![nginx:[emerg] 无法在 EC2 实例中加载证书密钥 etc/nginx/certs/](https://linux22.com/image/783069/nginx%EF%BC%9A%5Bemerg%5D%20%E6%97%A0%E6%B3%95%E5%9C%A8%20EC2%20%E5%AE%9E%E4%BE%8B%E4%B8%AD%E5%8A%A0%E8%BD%BD%E8%AF%81%E4%B9%A6%E5%AF%86%E9%92%A5%20etc%2Fnginx%2Fcerts%2F.png)
我目前正在 Docker 容器上运行 NGINX。在运行 Ubuntu 20.04 的 EC2 实例中,我已将 SSL 密钥存储在目录中/etc/ssl/certs。我有证书,也有密钥。
当我在本地运行 NGINX 容器时,我能够读取/etc/ssl/certs并且密钥具有以下权限。
/etc/nginx/certs # ls -lah
total 12K
drwxr-xr-x 4 root root 128 Jan 5 22:16 .
drwxr-xr-x 1 root root 4.0K Jan 6 20:56 ..
-rw-r--r-- 1 root root 241 Jan 5 22:19 domus.key
-rw-r--r-- 1 root root 1.2K Jan 5 22:53 domus.pem
但是,当我尝试使用以下命令在 EC2 实例中运行 NGINX 容器时:
docker run -d -p 443:443 -p 80:80 -u root -v /etc/ssl/certs:/etc/nginx/certs 185ea737e05e
我收到以下错误:
nginx:[emerg] 无法加载证书密钥“/etc/nginx/certs/domus.key”:BIO_new_file()失败(SSL:错误:80000002:系统库::没有此文件或目录:调用 fopen(/etc/nginx/certs/domus.key,r)错误:10000080:BIO 例程::没有此文件)
看来 nginx 能够读取domus.pem文件,但不能读取文件中的键domus.key。因为在配置中我们可以看到domus.pem首先读取的是。
# HTTPS server
#
server {
listen 443 ssl;
server_name somedomain.com www.somedomain.com;
ssl_certificate /etc/nginx/certs/domus.pem;
ssl_certificate_key /etc/nginx/certs/domus.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://127.0.0.1:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
include servers/*;
有没有办法可以在 EC2 中运行 Docker 容器以便 NGINX 可以访问/etc/nginx/certs/domus.key?