/nginx/certs/cert.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/cert.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed
certs
尝试将dir复制到etc/nginx
in 中Dockerfile
,但没有成功:
Dockerfile
FROM node:latest as build-stage
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY ./ .
RUN npm run build
FROM nginx as production-stage
RUN mkdir /app
COPY --from=build-stage /app/dist /app
COPY certs /etc/nginx
COPY nginx.conf /etc/nginx/nginx.conf
RUN nginx -t
也尝试设置 docker 卷,但仍然是同样的错误。
nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 80 default_server;
server_name test;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name test;
ssl_certificate certs/cert.crt;
ssl_certificate_key certs/cert.key;
location / {
root /app;
index index.html;
try_files $uri $uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
PS 权限certs
设置为 444
chmod -R 444 certs
解决方案
推荐阅读
- python - Pandas:使用两个列元素对值进行排序
- apache-kafka - 如何检索 Kafka 消费者配置
- node.js - 在 docker env 中使用 nodejs 运行 selenium:xvfb 无法启动
- installshield - 卸载时不会删除在注册表中完成的 InstallScript CA 更改
- oracle - 计算Oracle中两个经纬度点之间的距离
- react-native - extraReducer 中的 redux-toolkit 状态更改不会启动重新渲染
- laravel - Laravel SAML - 用户登录后自动注销
- gis - 要求代理人检查他们的位置
- rest - 通过 REST (PyOTRS) 更新 SLA
- python - 比较 python 中两个给定路径的两个列表中的 XML 标记值与 JSON 标记值