添加让我们使用 docker 在 nginx 上加密
无需创建 ssl 证书,使用 docker 的 django 应用程序和 nginx 工作正常
在尝试使用以下命令安装 Lets 加密证书时,我遇到了这个问题。错过了什么?
docker-compose -f docker-compose-deploy.yml run --rm certbot certonly --manual --webroot-path /var/www/certbot/ -d example.com
以下问题持续存在
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: example.com
Type: connection
Detail: Fetching http://example.com/.well-known/acme-challenge/bkNM7S88bVGypFpUHsnNdasfaRgA3GKqTGX2jciYD4H_I: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Docker-compose 文件如下所示:
proxy:
build:
context: ./proxy
restart: always
depends_on:
- app
ports:
- 80:8000
- 443:443
volumes:
- static-data:/vol/static
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/www/:/var/www/certbot
NGINX conf 文件:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://example.com$request_uri;
}
location /static {
alias /vol/static;
}
}
server {
listen 443 ssl;
server_name example.com;
location / {
proxy_pass http://example.com;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
without creating ssl certificate, django app and nginx using docker works fine
While trying to install lets encrypt certificate with the following command, I run into this issue. what is being missed?
docker-compose -f docker-compose-deploy.yml run --rm certbot certonly --manual --webroot-path /var/www/certbot/ -d example.com
Following problem keeps persisting
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: example.com
Type: connection
Detail: Fetching http://example.com/.well-known/acme-challenge/bkNM7S88bVGypFpUHsnNdasfaRgA3GKqTGX2jciYD4H_I: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Docker-compose file looks like this:
proxy:
build:
context: ./proxy
restart: always
depends_on:
- app
ports:
- 80:8000
- 443:443
volumes:
- static-data:/vol/static
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/www/:/var/www/certbot
NGINX conf file :
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://example.com$request_uri;
}
location /static {
alias /vol/static;
}
}
server {
listen 443 ssl;
server_name example.com;
location / {
proxy_pass http://example.com;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Certbot 在
/var/www/中创建质询文件,不再在/var/www/certbot/中。我已经用这个配置解决了我的问题:
Docker-compose for
NginxandCertbot部分(命名卷):Command in
Certbot部分(webroot-path=/var/www):Certbot creates challenge files at
/var/www/not at/var/www/certbot/anymore.I have solved my problem with this config:
Docker-compose for
NginxandCertbotsection (named volume):Command in
Certbotsection (webroot-path=/var/www):错误消息表明加密服务器无法访问质询。端口 80 可能被您的路由器或一般网络(连接您的 Web 服务器的网络)阻止,无法从互联网访问。
关于你的配置本身,我不能透露太多。我之前没有手动做过。我有一个类似的用例,但我使用图像 nginxproxy/acme-companion (分别是旧版本 jrcs/letsencrypt-nginx-proxy-companion)。它有据可查且易于处理。大部分部分是自动发生的,尤其是 nginx 配置和证书刷新。
The error message indicate lets encrypt server can't access the challenge. Port 80 is maybe blocked by your router or the network in general, where your web server is connected, is not accessible from internet.
About your configuration itself, I can't tell much. I haven't it done before manually. I have a similar use case, but I use the image nginxproxy/acme-companion (respectively the legacy version jrcs/letsencrypt-nginx-proxy-companion). It is well documented and easy to handle. Most of the part is happen automatically, especially the nginx configuration and the cert refreshing.