我已按照以下建议的方法分离容器:https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion,方法是按照以下方式创建docker-compose.yml文件:
version: '3'
services:
nginx-proxy:
image: nginx
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:ro
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
nginx-gen:
image: jwilder/docker-gen
container_name: nginx-gen
command: -notify-sighup nginx -wait 5s:30s -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:ro
links:
- nginx-proxy
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
volumes:
- /path/to/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:rw
environment:
NGINX_DOCKER_GEN_CONTAINER: nginx-gen
ACME_CA_URI: https://acme-staging.api.letsencrypt.org/directory
links:
- nginx-proxy
volumes:
nginx-conf:
nginx-vhost:
nginx-html:
但是,在运行nginx-letsencrypt容器时,我收到以下错误:
$ docker logs nginx-letsencrypt
Sleep for 3600s
2017/04/26 18:19:37 Generated '/app/letsencrypt_service_data' from 9 containers
2017/04/26 18:19:37 Running '/app/update_certs'
2017/04/26 18:19:37 Watching docker events
Reloading nginx proxy (using separate container nginx-gen)...
Creating/renewal sandbox.graph.speakr.com certificates... (sandbox.graph.speakr.com)
2017/04/26 18:19:37 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
2017-04-26 18:19:38,011:INFO:simp_le:1211: Generating new account key
2017-04-26 18:19:40,038:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-04-26 18:19:40,875:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): letsencrypt.org
2017-04-26 18:19:41,748:INFO:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): sandbox.graph.speakr.com
2017-04-26 18:19:41,834:WARNING:simp_le:1303: sandbox.graph.speakr.com was not successfully self-verified. CA is likely to fail as well!
2017-04-26 18:19:41,949:INFO:simp_le:1313: Generating new certificate private key
2017-04-26 18:19:43,495:ERROR:simp_le:1271: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Is there a warning log entry about unsuccessful self-verification? Are all your domains accessible from the internet? Failing authorizations: https://acme-staging.api.letsencrypt.org/acme/authz/iAD9-HSmyVGb_kHwt0aLDRQHycIJzT3JooxEOTiTp48
Challenge validation has failed, see error log.
Debugging tips: -v improves output verbosity. Help is available under --help.
Sleep for 3600s
另外(这里我不太清楚我应该看到什么):
$ ls -r ssl
total 8
drwxr-xr-x 2 root root 4096 Apr 26 06:04 sandbox.graph.speakr.com/
-rw-r--r-- 1 root root 424 Apr 26 06:04 dhparam.pem
显示沙盒目录为空
我从这篇文章中看到:https://github.com/dmp1ce/nginx-proxy-letsencrypt/issues/18有类似的问题(我看不到解决方案)但我的情况非常简单
这可能是什么问题?
- 相关信息 -
Docker版本17.03.0-ce,build 3a232c8
docker-compose版本1.11.2,build dfed245
Linux ip-10-0-3-113 4.4.0-72-generic#93-Ubuntu SMP Fri 3月31日 14:07:41 UTC 2017 x86_64 x86_64 x86_64 GNU / Linux
jrcs / letsencrypt-nginx-proxy-companion(image): “Created”:“2017-04-21T12:22:44.384018601Z”
答案 0 :(得分:2)
好吧,有一件事我注意到我已经为nginx-letsencrypt的证书安装了两次路径(示例中有一个剩余的条目)。我解决了这个问题,但没有帮助
修复似乎是删除卷并重新添加它们。有些东西很奇怪,也许是按照我运行容器的顺序,或者所有的实验。所以我继续前进,但我不确定我知道问题是什么
$ docker volume rm nginx-conf nginx-vhost nginx-html