我正在尝试为我的网站设置 https 证书。由于我使用的是 docker 容器,因此我设置了以下配置
我的 docker-compose 文件
version : '2'
services:
nginx:
container_name: nginx
build: ./nginx/
ports:
- "80:80"
- "443:443"
links:
- web:web
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/
- /etc/ssl:/etc/ssl
- static-content:/usr/src/app
web:
container_name: web
image: kannaj/42exp
env_file: .env
volumes:
- ./logs:/usr/src/app/logs
- static-content:/usr/src/app/public
expose:
- "8000"
environment:
- NODE_ENV=production
command: npm run package
volumes:
static-content:
运行
docker volume inspect static-content
显示以下[
{
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/www_static-content/_data",
"Name": "www_static-content",
"Options": {},
"Scope": "local"
}
]
然后我跑
sudo certbot certonly --force-renewal --webroot -w /var/lib/docker/volumes/www_static-content/_data -d 42exp.com -d www.42exp.com
但我收到以下错误
Domain: 42exp.com
Type: unauthorized
Detail: Invalid response from
http://42exp.com/.well-known/acme-challenge/KbQko2Y6lZfiDcbZ-dF7DTchX3G__wmZVMMn4xT8tjs
[139.162.21.71]: 404
Domain: www.42exp.com
Type: unauthorized
Detail: Invalid response from
http://www.42exp.com/.well-known/acme-challenge/gHHrVOYg9OfLznO7SiH_HTo6A6SGLpUHYuJax1U65ws
[139.162.21.71]: 404
经过一番研究,假设 certbot 无法访问域,我将以下内容添加到我在 nginx 中的服务器 block 中
location ~ /.well-known {
allow all;
}
我现在收到了不同的 404 响应
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.42exp.com
Type: unauthorized
Detail: Invalid response from
http://www.42exp.com/.well-known/acme-challenge/dWH2F9pApDnElq8jpqiykaylqUF7NR-RZ8MmWTg1NRA:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
Domain: 42exp.com
Type: unauthorized
Detail: Invalid response from
http://42exp.com/.well-known/acme-challenge/z_A7WOrYzEEu0RvmAFkgpNCz9ONNYByGc3RkdeqmJDo:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
我查看了我的静态内容文件夹,似乎确实有一个
.well-known
文件夹。我不确定为什么我仍然得到 404。有人可以帮忙吗?
最佳答案
原来我必须在这里包含一个根指令
location ~ /.well-known {
root /usr/src/app;
allow all;
}
关于nginx - 让我们加密失败的授权过程 - docker,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44093634/