nginx - 让我们加密失败的授权过程 - docker

Question

我正在尝试为我的网站设置 https 证书。由于我使用的是 docker 容器，因此我设置了以下配置

Node 将公共(public)内容提供给名为 static-content

的命名驱动程序

此驱动程序由 nginx

访问和服务

我的 docker-compose 文件

version : '2'

services:
  nginx:
    container_name: nginx
    build: ./nginx/
    ports:
      - "80:80"
      - "443:443"
    links:
      - web:web
    volumes:
      - /etc/letsencrypt/:/etc/letsencrypt/
      - /etc/ssl:/etc/ssl
      - static-content:/usr/src/app

  web:
    container_name: web
    image: kannaj/42exp
    env_file: .env
    volumes:
      - ./logs:/usr/src/app/logs
      - static-content:/usr/src/app/public
    expose:
      - "8000"
    environment:
      - NODE_ENV=production

    command: npm run package

volumes:
  static-content:

运行 docker volume inspect static-content显示以下

[
    {
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/www_static-content/_data",
        "Name": "www_static-content",
        "Options": {},
        "Scope": "local"
    }
]

然后我跑sudo certbot certonly --force-renewal --webroot -w /var/lib/docker/volumes/www_static-content/_data -d 42exp.com -d www.42exp.com
但我收到以下错误

  Domain: 42exp.com
   Type:   unauthorized
   Detail: Invalid response from
   http://42exp.com/.well-known/acme-challenge/KbQko2Y6lZfiDcbZ-dF7DTchX3G__wmZVMMn4xT8tjs
   [139.162.21.71]: 404

   Domain: www.42exp.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.42exp.com/.well-known/acme-challenge/gHHrVOYg9OfLznO7SiH_HTo6A6SGLpUHYuJax1U65ws
   [139.162.21.71]: 404

经过一番研究，假设 certbot 无法访问域，我将以下内容添加到我在 nginx 中的服务器 block 中

  location ~ /.well-known {
            allow all;
    }

我现在收到了不同的 404 响应

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.42exp.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.42exp.com/.well-known/acme-challenge/dWH2F9pApDnElq8jpqiykaylqUF7NR-RZ8MmWTg1NRA:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: 42exp.com
   Type:   unauthorized
   Detail: Invalid response from
   http://42exp.com/.well-known/acme-challenge/z_A7WOrYzEEu0RvmAFkgpNCz9ONNYByGc3RkdeqmJDo:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

我查看了我的静态内容文件夹，似乎确实有一个 .well-known文件夹。我不确定为什么我仍然得到 404。
有人可以帮忙吗？

Answer 1

原来我必须在这里包含一个根指令

 location ~ /.well-known {
            root /usr/src/app;
            allow all;
    }