Docker nginx 配置 SSL 证书 cannot load certificate
Posted on 2023-09-11 11:56 valeb 阅读(787) 评论(0) 编辑 收藏 举报错误原因分析:
cannot load certificate "/etc/nginx/test.com.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/test.com.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
有很多博客写的是权限 问题! 当然,权限可能只是其一,但问题的本质不是这个。
Nginx 在DOCKER 内,要配置 SSL 证书 , 配置后出现这个问题,查了一天,终是无用。
后思索分析:
Nginx 在 Docker 内 。 配置应该 在 nginx 的容器里,而不是宿主机!!!
故将 SSL 证拷入容器配置后就OK 了!
最后 将SSL 证书目录 挂载到 nginx 上,配置改用 nginx 内部的文件目录,就OK 。
docker run -p 80:80 -p 433:433 \ -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf \ -v /etc/nginx/logs:/var/log/nginx \ -v /etc/nginx/html:/usr/share/nginx/html \ -v /etc/nginx/conf:/etc/nginx/conf.d \ -v /etc/certs:/certs \ --- /etc/certs 宿主机SSL 存放目录 ,-- Nginx 容器内存放目录 /certs
-v /etc/localtime:/etc/localtime \ --name nginx \ --restart=always \ -d nginx:latest
seserver {
listen 443 ssl;
server_name ~^(?<subdomain>.+).test.com$;
client_max_body_size 10M;
ssl_certificate /certs/test.com.pem;
ssl_certificate_key /certs/test.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5000m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($subdomain ~* "nexus") {
proxy_pass http://nexus_ssl;
}
}
}
讓眾人的薪枝構起這團熱情的火焰