Nginx
如何將 SSL 添加到我的 Nginx 和 Docker 建構中?
我正在嘗試在我的伺服器上配置 SSL,但我收到了一個找不到文件的錯誤。有什麼我想念的嗎?
這是我的 Dockerfile:
# build environment FROM node:9.6.1 as builder RUN mkdir /usr/src/app WORKDIR /usr/src/app ENV PATH /usr/src/app/node_modules/.bin:$PATH COPY package.json /usr/src/app/package.json RUN npm install --silent RUN npm install react-scripts@1.1.1 -g --silent COPY . /usr/src/app RUN npm run build # production environment FROM nginx:1.13.9-alpine COPY nginx.conf /etc/nginx/conf.d/default.conf COPY --from=builder /usr/src/app/client/build /usr/share/nginx/html EXPOSE 80 EXPOSE 443 CMD ["nginx", "-g", "daemon off;"]
我的 nginx 配置:
server { listen 80; listen 443 ssl; server_name server_name.com; ssl_certificate /etc/ssl/certs/bundle.crt; ssl_certificate_key /etc/ssl/generated-private-key.key; location / { root /usr/share/nginx/html; index index.html index.htm; try_files $uri /index.html; } }
我的碼頭工人命令:
sudo docker run -v /etc/ssl/:/etc/ssl/ -p 443:443 f021855220c3
這是我得到的錯誤:
2019/08/31 17:51:06 [emerg] 1#1: SSL_CTX_use_PrivateKey_file("/etc/ssl/generated-private-key.key") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/generated-private-key.key','r') error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib) nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/generated-private-key.key") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/generated-private-key.key','r') error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
問題是 Nginx 找不到我的密鑰。我實際上將 docker 命令作為永久後台任務而不是執行
sudo docker run -v /etc/ssl/:/etc/ssl/ -p 443:443 f021855220c3
,所以我沒有得到任何輸出!
您可以嘗試像下面這樣更改 nginx
server { listen 443; root /usr/share/nginx/html; index index.php index.html index.htm; server_name example.com; ssl on; ssl_certificate /etc/ssl/certs/your.pem; ssl_certificate_key /etc/ssl/private/your.key; ..Your stuff. ............. ............. }
希望您已經在 docker 中擁有 pem 和密鑰文件,否則將文件夾從本地機器映射到 docker,這些文件可以正常執行。