我正在尝试使用LginEncrypt在nginx反向代理上为我的主页(www.myhomepage.com)设置SSL。我有一台没有运行SSL的主机用于测试代理到多个主机(www.myotherhomepagewithoutssl.com)。
反向代理和两台主机在三个独立的docker容器中运行。
我让两台主机都在没有SSL的情况下工作,但在尝试使用SSL时,加密的主机无效。 LetsEncrypt证书似乎正确设置/获取并保存在docker卷中。
我正在尝试关注并修改本教程以设置LetsEncrypt SSL加密: http://tom.busby.ninja/letsecnrypt-nginx-reverse-proxy-no-downtime/
尝试使用Firefox连接www.myhomepage.com下的SSL加密主机时出现此错误:
无法连接
www.myotherhomepagewithoutssl.com下的其他未加密主机有效。正如我上面所说,当我www.myhomepage.com设置没有SSL时(与www.myotherhomepagewithoutssl.com相同),它也可以访问。
我的完整设置如下所示,包括:
* reverse_proxy_testing.sh:用于清理,构建和启动容器的Bash脚本。
* compose_reverse_proxy.yaml:Docker-Compose文件。
* reverse_proxy.docker:用于使用nginx设置反向代理的Dockerfile。
* nginx.conf:反向代理的nginx配置文件。
我怀疑我的错误位于nginx.conf内的某处,但我找不到它。
非常感谢任何帮助!
nginx.conf :
worker_processes 1;
events { worker_connections 1024; }
http {
sendfile on;
server {
deny all;
}
upstream myhomepage {
server myhomepage_blog:80;
}
upstream docker-apache {
server apache:80;
}
server {
listen 80;
listen [::]:80;
server_name www.myhomepage.com myhomepage.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443;
server_name www.myhomepage.com myhomepage.com;
ssl_certificate /etc/letsencrypt/live/myhomepage.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myhomepage.com/privkey.pem;
location /.well-known {
root /var/www/ssl-proof/myhomepage.com/;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://myhomepage;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 900s;
}
}
server {
listen 80;
server_name www.myotherhomepagewithoutssl.com myotherhomepagewithoutssl.com;
location / {
proxy_pass http://docker-apache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
reverse_proxy.docker :
FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf
RUN mkdir -p /var/www/ssl-proof/myhomepage.com/.well-known
RUN apk update && apk add certbot
compose_reverse_proxy.yaml :
version: '3.3'
services:
reverseproxy:
image: reverseproxy
ports:
- 80:80
restart: always
volumes:
- proxy_letsencrypt_ssl_proof:/var/www/ssl-proof
- proxy_letsencrypte_certificates:/etc/letsencrypt
apache:
depends_on:
- reverseproxy
image: httpd:alpine
restart: always
myhomepage_blog:
image: wordpress
links:
- myhomepage_db:mysql
environment:
- WORDPRESS_DB_PASSWORD=somepassword
- VIRTUAL_HOST=myhomepage.com
volumes:
- myhomepage_code:/code
- myhomepage_html:/var/www/html
restart: always
myhomepage_db:
image: mariadb
environment:
- MYSQL_ROOT_PASSWORD=somepassword
- MYSQL_DATABASE=wordpress
volumes:
- myhomepage_dbdata:/var/lib/mysql
restart: always
volumes:
myhomepage_dbdata:
myhomepage_code:
myhomepage_html:
proxy_letsencrypt_ssl_proof:
proxy_letsencrypte_certificates:
reverse_proxy_testing.sh :
#!/bin/bash
docker rm testreverseproxy_apache_1 testreverseproxy_myhomepage_blog_1 testreverseproxy_myhomepage_db_1 testreverseproxy_reverseproxy_1
docker build -t reverseproxy -f reverse_proxy.docker .
docker-compose -f reverse_proxy_compose.yml up