无法在docker nginx容器上配置https,始终报告超时

时间:2017-05-30 07:33:52

标签: ssl nginx docker

OS:

LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:    CentOS Linux release 7.3.1611 (Core)
Release:    7.3.1611
Codename:   Core

Docker版本:

Client:
 Version:      17.03.1-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Mon Mar 27 17:05:44 2017
 OS/Arch:      linux/amd64

服务器:

 Version:      17.03.1-ce
 API version:  1.27 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Mon Mar 27 17:05:44 2017
 OS/Arch:      linux/amd64
 Experimental: false

Nginx图像是官方图像(最新)

[root@iZ2zea8ff3mfutp3knnkyyZ ~]# docker images
 REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
 nginx               latest              3448f27c273f        2 weeks ago         109 MB

运行nginx的命令:

docker run -d -p 80:80 -p 443:443 --network=stone --ip=172.18.0.10 --name nginx -v /var/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro -v /var/nginx/conf/vhosts:/etc/nginx/conf.d:ro -v /var/nginx/conf/certs:/etc/nginx/certs:ro -v /var/nginx/www:/usr/share/nginx:rw -v /var/nginx/log:/var/log/nginx:rw nginx

我将证书和私钥存储在/ var / nginx / conf / certs中,并在运行nginx映像时挂载它,https证书是"扩展域名" (例如:* .domain.com)

nignx配置文件

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

ssl_certificate     certs/1_domain.com_bundle.crt;
ssl_certificate_key certs/2_domain.com.key;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;

server_name         testfrontend.domain.com;
root /usr/share/nginx/html;

index index.php index.html index.htm;

access_log  /var/log/nginx/access.log;
error_log   /var/log/nginx/error.log debug;

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
 location ~ \.php$ {
    fastcgi_pass   172.18.0.11:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
 }

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.well-known {
    allow  all;
}
}

那就是它,但当我访问" testfrontend.domain.com"使用Chrome,它总是报告超时。

我也用wget来测试它。仍然报告超时。

我检查了acccess.log和error.log

access.log为空。

我将error.log的级别转为调试。 以下是它记录的信息

2017/05/30 00:40:28 [notice] 1#1: using the "epoll" event method
2017/05/30 00:40:28 [notice] 1#1: nginx/1.13.0
2017/05/30 00:40:28 [notice] 1#1: built by gcc 6.3.0 20170205 (Debian 6.3.0-6)
2017/05/30 00:40:28 [notice] 1#1: OS: Linux 3.10.0-514.10.2.el7.x86_64
2017/05/30 00:40:28 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 65536:65536
2017/05/30 00:40:28 [notice] 1#1: start worker processes
2017/05/30 00:40:28 [notice] 1#1: start worker process 7

1 个答案:

答案 0 :(得分:1)

我已经搞清楚了,我犯了一个愚蠢的错误,我在中国使用ALiYun服务器,除了安装在服务器上的防火墙外,还有另一个叫做安全策略的防火墙,我应该打开它上面的443端口,不幸的是我不是。好的,这就是原因。感谢大家。希望这可以帮助别人。

相关问题
最新问题