Nginx

如何將 SSL 添加到我的 Nginx 和 Docker 建構中?

  • September 17, 2019

我正在嘗試在我的伺服器上配置 SSL,但我收到了一個找不到文件的錯誤。有什麼我想念的嗎?

這是我的 Dockerfile:

# build environment
FROM node:9.6.1 as builder
RUN mkdir /usr/src/app
WORKDIR /usr/src/app
ENV PATH /usr/src/app/node_modules/.bin:$PATH
COPY package.json /usr/src/app/package.json
RUN npm install --silent
RUN npm install react-scripts@1.1.1 -g --silent
COPY . /usr/src/app
RUN npm run build

# production environment
FROM nginx:1.13.9-alpine
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY --from=builder /usr/src/app/client/build /usr/share/nginx/html
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]

我的 nginx 配置:

server {
   listen       80;

   listen 443 ssl;

   server_name server_name.com;
   ssl_certificate /etc/ssl/certs/bundle.crt;
   ssl_certificate_key /etc/ssl/generated-private-key.key;

   location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;
       try_files $uri /index.html;
   }
}

我的碼頭工人命令:

sudo docker run -v /etc/ssl/:/etc/ssl/ -p 443:443 f021855220c3

這是我得到的錯誤:

2019/08/31 17:51:06 [emerg] 1#1: SSL_CTX_use_PrivateKey_file("/etc/ssl/generated-private-key.key") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/generated-private-key.key','r') error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/generated-private-key.key") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/generated-private-key.key','r') error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

問題是 Nginx 找不到我的密鑰。我實際上將 docker 命令作為永久後台任務而不是執行sudo docker run -v /etc/ssl/:/etc/ssl/ -p 443:443 f021855220c3,所以我沒有得到任何輸出!

您可以嘗試像下面這樣更改 nginx

server 
{
listen 443;

root /usr/share/nginx/html;
index index.php index.html index.htm;

server_name example.com;

ssl    on;
ssl_certificate    /etc/ssl/certs/your.pem;
ssl_certificate_key    /etc/ssl/private/your.key;

..Your stuff.
.............
.............

}

希望您已經在 docker 中擁有 pem 和密鑰文件,否則將文件夾從本地機器映射到 docker,這些文件可以正常執行。

引用自:https://serverfault.com/questions/981434