Docker 中的 Nginx 无法加载 SSL 证书
SSL Certificate fails to load with Nginx in Docker
我有一个正在尝试部署的 Dockerized Web 应用程序。我正在使用 Nginx 和 uWSGI 来提供静态文件和管理流量。
我有一段时间被一个问题困住了。我也想通过 HTTPS 为应用程序提供服务(很明显)。
我在这里添加相关信息,如果需要更多信息,请告诉我。
目录结构:
root
|
'-> app (django app)
'-> proxy (nginx)
'-> Dockerfile (calling it Nginx-Dockerfile in the remainder of the post)
'-> data/certs/
'-> example.com.crt
'-> example.com.key
'-> default.conf (configuration for nginx)
'-> ... (some more files, irrelevant to the problem)
'-> docker-compose-deploy.yml
'-> Dockerfile (calling it root-Dockerfile in the remainder of the post)
'-> ... (some more files, irrelevant to the problem)
如上所示,我已经创建了SSL证书。
Nginx-Dockerfile:
FROM nginxinc/nginx-unprivileged:1-alpine
LABEL maintainer="hackacademy.in"
COPY ./default.conf.tpl /etc/nginx/default.conf.tpl
COPY ./uwsgi_params /etc/nginx/uwsgi_params
COPY ./data/certs/example.com.crt /etc/nginx/certs
COPY ./data/certs/example.com.key /etc/nginx/certs
COPY ./run.sh /run.sh
ENV LISTEN_PORT=8000
ENV APP_HOST=app
ENV APP_PORT=9000
USER root
RUN mkdir -p /vol/static && \
chmod 755 /vol/static && \
touch /etc/nginx/conf.d/default.conf && \
chown nginx:nginx /etc/nginx/conf.d/default.conf && \
chmod +x /run.sh && \
chmod +rx /etc/nginx/certs
VOLUME /vol/static
USER nginx
CMD ["/run.sh"]
default.conf
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/certs/example.com.crt;
ssl_certificate_key /etc/nginx/certs/example.com.key;
location /static {
alias /vol/web/;
}
location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
server {
listen 80;
server_name example.com;
location / {
return 301 https://$host$request_uri;
}
}
这成功构建了映像,但 nginx 服务器出错,实际上并没有达到目的。它在日志中显示的错误是
nginx: [emerg] cannot load certificate "/etc/nginx/certs/example.com.crt": BIO_new_file() failed (SSL: error:02001014:system library:fopen:Not a directory:fopen('/etc/nginx/certs/example.com.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib)
我已经做了相当多的实验和谷歌搜索,但我陷入了某种循环。我是第一次部署 Web 应用程序,我什至不是 Web 开发人员(我正在学习),所以请用简单的术语帮助我。将不胜感激。
注意:我在这个 post 的所有地方都用 example.com 替换了我的域名。
我找到了解决方案。
我将 Nginx-Dockerfile 更改为
FROM nginx:1.21.3
LABEL maintainer="hackacademy.in"
COPY ./default.conf.tpl /etc/nginx/default.conf.tpl
COPY ./uwsgi_params /etc/nginx/uwsgi_params
COPY ./data/certs/example.com.crt /etc/nginx/certs/
COPY ./data/certs/example.com.key /etc/nginx/certs/
COPY ./run.sh /run.sh
ENV LISTEN_PORT=8000
ENV APP_HOST=app
ENV APP_PORT=9000
RUN mkdir -p /vol/static && \
chmod 755 /vol/static && \
touch /etc/nginx/conf.d/default.conf && \
chown nginx:nginx /etc/nginx/conf.d/default.conf && \
chmod +x /run.sh && \
chmod +r /etc/nginx/certs/example.com.crt && \
chmod +r /etc/nginx/certs/example.com.key
VOLUME /vol/static
CMD ["/run.sh"]
我有一个正在尝试部署的 Dockerized Web 应用程序。我正在使用 Nginx 和 uWSGI 来提供静态文件和管理流量。
我有一段时间被一个问题困住了。我也想通过 HTTPS 为应用程序提供服务(很明显)。
我在这里添加相关信息,如果需要更多信息,请告诉我。
目录结构:
root
|
'-> app (django app)
'-> proxy (nginx)
'-> Dockerfile (calling it Nginx-Dockerfile in the remainder of the post)
'-> data/certs/
'-> example.com.crt
'-> example.com.key
'-> default.conf (configuration for nginx)
'-> ... (some more files, irrelevant to the problem)
'-> docker-compose-deploy.yml
'-> Dockerfile (calling it root-Dockerfile in the remainder of the post)
'-> ... (some more files, irrelevant to the problem)
如上所示,我已经创建了SSL证书。
Nginx-Dockerfile:
FROM nginxinc/nginx-unprivileged:1-alpine
LABEL maintainer="hackacademy.in"
COPY ./default.conf.tpl /etc/nginx/default.conf.tpl
COPY ./uwsgi_params /etc/nginx/uwsgi_params
COPY ./data/certs/example.com.crt /etc/nginx/certs
COPY ./data/certs/example.com.key /etc/nginx/certs
COPY ./run.sh /run.sh
ENV LISTEN_PORT=8000
ENV APP_HOST=app
ENV APP_PORT=9000
USER root
RUN mkdir -p /vol/static && \
chmod 755 /vol/static && \
touch /etc/nginx/conf.d/default.conf && \
chown nginx:nginx /etc/nginx/conf.d/default.conf && \
chmod +x /run.sh && \
chmod +rx /etc/nginx/certs
VOLUME /vol/static
USER nginx
CMD ["/run.sh"]
default.conf
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/certs/example.com.crt;
ssl_certificate_key /etc/nginx/certs/example.com.key;
location /static {
alias /vol/web/;
}
location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
server {
listen 80;
server_name example.com;
location / {
return 301 https://$host$request_uri;
}
}
这成功构建了映像,但 nginx 服务器出错,实际上并没有达到目的。它在日志中显示的错误是
nginx: [emerg] cannot load certificate "/etc/nginx/certs/example.com.crt": BIO_new_file() failed (SSL: error:02001014:system library:fopen:Not a directory:fopen('/etc/nginx/certs/example.com.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib)
我已经做了相当多的实验和谷歌搜索,但我陷入了某种循环。我是第一次部署 Web 应用程序,我什至不是 Web 开发人员(我正在学习),所以请用简单的术语帮助我。将不胜感激。
注意:我在这个 post 的所有地方都用 example.com 替换了我的域名。
我找到了解决方案。
我将 Nginx-Dockerfile 更改为
FROM nginx:1.21.3
LABEL maintainer="hackacademy.in"
COPY ./default.conf.tpl /etc/nginx/default.conf.tpl
COPY ./uwsgi_params /etc/nginx/uwsgi_params
COPY ./data/certs/example.com.crt /etc/nginx/certs/
COPY ./data/certs/example.com.key /etc/nginx/certs/
COPY ./run.sh /run.sh
ENV LISTEN_PORT=8000
ENV APP_HOST=app
ENV APP_PORT=9000
RUN mkdir -p /vol/static && \
chmod 755 /vol/static && \
touch /etc/nginx/conf.d/default.conf && \
chown nginx:nginx /etc/nginx/conf.d/default.conf && \
chmod +x /run.sh && \
chmod +r /etc/nginx/certs/example.com.crt && \
chmod +r /etc/nginx/certs/example.com.key
VOLUME /vol/static
CMD ["/run.sh"]