时间戳

首页 > 解决方案 > Nginx LetsEncrypt 错误“/etc/letsencrypt/options-ssl-nginx.conf”没有这样的文件或目录

docker - Nginx LetsEncrypt 错误“/etc/letsencrypt/options-ssl-nginx.conf”没有这样的文件或目录

问题描述

我正在尝试使用 LetsEncrypt 和 Nginx 添加 https。我添加了 certbot,它运行成功。然后在尝试运行 Nginx 服务器时出现此错误。

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: error: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2020/11/21 06:24:07 [emerg] 1#1: open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23
nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23

这是我的docker-compose.yml文件

version: '3.7'

services:

  nginx_server:
    image: nginx:latest
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    

 my-image:
    image: my-name/my-image
    ports:
      - '8088:8088'

这是我nginx.conf里面的文件data/nginx

server {
    listen 80;
    server_name mysite.com;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

   location / {
        proxy_pass        http://my-image:8088;
             proxy_set_header  X-Real-IP $remote_addr;
             proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header  Host $http_host;
    }
}
server {
        listen 443 ssl default_server ssl;
        server_name mysite.com;

        ssl_certificate     /etc/letsencrypt/live/mysite.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
        ssl_trusted_certificate  /etc/letsencrypt/live/mysite.com/fullchain.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        location / {
             proxy_pass        http://my-image:8088;
             proxy_set_header  X-Real-IP $remote_addr;
             proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header  Host $http_host;
        }


}

Certbot 运行成功,所以我从 docker-compose 中删除了它的图像。

任何帮助,将不胜感激。谢谢

标签: dockernginxdocker-composelets-encryptcertbot

解决方案

我希望您找到了解决问题的方法,我将分享当我尝试在 docker env 中使用 nginx 和 certbot 时解决我的问题的方法,以及我为其他可能想在 docker 中使用 nginx 和 certbot 的人使用的链接。

第 1 步(基础准备)

  1. 创建一个名为 nginx 的网络 =>docker network create nginx
  2. 将下面的 docker-compose 添加到您想用作 nginx 基础的文件夹中
version: '3.4'

services: 
  web:
    image: nginx:1.14.2-alpine
    restart: always
    volumes:
      - ./public_html:/public_html
      - ./conf.d:/etc/nginx/conf.d/
      - ./dhparam:/etc/nginx/dhparam
      - ./certbot/conf/:/etc/nginx/ssl/
      - ./certbot/data:/usr/share/nginx/html/letsencrypt
    ports:
      - 80:80
      - 443:443
    networks:
        - nginx
  certbot:
     image: certbot/certbot:latest
     volumes:
       - ./certbot/conf/:/etc/letsencrypt
       - ./certbot/logs/:/var/log/letsencrypt
       - ./certbot/data:/usr/share/nginx/html/letsencrypt

networks:
  nginx:
    external: true
  1. 将下面的这些文件夹添加到同一目录
  • conf.d
  • 参数
  • public_html

第 2 步(配置)

  1. 将下面的配置文件作为default.conf添加到conf.d文件夹
server {
    listen 80;
    server_name YOUR_DOMAIN;
    root /public_html/;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }
}
  1. 转到dhparam文件夹并运行以下命令:

openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048

第 3 步(LetEncrypt)

  1. docker-compose up --build
  2. 运行以下命令:

docker-compose run certbot certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email YOUR_EMAIL --agree-tos --no-eff-email -d YOUR_DOMAIN

步骤 4(修改配置)

  1. 修改您的default.conf以包含 ssl,如下所示:
server {
    listen 80;
    server_name YOUR_DOMAIN;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }

    location / {
      return 301 https://YOUR_DOMAIN$request_uri;
    }
}

server {
     listen 443 ssl http2;
     server_name YOUR_DOMAIN;

     ssl on;
     server_tokens off;
     ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
     ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
     
     ssl_buffer_size 8k;
     ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
     ssl_prefer_server_ciphers on;
     ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    location / {
        proxy_pass http://frontend:3000;
    }

}
  1. 确保你的 nextjs 已经在 3000 上运行,这是我的 nextjs docker-compose
version: '3'
services:
    frontend:
        build:
            context: ./
        environment:
            - PORT=3000
            - NODE_ENV=production
        ports:
            - 3000:3000
        networks:
            - nginx
networks:
  nginx:
    external: true

链接

我们已经稍微修改了我们的流程,我真的建议您在使用上述步骤的情况下也执行相同的操作。如果有更多信息,您可以查看下面的链接,这些人救了我:)

推荐阅读