docker - Nginx LetsEncrypt 错误“/etc/letsencrypt/options-ssl-nginx.conf”没有这样的文件或目录
问题描述
我正在尝试使用 LetsEncrypt 和 Nginx 添加 https。我添加了 certbot,它运行成功。然后在尝试运行 Nginx 服务器时出现此错误。
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: error: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2020/11/21 06:24:07 [emerg] 1#1: open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23
nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23
这是我的docker-compose.yml
文件
version: '3.7'
services:
nginx_server:
image: nginx:latest
ports:
- '80:80'
- '443:443'
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
my-image:
image: my-name/my-image
ports:
- '8088:8088'
这是我nginx.conf
里面的文件data/nginx
server {
listen 80;
server_name mysite.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
proxy_pass http://my-image:8088;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
server {
listen 443 ssl default_server ssl;
server_name mysite.com;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://my-image:8088;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
Certbot 运行成功,所以我从 docker-compose 中删除了它的图像。
任何帮助,将不胜感激。谢谢
解决方案
我希望您找到了解决问题的方法,我将分享当我尝试在 docker env 中使用 nginx 和 certbot 时解决我的问题的方法,以及我为其他可能想在 docker 中使用 nginx 和 certbot 的人使用的链接。
第 1 步(基础准备)
- 创建一个名为 nginx 的网络 =>
docker network create nginx
- 将下面的 docker-compose 添加到您想用作 nginx 基础的文件夹中
version: '3.4'
services:
web:
image: nginx:1.14.2-alpine
restart: always
volumes:
- ./public_html:/public_html
- ./conf.d:/etc/nginx/conf.d/
- ./dhparam:/etc/nginx/dhparam
- ./certbot/conf/:/etc/nginx/ssl/
- ./certbot/data:/usr/share/nginx/html/letsencrypt
ports:
- 80:80
- 443:443
networks:
- nginx
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/logs/:/var/log/letsencrypt
- ./certbot/data:/usr/share/nginx/html/letsencrypt
networks:
nginx:
external: true
- 将下面的这些文件夹添加到同一目录
- conf.d
- 参数
- public_html
第 2 步(配置)
- 将下面的配置文件作为default.conf添加到conf.d文件夹
server {
listen 80;
server_name YOUR_DOMAIN;
root /public_html/;
location ~ /.well-known/acme-challenge{
allow all;
root /usr/share/nginx/html/letsencrypt;
}
}
- 转到dhparam文件夹并运行以下命令:
openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048
第 3 步(LetEncrypt)
- 跑
docker-compose up --build
- 运行以下命令:
docker-compose run certbot certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email YOUR_EMAIL --agree-tos --no-eff-email -d YOUR_DOMAIN
步骤 4(修改配置)
- 修改您的default.conf以包含 ssl,如下所示:
server {
listen 80;
server_name YOUR_DOMAIN;
location ~ /.well-known/acme-challenge{
allow all;
root /usr/share/nginx/html/letsencrypt;
}
location / {
return 301 https://YOUR_DOMAIN$request_uri;
}
}
server {
listen 443 ssl http2;
server_name YOUR_DOMAIN;
ssl on;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
location / {
proxy_pass http://frontend:3000;
}
}
- 确保你的 nextjs 已经在 3000 上运行,这是我的 nextjs docker-compose
version: '3'
services:
frontend:
build:
context: ./
environment:
- PORT=3000
- NODE_ENV=production
ports:
- 3000:3000
networks:
- nginx
networks:
nginx:
external: true
链接
我们已经稍微修改了我们的流程,我真的建议您在使用上述步骤的情况下也执行相同的操作。如果有更多信息,您可以查看下面的链接,这些人救了我:)
推荐阅读
- cluster-analysis - 如何使用多列对文本数据进行聚类?
- php - 简单的 PHP API 在 Cpanel 中给出错误 500
- javascript - iPad上的按钮单击问题和模糊
- gradle - 如何在与 gradle 的战争中排除文件
- reactjs - 使用 React Router 路由目录
- excel - TCD 数据透视表 ADODB 访问
- nuget - “...”处的 V2 提要返回了意外的状态代码“503 服务不可用”
- java - 谷歌地图是空白的,底部只有标志
- docker - VS2017 docker-compose vs docker-compose.override?
- javascript - javascript 表单通过 2 个函数获取值