【问题标题】:Nginx LetsEncrypt error "/etc/letsencrypt/options-ssl-nginx.conf" no such file or directoryNginx LetsEncrypt 错误“/etc/letsencrypt/options-ssl-nginx.conf”没有这样的文件或目录
【发布时间】:2021-03-04 12:27:36
【问题描述】:

我正在尝试使用 LetsEncrypt 和 Nginx 添加 https。我添加了 certbot,它运行成功。然后在尝试运行 Nginx 服务器时出现此错误。

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: error: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2020/11/21 06:24:07 [emerg] 1#1: open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23
nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23

这是我的docker-compose.yml 文件

version: '3.7'

services:

  nginx_server:
    image: nginx:latest
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    

 my-image:
    image: my-name/my-image
    ports:
      - '8088:8088'

这是我在data/nginx 中的nginx.conf 文件

server {
    listen 80;
    server_name mysite.com;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

   location / {
        proxy_pass        http://my-image:8088;
             proxy_set_header  X-Real-IP $remote_addr;
             proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header  Host $http_host;
    }
}
server {
        listen 443 ssl default_server ssl;
        server_name mysite.com;

        ssl_certificate     /etc/letsencrypt/live/mysite.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
        ssl_trusted_certificate  /etc/letsencrypt/live/mysite.com/fullchain.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        location / {
             proxy_pass        http://my-image:8088;
             proxy_set_header  X-Real-IP $remote_addr;
             proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header  Host $http_host;
        }


}

Certbot 运行成功,因此我已从 docker-compose 中删除了它的映像。

任何帮助将不胜感激。谢谢

【问题讨论】:

    标签: docker nginx docker-compose lets-encrypt certbot


    【解决方案1】:

    我希望您找到了解决问题的方法,当我尝试在 docker env 中使用 nginx 和 certbot 时,我将分享解决我的问题的方法,以及我为其他可能想在 docker 中使用 nginx 和 certbot 的人使用的链接。

    第 1 步(基础准备)

    1. 创建一个名为 nginx 的网络 => docker network create nginx
    2. 将下面的 docker-compose 添加到您想用作 nginx 基础的文件夹中
    version: '3.4'
    
    services: 
      web:
        image: nginx:1.14.2-alpine
        restart: always
        volumes:
          - ./public_html:/public_html
          - ./conf.d:/etc/nginx/conf.d/
          - ./dhparam:/etc/nginx/dhparam
          - ./certbot/conf/:/etc/nginx/ssl/
          - ./certbot/data:/usr/share/nginx/html/letsencrypt
        ports:
          - 80:80
          - 443:443
        networks:
            - nginx
      certbot:
         image: certbot/certbot:latest
         volumes:
           - ./certbot/conf/:/etc/letsencrypt
           - ./certbot/logs/:/var/log/letsencrypt
           - ./certbot/data:/usr/share/nginx/html/letsencrypt
    
    networks:
      nginx:
        external: true
    
    1. 将以下这些文件夹添加到同一目录中
    • conf.d
    • dhparam
    • public_html

    第 2 步(配置)

    1. 将下面的配置文件作为 default.conf 添加到 conf.d 文件夹
    server {
        listen 80;
        server_name YOUR_DOMAIN;
        root /public_html/;
    
        location ~ /.well-known/acme-challenge{
          allow all;
          root /usr/share/nginx/html/letsencrypt;
        }
    }
    
    1. 进入 dhparam 文件夹并运行以下命令:

    openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048

    第 3 步(LetEncrypt)

    1. 运行docker-compose up --build
    2. 运行以下命令:

    docker-compose run certbot certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email YOUR_EMAIL --agree-tos --no-eff-email -d YOUR_DOMAIN

    第 4 步(修改配置)

    1. 修改您的 default.conf 以包含 ssl,如下所示:
    server {
        listen 80;
        server_name YOUR_DOMAIN;
    
        location ~ /.well-known/acme-challenge{
          allow all;
          root /usr/share/nginx/html/letsencrypt;
        }
    
        location / {
          return 301 https://YOUR_DOMAIN$request_uri;
        }
    }
    
    server {
         listen 443 ssl http2;
         server_name YOUR_DOMAIN;
    
         ssl on;
         server_tokens off;
         ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
         ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
         ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
         
         ssl_buffer_size 8k;
         ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
         ssl_prefer_server_ciphers on;
         ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    
        location / {
            proxy_pass http://frontend:3000;
        }
    
    }
    
    1. 确保你的 nextjs 已经在 3000 上运行,这是我的 nextjs docker-compose
    version: '3'
    services:
        frontend:
            build:
                context: ./
            environment:
                - PORT=3000
                - NODE_ENV=production
            ports:
                - 3000:3000
            networks:
                - nginx
    networks:
      nginx:
        external: true
    

    链接

    我们已经稍微修改了我们的流程,我真的建议您在使用上述步骤的情况下也执行相同的操作。如果有更多信息,您可以查看下面的链接,这些人救了我:)

    【讨论】:

      猜你喜欢
      • 2021-09-04
      • 2019-01-22
      • 2014-04-08
      • 2021-04-08
      • 2019-12-04
      • 1970-01-01
      • 2015-05-01
      • 2023-03-09
      • 2021-10-31
      相关资源
      最近更新 更多