Nginx无法在Docker容器中加载证书

bakd9h0s  于 2022-11-02  发布在  Nginx
关注(0)|答案(1)|浏览(1201)

所以我尝试在docker容器中使用nginx和certbot证书,但是我得到了这个错误,即使文件存在。

2022/10/07 11:08:47 [emerg] 15#15: cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

证书是在docker容器之外生成的,并被挂载到nginx中(所以我可能做错了)。

nginx:
    container_name: best-nginx
    build:
      context: .
    restart: always
    image: nginx:alpine
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
      - /etc/letsencrypt/live/mycerts:/etc/nginx/certs
    ports:
      - "443:443"

default.conf

server {
    root /usr/share/nginx/html;
    index index.html index.htm index.nginx-debian.html;

    server_name myservername.com;

    location / {
            try_files $uri $uri/ =404;
    }

    location /keycloak {
            proxy_pass http://localhost:28080/;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/nginx/certs/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/nginx/certs/privkey.pem; # managed by Certbot
}

停靠文件


# develop stage

FROM node:18-alpine as develop-stage
WORKDIR /app
COPY package*.json ./
COPY tsconfig.json ./
RUN npm install
COPY ./public ./public
COPY ./src ./src

# build stage

FROM develop-stage as build-stage
RUN npm run build

# production stage

FROM nginx:1.23.1-alpine as production-stage
COPY --from=build-stage /app/build /usr/share/nginx/html
CMD ["nginx", "-g", "daemon off;"]

我观察到certbot生成了4个文件,而我在默认的.conf中只使用了2个
难道这就是我问题的根源吗?

  • 谢谢-谢谢
    //编辑:文件存在于/etc/letsencrypt/live/mycerts中,但是我没有root权限就不能访问live/mycerts。所以我想它们可能被奇怪地Map了?
    下面是docker容器中的ls -la,位于/etc/nginx/certs中,它们看起来有点奇怪。
lrwxrwxrwx    1 root     root            45 Oct  7 10:20 cert.pem -> ../../archive/mycerts/cert1.pem
lrwxrwxrwx    1 root     root            46 Oct  7 10:20 chain.pem -> ../../archive/mycerts/chain1.pem
lrwxrwxrwx    1 root     root            50 Oct  7 10:20 fullchain.pem -> ../../archive/mycerts/fullchain1.pem
lrwxrwxrwx    1 root     root            48 Oct  7 10:20 privkey.pem -> ../../archive/mycerts/privkey1.pem
nginx

1条答案

按热度按时间
0dxa2lsx

0dxa2lsx1#

你正在挂载一个带有符号链接的文件夹,在你的容器中你将得到指向同一位置的符号链接,而不是真实的的文件。
因此,您可以挂载包含真实的证书文件的目录推荐
或挂载archive/mycerts:/etc,以便符号链接指向容器内的真实的文件不推荐

赞(0)分享  回复(0)举报  2022-11-02
我来回答

相关问题

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com