如何解决SSl 无法使用 NGINX 在 Dockerized certbot 中获得本地颁发者证书
我在 docker-compose 中的配置有问题。我有一个 docker 容器,后端服务器很少,NGINX 和一个单独的 certbot。所有配置文件都被固定,问题是首先,问题是certbot正确添加了所有内容,之后,NGINX看不到给客户端证书。几乎相同的配置适用于另一个域,所以我不知道出了什么问题,期待任何猜测。
docker-compose 文件
version: '3'
services:
uploader:
image: badconfig/backend2
container_name: uploader
tty: true
environment:
- DATABASE_URL=
volumes:
- ./migrations/:/redrufus/migrations/
networks:
- app-network
server:
image: badconfig/backend1
container_name: server
tty: true
environment:
- DATABASE_URL=
ports:
- "8088:8088"
volumes:
- ./migrations/:/redrufus/migrations/
networks:
- app-network
redrufus_postgres:
image: "postgres:12.6"
container_name: redrufus_postgres
restart: unless-stopped
ports:
- "7089:5432"
environment:
POSTGRES_DB: diesel_db
POSTGRES_PASSWORD:
POSTGRES_USER: main
networks:
- app-network
volumes:
- pg_redrufus:/var/lib/postgresql/data
nginx:
image: nginx:1.15-alpine
container_name: nginx
restart: unless-stopped
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
ports:
- "80:80"
- "443:443"
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
networks:
- app-network
certbot:
image: certbot/certbot
restart: unless-stopped
container_name: cert-bot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
networks:
- app-network
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
volumes:
pg_redrufus:
networks:
app-network:
driver: bridge
文件数据/nginx/app.conf
server {
listen 80;
server_name redrufus.art www.redrufus.art;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name redrufus.art www.redrufus.art;
server_tokens off;
client_max_body_size 15M;
ssl_certificate /etc/letsencrypt/live/redrufus.art/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redrufus.art/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
## All static files will be served directly.
root /var/tools;
location /static {
access_log off;
expires 30d;
add_header Cache-Control public;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=3000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
location /uploader/load {
proxy_pass http://uploader:8088;
}
location /api {
proxy_pass http://server:8088;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。