docker - 无法连接正确的 nginx + certbot 配置
问题描述
我有一个在 Google VM 实例上运行并且运行良好的 nginx Web 应用程序,但是当我尝试添加 SSL 支持时,我无法再访问该站点,“无法连接”。我相信我正确配置了我的 nginx 配置以迎合 SSL。我还可以在日志中看到 nginx 和 certbot 已启动。
http {
upstream react {
server client:3000;
}
upstream phoenix {
server web:4000;
}
server {
# Listen to port 443 on both IPv4 and IPv6.
listen 80 default_server
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
# Domain names this server should respond to.
server_name tabi.blanknodes.com www.tabi.blanknodes.com;
# Load the certificate files.
ssl_certificate /etc/letsencrypt/live/tabi/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tabi/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/tabi/chain.pem;
# Load the Diffie-Hellman parameter.
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
proxy_pass https://react;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /api {
proxy_pass https://phoenix/api;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /socket {
proxy_pass https://phoenix/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
日志:
nginx_1 | Starting the Nginx service
nginx_1 | Starting the certbot autorenewal service
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: using the "epoll" event method
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: nginx/1.21.0
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: built by gcc 8.3.0 (Debian 8.3.0-6)
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: OS: Linux 5.4.104+
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: getrlimit(RLIMIT_NOFILE): 1048576:1048576
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: start worker processes
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: start worker process 122
nginx_1 | 2021/06/23 13:26:34 [notice] 117#117: start worker process 123
nginx_1 | Couldn't find the dhparam file '/etc/letsencrypt/dhparams/dhparam.pem'; creating it...
nginx_1 | mkdir: created directory '/etc/letsencrypt/dhparams'
nginx_1 |
nginx_1 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
nginx_1 | % ATTENTION! %
nginx_1 | % %
nginx_1 | % This script will now create a 2048 bit Diffie-Hellman %
nginx_1 | % parameter to use during the SSL handshake. %
nginx_1 | % %
nginx_1 | % >>>>> This MIGHT take a VERY long time! <<<<< %
nginx_1 | % (Took 65 minutes for 4096 bit on an old 3GHz CPU) %
nginx_1 | % %
nginx_1 | % However, there is some randomness involved so it might %
nginx_1 | % be both faster or slower for you. 2048 is secure enough %
nginx_1 | % for today and quite fast to generate. These files will %
nginx_1 | % only have to be created once so please be patient. %
nginx_1 | % A message will be displayed when this process finishes. %
nginx_1 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
nginx_1 |
nginx_1 | Will now output to the following file: '/etc/letsencrypt/dhparams/dhparam.pem'
nginx_1 | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx_1 | This is going to take a long time
我正在为我的 nginx + certbot 使用docker-nginx- certbot。
解决方案
推荐阅读
- ionic-framework - Ionic 3 应用内浏览器执行脚本错误
- python - infinity b'' 通过烧瓶运行 shell 脚本的问题
- postgresql - 致命:用户“postgres”的密码验证失败(postgresql 12 和 pgAdmin 4)
- reactjs - Gatsby 和 Theme-UI ColorModeProvider
- c# - 嵌套 SemaphoreSlims、安全和死锁
- git - 提交前检查 git commit 评论(检查评论中的分支名称)
- flutter - 如何阻止音频在颤动中播放
- python - 如何根据某些条件迭代python中的列表项?
- php - 将特征函数引用存储在数组中
- javascript - 使用javascript ajax接收数据并在html中显示