Nginx 容器：没有为证书定义 "ssl_certificate_key"

Question

我正在尝试运行使用此 tutorial 的私有 docker 注册表。但是在我完成所有操作并运行 docker-compose 之后，我从 nginx 容器

中收到以下错误

no "ssl_certificate_key" is defined for certificate "/home/user/registry/nginx/ssl/key.pem"

这是 registry.conf 文件：

upstream docker-registry {
    server registry:5000;
}

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name privatesecurereg.netspan.com;

    ssl_certificate /home/user/registry/nginx/ssl/csr.pem;
    ssl_certificate /home/user/registry/nginx/ssl/key.pem;

    # Log files for Debug
    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;

    location / {
        # Do not allow connections from docker 1.5 and earlier
        # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
        if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" )  {
            return 404;
        }

        proxy_pass                          http://docker-registry;
        proxy_set_header  Host              $http_host;
        proxy_set_header  X-Real-IP         $remote_addr;
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_read_timeout                  900;
    }

}

什么是 rpobelom 以及如何修复它？

更新：

这是我的 docker-撰写：

nginx:
    image: nginx:alpine
    container_name: nginx
    restart: unless-stopped
    tty: true
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/conf.d/:/etc/nginx/conf.d/
      - ./nginx/ssl/:/etc/nginx/ssl/
    networks:
      - mynet

Answer 1

我认为您遗漏了 docker-compose 文件中的内容。这是我们使用的工作示例。

nginx:
  image: "nginx:alpine"
  ports:
    - 5000:443
  links:
    - registry:registry
  volumes:
    - ./auth:/etc/nginx/conf.d
    - ./auth/nginx.conf:/etc/nginx/nginx.conf:ro

registry:
  image: registry:2.7.0
  volumes:
    - ./data:/var/lib/registry

关注这部分

volumes:
    - ./auth:/etc/nginx/conf.d
    - ./auth/nginx.conf:/etc/nginx/nginx.conf:ro

这里auth文件夹有证书和密钥文件。还有用于 docker 注册表登录的 httpd 文件。

在nginx.conf中我们直接在nginx容器中引用。

# SSL
ssl_certificate /etc/nginx/conf.d/csr.pem;
ssl_certificate_key /etc/nginx/conf.d/csr.key;

Answer 2

您将证书目录 /home/user/registry/nginx/ssl/ 挂载到 docker

中的 /etc/nginx/ssl

因此，在 nginx 配置中，您需要使用 /etc/nginx/ssl 下的 ssl 文件，如果需要，更改 fullchain.pem 或 privkey.pem，顺便说一句，这是来自教程，请尝试遵循它

ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;

Nginx 容器：没有为证书定义 "ssl_certificate_key"

Nginx Container: no "ssl_certificate_key" is defined for certificate

nginx

docker

docker-registry