因此,我尝试在 docker 容器中使用带有 certbot 证书的 nginx,但即使该文件存在,我也会收到此错误。
2022/10/07 11:08:47 [emerg] 15#15: cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
证书是在 docker 容器外部生成的,并安装到 nginx 中(所以我可能做错了)。
nginx:
container_name: best-nginx
build:
context: .
restart: always
image: nginx:alpine
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- /etc/letsencrypt/live/mycerts:/etc/nginx/certs
ports:
- "443:443"
默认.conf
server {
root /usr/share/nginx/html;
index index.html index.htm index.nginx-debian.html;
server_name myservername.com;
location / {
try_files $uri $uri/ =404;
}
location /keycloak {
proxy_pass http://localhost:28080/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/certs/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/nginx/certs/privkey.pem; # managed by Certbot
}
Dockerfile
# develop stage
FROM node:18-alpine as develop-stage
WORKDIR /app
COPY package*.json ./
COPY tsconfig.json ./
RUN npm install
COPY ./public ./public
COPY ./src ./src
# build stage
FROM develop-stage as build-stage
RUN npm run build
# production stage
FROM nginx:1.23.1-alpine as production-stage
COPY --from=build-stage /app/build /usr/share/nginx/html
CMD ["nginx", "-g", "daemon off;"]
我观察到 certbot 生成了 4 个文件,而我在 default.conf 中只使用了 2 个文件
这可能是我问题的根源吗?
谢谢。
//编辑: 这些文件存在于/etc/letsencrypt/live/mycerts 中,但如果没有 root 访问权限,我无法访问 live/mycerts 。所以我认为它们的映射可能很奇怪?
这是 docker 容器中/etc/nginx/certs 中的 ls -la,它们看起来有点奇怪。
lrwxrwxrwx 1 root root 45 Oct 7 10:20 cert.pem -> ../../archive/mycerts/cert1.pem
lrwxrwxrwx 1 root root 46 Oct 7 10:20 chain.pem -> ../../archive/mycerts/chain1.pem
lrwxrwxrwx 1 root root 50 Oct 7 10:20 fullchain.pem -> ../../archive/mycerts/fullchain1.pem
lrwxrwxrwx 1 root root 48 Oct 7 10:20 privkey.pem -> ../../archive/mycerts/privkey1.pem
最佳答案
您正在安装一个带有符号链接(symbolic link)的文件夹,在您的容器中,您将获得指向同一位置的符号链接(symbolic link),而不是真正的文件。
因此,要么安装一个包含真实证书文件的目录推荐
或挂载archive/mycerts:/etc
,以便符号链接(symbolic link)指向容器内的真实文件不推荐
关于docker - Nginx 无法在 docker 容器中加载证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73986304/