Nginx無法在docker容器中加載證書-有解無憂

因此，我嘗試在 docker 容器中使用帶有 certbot 證書的 nginx，但即使檔案存在，我也會收到此錯誤。

2022/10/07 11:08:47 [emerg] 15#15: cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

證書是在 docker 容器之外生成的并安裝到 nginx 中（所以我可能做錯了）。

nginx:
    container_name: best-nginx
    build:
      context: .
    restart: always
    image: nginx:alpine
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
      - /etc/letsencrypt/live/mycerts:/etc/nginx/certs
    ports:
      - "443:443"

默認.conf

server {
    root /usr/share/nginx/html;
    index index.html index.htm index.nginx-debian.html;

    server_name myservername.com;

    location / {
            try_files $uri $uri/ =404;
    }

    location /keycloak {
            proxy_pass http://localhost:28080/;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/nginx/certs/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/nginx/certs/privkey.pem; # managed by Certbot
}

Dockerfile

# develop stage
FROM node:18-alpine as develop-stage
WORKDIR /app
COPY package*.json ./
COPY tsconfig.json ./
RUN npm install
COPY ./public ./public
COPY ./src ./src

# build stage
FROM develop-stage as build-stage
RUN npm run build

# production stage
FROM nginx:1.23.1-alpine as production-stage
COPY --from=build-stage /app/build /usr/share/nginx/html
CMD ["nginx", "-g", "daemon off;"]

我觀察到的是 certbot 生成了 4 個檔案，而我在 default.conf 中只使用了 2 個檔案

這可能是我問題的根源嗎？

謝謝。

//編輯：檔案存在于 /etc/letsencrypt/live/mycerts 但沒有 root 訪問權限我無法訪問 live/mycerts。所以我認為他們可能會被奇怪地映射？

這是 docker 容器中的 ls -la ，在 /etc/nginx/certs 中，它們看起來有點奇怪。

lrwxrwxrwx    1 root     root            45 Oct  7 10:20 cert.pem -> ../../archive/mycerts/cert1.pem
lrwxrwxrwx    1 root     root            46 Oct  7 10:20 chain.pem -> ../../archive/mycerts/chain1.pem
lrwxrwxrwx    1 root     root            50 Oct  7 10:20 fullchain.pem -> ../../archive/mycerts/fullchain1.pem
lrwxrwxrwx    1 root     root            48 Oct  7 10:20 privkey.pem -> ../../archive/mycerts/privkey1.pem

uj5u.com熱心網友回復：

您正在安裝一個帶有符號鏈接的檔案夾，在您的容器中，您將獲得指向同一位置的符號鏈接，而不是真實檔案。

所以要么你掛載一個推薦真實證書檔案的目錄

或掛載archive/mycerts:/etc符號鏈接指向容器內的真實檔案，不推薦

轉載請註明出處，本文鏈接：https://www.uj5u.com/qukuanlian/511177.html

標籤：码头工人nginxssl

上一篇：NGINXDjango服務器上的HTTP到HTTPS

下一篇：docker容器中的Nginx沒有捕獲任何請求