nginx - nginx docker 容器无法读取 certbot 证书
问题描述
我已经在本地安装了 certbot 并成功地为 mydomain.blah 和 site1.mydomain.blah 创建了证书,它们位于/etc/letsencrypt/live/mydomain.blah
和/etc/letsencrypt/live/site1.mydomain.blah
现在我试图在 nginx 容器中使用它们,所以在我的 docker-compose 中,我映射了一个这样的卷:
version '3.4'
services:
webserver:
image: nginx
volumes:
- ./conf:/etc/nginx/conf.d
- /etc/letsencrypt/live:/cert
ports:
- "80:80"
- "443:443"
我的 nginx conf 就是这样:
server {
listen 443 ssl;
server_name mydomain.blah;
ssl_certificate /cert/mydomain.blah/fullchain.pem;
ssl_certificate_key /cert/mydomain.blah/privkey.pem;
location / {
proxy_pass http://1.2.3.4:8080;
}
}
server {
listen 443 ssl;
server_name site1.mydomain.blah;
ssl_certificate /cert/site1.mydomain.blah/fullchain.pem;
ssl_certificate_key /cert/site1.mydomain.blah/privkey.pem;
location / {
proxy_pass http://4.3.2.1:8080;
}
}
但是当我启动我的 docker-compose 时,nginx 退出并出现错误cannot load certificate "/cert/mydomain.blah/fullchain.pem"
,因为存在No such file or directory
.
我尝试将 docker exec 放入容器中,并且文件夹及其证书都按预期存在,所以我不明白可能是什么问题
解决方案
我发现了问题: docker-compose 无法与符号链接相处,并且/etc/letsencrypt/live
文件夹符号链接到/etc/letsencrypt/archive
那些:
root@VM-CAMPI:~# ls -la /etc/letsencrypt/live/mydomain.blah/
total 12
drwxr-xr-x 2 root root 4096 Feb 12 11:04 .
drwx------ 3 root root 4096 Feb 12 11:04 ..
-rw-r--r-- 1 root root 692 Feb 12 11:04 README
lrwxrwxrwx 1 root root 38 Feb 12 11:04 cert.pem -> ../../archive/mydomain.blah/cert1.pem
lrwxrwxrwx 1 root root 39 Feb 12 11:04 chain.pem -> ../../archive/mydomain.blah/chain1.pem
lrwxrwxrwx 1 root root 43 Feb 12 11:04 fullchain.pem -> ../../archive/mydomain.blah/fullchain1.pem
lrwxrwxrwx 1 root root 41 Feb 12 11:04 privkey.pem -> ../../archive/mydomain.blah/privkey1.pem
所以解决方案只是安装第一卷文件夹:
version '3.4'
services:
webserver:
image: nginx
volumes:
- ./conf:/etc/nginx/conf.d
- /etc/letsencrypt:/cert # <-- here
ports:
- "80:80"
- "443:443"
并像这样设置 che nginx conf
server {
listen 443 ssl;
server_name mydomain.blah;
ssl_certificate /cert/live/mydomain.blah/fullchain.pem; # <-- here
ssl_certificate_key /cert/live/mydomain.blah/privkey.pem; # <-- here
location / {
proxy_pass http://1.2.3.4:8080;
}
}
server {
listen 443 ssl;
server_name site1.mydomain.blah;
ssl_certificate /cert/live/site1.mydomain.blah/fullchain.pem; # <-- here
ssl_certificate_key /cert/live/site1.mydomain.blah/privkey.pem; # <-- here
location / {
proxy_pass http://4.3.2.1:8080;
}
}
推荐阅读
- r - R中的模板文字
- javascript - javascript中的ruby插入等效项
- python - Python - 如何将信息从字典添加到列表框小部件?
- mongodb - MONGODB 返回字段的最小值,如果属于去年,否则返回集合的最小值
- javascript - 如何在“className”之外启用顺风智能感知?
- python - pygame中的射弹运动离开墙壁
- javascript - TypeError React-Leaflet:无法读取 null 的属性“x”
- ruby-on-rails - 如何使用 1 个帖子模型处理多个设计用户模型
- python - 是否有信号处理或其他 python/R 技术在主要点拆分数据集?
- ansible - 什么相当于在剧本中运行 ansible -m setup --tree?