这是我的docker-compose.yml
:
version: '3.7'
services:
minio:
image: minio/minio
command: server -C /etc/minio --address ":9000" --console-address ":9001" /data
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin
volumes:
- minio:/data
- /etc/minio:/root/.minio/
- /etc/minio:/etc/minio/
volumes:
minio:
ls -l /etc/minio/
:
drwx------ 2 root root 4096 May 20 11:43 CAs
lrwxrwxrwx 1 root root 59 May 20 11:45 private.key -> /etc/letsencrypt/live/mydomain.com/privkey.pem
lrwxrwxrwx 1 root root 61 May 20 11:44 public.crt -> /etc/letsencrypt/live/mydomain.com/fullchain.pem
通过 http 访问可以,但通过 https 访问不行不是。我不知道哪里出了问题。遗憾的是日志没有显示任何内容,文档也没有帮助。
答案1
由于目标不存在于容器内,因此无法解析符号链接private.key
。public.crt
最简单的方法就是/etc/letsencrypt
也安装在容器内部。
请记住,每次更新证书后,您都需要重新启动容器(或至少重新加载容器内的 minio 进程)。
答案2
实际上查看错误,我同意这可能是因为它无法读取证书,但我相信这是一个权限问题,而不是错误路径问题..所以我会说使用 chown 来更改目录和文件的权限
答案3
docker_compose.yml
networks:
app-tier:
driver: bridge
services:
minio:
image: minio/minio
ports:
- "9000:9000"
- "9001:9001"
networks:
- app-tier
volumes:
- /data/minio:/data
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin
command: server --console-address ":9001" /data
nginx:
image: nginx:latest
container_name: 'nginx'
hostname: 'nginx'
ports:
- "8443:8443"
- "8444:8444"
environment:
- "VIRTUAL_HOST=minio.example.com"
- "VIRTUAL_PORT=8443"
networks:
- app-tier
volumes:
- ./conf/app.conf:/etc/nginx/conf.d/default.conf:ro"
- '/etc/letsencrypt/live/:/etc/letsencrypt/live/'
- '/etc/letsencrypt/archive/:/etc/letsencrypt/archive/'
volumes:
minio_storage: {}
app.conf 应该放在 conf 文件夹中
upstream minio {
server minio:9001;
keepalive 15;
}
upstream minio_api {
server minio:9000;
keepalive 15;
}
server {
listen 8443 ssl;
server_name minio.example.com;
ssl_certificate /etc/letsencrypt/live/minio.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/minio.example.com/privkey.pem;
resolver 8.8.8.8;
location / {
proxy_pass http://minio;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 8444 ssl;
server_name minio.example.com;
ssl_certificate /etc/letsencrypt/live/minio.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/minio.example.com/privkey.pem;
resolver 8.8.8.8;
location / {
proxy_pass http://minio_api;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
检查 /etc/letsencrypt 文件夹的权限,因为容器在非特权用户下运行