docker nginx容器配置https失败,总是报超时

【问题标题】:Failed to config the https on the docker nginx container, always report time outdocker nginx容器配置https失败,总是报超时
【发布时间】:2017-05-30 07:33:52
【问题描述】:

操作系统:

LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:    CentOS Linux release 7.3.1611 (Core)
Release:    7.3.1611
Codename:   Core

Docker 版本:

Client:
 Version:      17.03.1-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Mon Mar 27 17:05:44 2017
 OS/Arch:      linux/amd64

服务器:

 Version:      17.03.1-ce
 API version:  1.27 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Mon Mar 27 17:05:44 2017
 OS/Arch:      linux/amd64
 Experimental: false

Nginx 镜像为官方镜像(最新)

[root@iZ2zea8ff3mfutp3knnkyyZ ~]# docker images
 REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
 nginx               latest              3448f27c273f        2 weeks ago         109 MB

运行nginx的命令:

docker run -d -p 80:80 -p 443:443 --network=stone --ip=172.18.0.10 --name nginx -v /var/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro -v /var/nginx/conf/vhosts:/etc/nginx/conf.d:ro -v /var/nginx/conf/certs:/etc/nginx/certs:ro -v /var/nginx/www:/usr/share/nginx:rw -v /var/nginx/log:/var/log/nginx:rw nginx

我把证书和私钥存放在/var/nginx/conf/certs,运行nginx镜像的时候挂载,https证书是“外延域名”(如:*.domain.com)

nignx 配置文件

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

ssl_certificate     certs/1_domain.com_bundle.crt;
ssl_certificate_key certs/2_domain.com.key;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;

server_name         testfrontend.domain.com;
root /usr/share/nginx/html;

index index.php index.html index.htm;

access_log  /var/log/nginx/access.log;
error_log   /var/log/nginx/error.log debug;

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
 location ~ \.php$ {
    fastcgi_pass   172.18.0.11:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
 }

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.well-known {
    allow  all;
}
}

就是这样,但是当我用Chrome访问“testfrontend.domain.com”时,总是报告超时。

我也使用 wget 来测试它。仍然报告超时。

我已经检查了 access.log 和 error.log

access.log 为空。

我将 error.log 的级别转为调试。 以下是它记录的信息

2017/05/30 00:40:28 [notice] 1#1: using the "epoll" event method
2017/05/30 00:40:28 [notice] 1#1: nginx/1.13.0
2017/05/30 00:40:28 [notice] 1#1: built by gcc 6.3.0 20170205 (Debian 6.3.0-6)
2017/05/30 00:40:28 [notice] 1#1: OS: Linux 3.10.0-514.10.2.el7.x86_64
2017/05/30 00:40:28 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 65536:65536
2017/05/30 00:40:28 [notice] 1#1: start worker processes
2017/05/30 00:40:28 [notice] 1#1: start worker process 7

【问题讨论】:

    标签: ssl nginx docker


    【解决方案1】:

    我想通了,我犯了一个愚蠢的错误,我在中国使用阿里云服务器,除了服务器上安装的防火墙,还有另一个防火墙叫安全策略,我应该在上面打开443端口,不幸的是我不是。好的,这就是原因。谢谢大家。希望这可以帮助某人。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2018-09-27
      • 1970-01-01
      • 2020-08-03
      • 2015-12-31
      • 2012-10-03
      • 1970-01-01
      • 1970-01-01
      • 2019-11-20
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode