docker - Docker Linux 容器中的 SSL 证书问题
问题描述
我有一个简单的 .net core 网站,托管在 Linux docker 容器中。尝试将文件上传到数字海洋空间时出现错误“无法建立 SSL 连接”。我将本地主机证书配置为 nginx 但不起作用
码头工人撰写文件:
version: '3.4'
services:
nginx:
image: nginx:alpine
hostname: 'nginx'
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/proxy.conf:/etc/nginx/proxy.conf:ro
- ./nginx/client.cert:/etc/ssl/certs/client.cert:ro
- ./nginx/client.key:/etc/ssl/certs/client.key:ro
- ./nginx/logs/:/var/log/nginx/
ports:
- 8080:8080
- 443:443
depends_on:
- web
restart: always
web:
image: ${DOCKER_REGISTRY-}web-client
ports:
- "5000"
build:
context: .
dockerfile: src/web/Dockerfile
nginx 配置
user nginx;
worker_processes auto;
events { worker_connections 1024; }
http {
include /etc/nginx/proxy.conf;
include /etc/nginx/mime.types;
limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
# server_tokens off;
sendfile on;
keepalive_timeout 29; # Adjust to the lowest possible value that makes sense for your use case.
client_body_timeout 10; client_header_timeout 10; send_timeout 10;
upstream web_clients {
server web:5000;
}
server {
listen *:8080 default_server;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name $hostname;
ssl_certificate /etc/ssl/certs/client.cert;
ssl_certificate_key /etc/ssl/certs/client.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on; #ensure your cert is capable
ssl_stapling_verify on; #ensure your cert is capable
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
location / {
proxy_pass http://web_clients;
limit_req zone=one burst=10 nodelay;
}
}
}
我的上传功能
public static async Task UploadFile(IFormFile file)
{
string bucketName = "mybucket";
string endpoingURL = "https://mybucket.sgp1.digitaloceanspaces.com/";
IAmazonS3 s3Client;
using (var newMemoryStream = new MemoryStream())
{
file.CopyTo(newMemoryStream);
var s3ClientConfig = new AmazonS3Config
{
ServiceURL = endpoingURL
};
s3Client = new AmazonS3Client(s3ClientConfig);
try
{
var fileTransferUtility = new TransferUtility(s3Client);
var fileTransferUtilityRequest = new TransferUtilityUploadRequest
{
BucketName = bucketName + @"/files",
InputStream = newMemoryStream,
StorageClass = S3StorageClass.StandardInfrequentAccess,
PartSize = 6291456, // 6 MB
Key = file.FileName,
CannedACL = S3CannedACL.PublicRead,
};
fileTransferUtility.Upload(fileTransferUtilityRequest);
}
catch (AmazonS3Exception e)
{
Console.WriteLine("Error encountered ***. Message:'{0}' when writing an object", e.Message);
}
catch (Exception e)
{
Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message);
}
}
}
欢迎任何想法,非常感谢。
解决方案
推荐阅读
- python - 当我们通过旧版应用服务器协议发送数据消息时如何添加分析标签
- angular - AngularFire auth,模板在 Observable 时未更新
变化 - excel - Excel中的IF函数
- mysql - MYSQL:在给定的场景中我应该创建哪个索引?
- javascript - jquery选择除最后一列以外的整行
- python - 从python中的一个范围内输出随机十六进制值
- ffmpeg - 使用 ffmpeg 流式传输单个(持续更新的)图像文件
- java - 表“”不存在,跳过,表未映射
- python - 在 python 中导入 sklearn 时出错 - ImportError
- python - 如何逐字反转Python中的字符串?