Docker jrcs/letsencrypt-nginx-proxy-companion 没有生成正确的证书
Docker jrcs/letsencrypt-nginx-proxy-companion doesn't generate a proper certificate
我正在按照教程在 Ubuntu 服务器上使用 Docker 部署 Wordpress。教程在这个website.
值得一提的是,此时我已经有两个子域,一个用于 Wordpress 站点,另一个用于 phpMyAdmin 站点。
但是 letsencrypt 证书似乎没有正确生成。我可以通过 http 访问该网站,但不能通过 https,当我查看证书时,它看起来不正确。事实上,我的网站似乎没有。
为了让一切变得更简单,我创建了一个脚本来 运行 快速完成所有步骤:
#!/bin/bash
web_dir=/srv/www
myusername=root
domain_name=subdomain.domain.com
website_folder=/srv/www/$domain_name
nginx_proxy_repo=https://github.com/kassambara/nginx-multiple-https-websites-on-one-server
nginx_folder=/srv/www/nginx-multiple-https-websites-on-one-server/nginx-proxy
final_nginx_folder=/srv/www/nginx-proxy
echo ---INSTALL REQUIRED COMPONENTS----
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce docker-compose git
sudo systemctl status docker
echo ---CREATE AND GIVE PERMISSIONS TO WEBSITES DIR----
sudo mkdir -p $web_dir
# 2. set your user as the owner
sudo chown -R $myusername $web_dir
# 3. set the web server as the group owner
sudo chgrp -R www-data $web_dir
# 4. 755 permissions for everything
sudo chmod -R 755 $web_dir
# 5. New files and folders inherit
# group ownership from the parent folder
chmod g+s $web_dir
echo ---INSTALL NGINX PROXY----
git clone $nginx_proxy_repo $web_dir
rm -rf $web_dir/nginx-proxy/nginx.tmpl
curl -s https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > $web_dir/nginx-proxy/nginx.tmpl
cd $web_dir
rm -rf your-website-one.com your-website-two.com README.Rmd .gitignore .Rbuildignore .git README.md
echo ---INSTALL WORDPRESS----
cd $web_dir
git clone https://github.com/kassambara/wordpress-docker-compose $domain_name
echo ---CONFIGURE DOCKER COMPOSE FOR ONLINEHOST----
cd $website_folder
mv docker-compose-onlinehost.yml docker-compose.yml
echo ---FINAL TOUCHES----
cd $website_folder
vi ./setup-onlinehost.sh
chmod +x setup-onlinehost.sh && ./setup-onlinehost.sh
vi .env
vi docker-compose.yml
cd $final_nginx_folder
docker network create nginx-proxy
docker-compose up -d
cd $final_nginx_folder
cd vhost.d
echo "client_max_body_size 64M;" > $domain_name
cd $website_folder
docker-compose up -d --build
docker-compose -f docker-compose.yml -f wp-auto-config.yml run --rm wp-auto-config
当时机成熟时,我会像这样设置 setup-onlinehost.sh:
project_name="wordpress"
user_name="wordpress"
pass_word="wordpress"
email="mail@gmail.com"
website_title="My Blog"
website_url="https://subdomain.domain.com"
phmyadmin_url="sqlsubdomain.domain.com"
env_file=".env"
compose_file="docker-compose.yml"
然后我从 docker-compose.yml 文件中删除 redirectnonwww 容器,因为我不希望重定向 non-www 到 www 行为。
然后一切都完成后,我可以访问 http 上的网站,但不能访问 https 上的网站。当我尝试通过 https 访问它时,我收到一条关于 This connection is not private 的消息,此时证书似乎是错误的。
此外,如果我让我的浏览器继续访问我到达的网站 Nginx 500 Internal Server Error。
如果我查看 nginx-proxy/certs 的内容,我会看到列出了以下项目:
certs (folder)
default.crt
default.key
dhparam.pem
subdomain.domain.com (empty folder)
sqlsubdomain.domain.com (empty folder)
conf.d (folder)
docker-compose.yml
html
nginx.tmpl
vhost.d (folder)
subdomain.domain.com (file)
vhost.d/subdomain.domain.com的内容是:
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
client_max_body_size 64M;
我不确定我是否做错了什么,或者我是否应该做教程中未列出的其他事情。
问题似乎是我为这些特定域请求证书的次数。我多次尝试部署以弄清楚如何为部署服务器正确执行部署并编写正确版本的脚本,我多次请求两个特定域的证书。
我尝试了不同的域和子域后问题得到解决。
我正在按照教程在 Ubuntu 服务器上使用 Docker 部署 Wordpress。教程在这个website.
值得一提的是,此时我已经有两个子域,一个用于 Wordpress 站点,另一个用于 phpMyAdmin 站点。
但是 letsencrypt 证书似乎没有正确生成。我可以通过 http 访问该网站,但不能通过 https,当我查看证书时,它看起来不正确。事实上,我的网站似乎没有。
为了让一切变得更简单,我创建了一个脚本来 运行 快速完成所有步骤:
#!/bin/bash
web_dir=/srv/www
myusername=root
domain_name=subdomain.domain.com
website_folder=/srv/www/$domain_name
nginx_proxy_repo=https://github.com/kassambara/nginx-multiple-https-websites-on-one-server
nginx_folder=/srv/www/nginx-multiple-https-websites-on-one-server/nginx-proxy
final_nginx_folder=/srv/www/nginx-proxy
echo ---INSTALL REQUIRED COMPONENTS----
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce docker-compose git
sudo systemctl status docker
echo ---CREATE AND GIVE PERMISSIONS TO WEBSITES DIR----
sudo mkdir -p $web_dir
# 2. set your user as the owner
sudo chown -R $myusername $web_dir
# 3. set the web server as the group owner
sudo chgrp -R www-data $web_dir
# 4. 755 permissions for everything
sudo chmod -R 755 $web_dir
# 5. New files and folders inherit
# group ownership from the parent folder
chmod g+s $web_dir
echo ---INSTALL NGINX PROXY----
git clone $nginx_proxy_repo $web_dir
rm -rf $web_dir/nginx-proxy/nginx.tmpl
curl -s https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > $web_dir/nginx-proxy/nginx.tmpl
cd $web_dir
rm -rf your-website-one.com your-website-two.com README.Rmd .gitignore .Rbuildignore .git README.md
echo ---INSTALL WORDPRESS----
cd $web_dir
git clone https://github.com/kassambara/wordpress-docker-compose $domain_name
echo ---CONFIGURE DOCKER COMPOSE FOR ONLINEHOST----
cd $website_folder
mv docker-compose-onlinehost.yml docker-compose.yml
echo ---FINAL TOUCHES----
cd $website_folder
vi ./setup-onlinehost.sh
chmod +x setup-onlinehost.sh && ./setup-onlinehost.sh
vi .env
vi docker-compose.yml
cd $final_nginx_folder
docker network create nginx-proxy
docker-compose up -d
cd $final_nginx_folder
cd vhost.d
echo "client_max_body_size 64M;" > $domain_name
cd $website_folder
docker-compose up -d --build
docker-compose -f docker-compose.yml -f wp-auto-config.yml run --rm wp-auto-config
当时机成熟时,我会像这样设置 setup-onlinehost.sh:
project_name="wordpress"
user_name="wordpress"
pass_word="wordpress"
email="mail@gmail.com"
website_title="My Blog"
website_url="https://subdomain.domain.com"
phmyadmin_url="sqlsubdomain.domain.com"
env_file=".env"
compose_file="docker-compose.yml"
然后我从 docker-compose.yml 文件中删除 redirectnonwww 容器,因为我不希望重定向 non-www 到 www 行为。
然后一切都完成后,我可以访问 http 上的网站,但不能访问 https 上的网站。当我尝试通过 https 访问它时,我收到一条关于 This connection is not private 的消息,此时证书似乎是错误的。
此外,如果我让我的浏览器继续访问我到达的网站 Nginx 500 Internal Server Error。
如果我查看 nginx-proxy/certs 的内容,我会看到列出了以下项目:
certs (folder)
default.crt
default.key
dhparam.pem
subdomain.domain.com (empty folder)
sqlsubdomain.domain.com (empty folder)
conf.d (folder)
docker-compose.yml
html
nginx.tmpl
vhost.d (folder)
subdomain.domain.com (file)
vhost.d/subdomain.domain.com的内容是:
## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
client_max_body_size 64M;
我不确定我是否做错了什么,或者我是否应该做教程中未列出的其他事情。
问题似乎是我为这些特定域请求证书的次数。我多次尝试部署以弄清楚如何为部署服务器正确执行部署并编写正确版本的脚本,我多次请求两个特定域的证书。
我尝试了不同的域和子域后问题得到解决。