Docker的nginx错误:openssl:找不到命令
我使用nginx作为代理来转发请求到其他组件(服务器)。
包括nginx在内的每个组件都是作为docker容器实现的,也就是说,我有一个'nginx-proxy','dashboard-server','backend-server'(REST API)和'landing-server'(着陆页) 。 后面的3个组件都是NodeJS Express服务器,并且在我使用命令docker-compose build时正常工作,没有任何错误,但是当我用docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d启动容器时docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d NodeJS容器工作正常,但是nginx容器使用docker-compose logs nginx-proxy给了我这个错误docker-compose logs nginx-proxy :
Attaching to docker_nginx-proxy_1 nginx-proxy_1 | /start.sh: line 5: openssl: command not found nginx-proxy_1 | Creating dhparams…\c nginx-proxy_1 | ok nginx-proxy_1 | Starting nginx… nginx-proxy_1 | 2017/08/23 23:27:20 [emerg] 6#6: BIO_new_file(“/etc/letsencrypt/live/admin.domain.com/fullchain.pem”) failed (SSL: error:02001002:system library:fopen:No such file or directory: fopen('/etc/letsencrypt/live/admin.domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx-proxy_1 | nginx: [emerg] BIO_new_file(“/etc/letsencrypt/live/admin.domain.com/fullchain.pem”) failed (SSL: error:02001002:system library:fopen: No such file or directory:fopen('/etc/letsencrypt/live/admin.domain.com/fullchain.pem','r')error:2006D080:BIO routines:BIO_new_file:no such file)
我正在使用Lets Encrypt SSL证书,但是命令certbot certonly --webroot -w /var/www/letsencrypt -d admin.domain.com -d api.domain.com -d www.domain.com -d domain.com导致错误连接拒绝,因为nginx服务器没有开始处理请求。
我的nginx Dockerfile (nginx-proxy / Dockerfile):
FROM nginx:1.12 COPY start.sh /start.sh RUN chmod u+x /start.sh COPY conf.d /etc/nginx/conf.d COPY sites-enabled /etc/nginx/sites-enabled ENTRYPOINT ["/start.sh"]
我的start.sh文件(nginx-proxy / start.sh):
#!/bin/bash if [ ! -f /etc/nginx/ssl/dhparam.pem ]; then echo "Creating dhparams…\c" openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 echo "ok" fi echo "Starting nginx…" nginx -g 'daemon off;
我的default.conf文件(nginx-proxy / conf.d / default.conf):
include /etc/nginx/sites-enabled/*.conf;
我的api.conf文件(其他类似)(nginx-proxy / sites-enabled / api.conf):
server { listen 80; server_name api.domain.com; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/letsencrypt; } location = /.well-known/acme-challenge/ { return 404; } return 301 https://$host$request_uri; } server { listen 443; server_name api.domain.com; ssl on; ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:1m; ssl_dhparam /etc/nginx/ssl/dhparam.pem; client_max_body_size 0; chunked_transfer_encoding on; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/letsencrypt; } location = /.well-known/acme-challenge/ { return 404; } location / { proxy_read_timeout 900; proxy_pass_header Server; proxy_cookie_path ~*^/.* /; proxy_pass http://backend-server:3000; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; } }
有任何想法吗?
我find了解决scheme。
在我的nginx Dockerfile中,我不得不使用
FROM nginx:1.12-alpine RUN apk update \ && apk add openssl ...
然后openssl命令正常工作。
起初 ,你可以尝试在openssl行编辑你的start.sh文件到/usr/bin/openssl 。 /usr/bin/openssl存在?
其次 , /etc/letsencrypt/live/api.domain.com/fullchain.pem在/etc/letsencrypt/live/api.domain.com/fullchain.pem和/etc/letsencrypt/live/api.domain.com/privkey.pem文件存在之前,您的nginx服务器才会启动。
所以删除或注释处理443端口的所有服务器块,保留处理80端口的服务器块。 你的api.conf会变成这样:
server { listen 80; server_name api.domain.com; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/letsencrypt; } location = /.well-known/acme-challenge/ { return 404; } return 301 https://$host$request_uri; }
然后启动您的nginx服务器,然后重新安装让我们encryption证书。