如何向我的 Nginx 和 Docker 构建添加 SSL?

tag-icon tag-icon nginx ssl docker
如何向我的 Nginx 和 Docker 构建添加 SSL?

我正在尝试在服务器上配置 SSL,但一直收到文件未找到错误。我是不是漏掉了什么?

这是我的 Dockerfile:

# build environment
FROM node:9.6.1 as builder
RUN mkdir /usr/src/app
WORKDIR /usr/src/app
ENV PATH /usr/src/app/node_modules/.bin:$PATH
COPY package.json /usr/src/app/package.json
RUN npm install --silent
RUN npm install [email protected] -g --silent
COPY . /usr/src/app
RUN npm run build

# production environment
FROM nginx:1.13.9-alpine
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY --from=builder /usr/src/app/client/build /usr/share/nginx/html
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]

我的 nginx 配置:

server {
    listen       80;

    listen 443 ssl;

    server_name server_name.com;
    ssl_certificate /etc/ssl/certs/bundle.crt;
    ssl_certificate_key /etc/ssl/generated-private-key.key;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        try_files $uri /index.html;
    }
}

我的docker命令:

sudo docker run -v /etc/ssl/:/etc/ssl/ -p 443:443 f021855220c3

这是我得到的错误:

2019/08/31 17:51:06 [emerg] 1#1: SSL_CTX_use_PrivateKey_file("/etc/ssl/generated-private-key.key") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/generated-private-key.key','r') error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/generated-private-key.key") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/generated-private-key.key','r') error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

答案1

你可以尝试像下面这样更改 nginx 吗

server 
{
 listen 443;

 root /usr/share/nginx/html;
 index index.php index.html index.htm;

 server_name example.com;

 ssl    on;
 ssl_certificate    /etc/ssl/certs/your.pem;
 ssl_certificate_key    /etc/ssl/private/your.key;

..Your stuff.
.............
.............

}

希望您已经在 docker 中拥有 pem 和 key 文件,否则使用这些文件将文件夹从本地机器映射到 docker 以正常运行。

答案2

问题是 Nginx 找不到我的密钥。我实际上是将 docker 命令作为永久后台任务而不是运行sudo docker run -v /etc/ssl/:/etc/ssl/ -p 443:443 f021855220c3,所以我没有得到任何输出!

相关内容