我正在使用此示例存储库 -
https://github.com/umputun/nginx-le
使用letsencrypt从Nginx创建docker镜像。 现在,我收到以下错误 -
PEM_read_bio_X509_AUX("/etc/nginx/ssl/") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/ssl/") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
当我尝试测试我的nginx配置时。 现在,正如上面的github repo所述,我在Dockerfile中有这个 -
FROM nginx:stable-alpine
ADD conf/nginx.conf /etc/nginx/nginx.conf
ADD conf/service.conf /etc/nginx/conf.d/service.conf
RUN rm -rf /usr/share/nginx/html/*
COPY --from=builder /usr/build/app/dist /usr/share/nginx/html
ADD script/entrypoint.sh /entrypoint.sh
ADD script/le.sh /le.sh
RUN \
rm /etc/nginx/conf.d/default.conf && \
chmod +x /entrypoint.sh && \
chmod +x /le.sh && \
apk add --update certbot tzdata openssl && \
rm -rf /var/cache/apk/*
CMD ["/entrypoint.sh"]
-----更新了Dockerfile ---------
FROM nginx:latest
RUN curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
RUN apt-get install -y nodejs
RUN apt-get install -y build-essential
RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update -y && sudo apt-get install -y yarn
RUN mkdir -p /usr/build
WORKDIR /usr/build
COPY package.json .
#COPY package-lock.json .
COPY bower.json .
COPY .bowerrc .
RUN npm install --quite
RUN npm install -g gulp bower --quite
RUN bower install --allow-root
RUN mkdir /usr/build/app
RUN cp -R /usr/build/node_modules /usr/build/app
RUN cp -R /usr/build/bower_components /usr/build/app
RUN cp -R /usr/build/*.json /usr/build/app/
RUN cp /usr/build/.bowerrc /usr/build/app/
COPY src /usr/build/app
RUN mkdir /usr/build/app/gulp
ADD gulp/* /usr/build/app/gulp/
ADD gulpfile.js /usr/build/app
WORKDIR /usr/build/app
RUN ls -al .
RUN rm -rf /usr/build/app/dist
RUN mkdir /usr/build/app/dist
RUN gulp build
RUN ls -al /usr/build/app
#RUN yum -y install nodejs
#RUN yum install gcc-c++ make
ADD conf/nginx.conf /etc/nginx/nginx.conf
#ADD conf/service.conf /etc/nginx/conf.d/service.conf
RUN rm -rf /usr/share/nginx/html/*
RUN ls -al /usr/share/nginx/ && ls -al /usr/share/nginx/html/ && ls -al /usr/build/app/dist/
RUN mv /usr/build/app/dist/* /usr/share/nginx/html/
#ADD script/entrypoint.sh /entrypoint.sh
#ADD script/le.sh /le.sh
RUN rm /etc/nginx/conf.d/default.conf && \
chmod +x /entrypoint.sh
CMD ["/entrypoint.sh"]
现在,它成功到达entrypoint.sh&我已经检查了我的nginx webroot中的文件是否与conf一起被复制。
-------更新的问题---------
所以,我认为它没有创建ssh密钥,因为它无法生成任何html文件作为“gulp build:dev”命令&的一部分。因此 抛出一个错误。所以我更新了我的入口点以删除现在加密和&只运行像这样的nginx conf -
#!/bin/sh
echo "start nginx"
export TZ="America/Chicago"
cp /usr/share/zoneinfo/${TZ} /etc/localtime && echo ${TZ} > /etc/timezone
echo "ssl_key=${SSL_KEY:=le-key.pem}, ssl_cert=${SSL_CERT:=le-crt.pem}, ssl_chain_cert=${SSL_CHAIN_CERT:=le-chain-crt.pem}"
SSL_KEY=/etc/nginx/ssl/${SSL_KEY}
SSL_CERT=/etc/nginx/ssl/${SSL_CERT}
SSL_CHAIN_CERT=/etc/nginx/ssl/${SSL_CHAIN_CERT}
mkdir -p /etc/nginx/conf.d
mkdir -p /etc/nginx/ssl
#copy /etc/nginx/service*.conf if any of servcie*.conf mounted
if [ -f /etc/nginx/nginx*.conf ]; then
cp -fv /etc/nginx/nginx*.conf /etc/nginx/conf.d/
fi
#replace SSL_KEY, SSL_CERT and SSL_CHAIN_CERT by actual keys
ls -al /etc/nginx/conf.d
#sed -i "s|SSL_KEY|${SSL_KEY}|g" /etc/nginx/conf.d/*.conf
#sed -i "s|SSL_CERT|${SSL_CERT}|g" /etc/nginx/conf.d/*.conf
#sed -i "s|SSL_CHAIN_CERT|${SSL_CHAIN_CERT}|g" /etc/nginx/conf.d/*.conf
#generate dhparams.pem
if [ ! -f /etc/nginx/ssl/dhparams.pem ]; then
echo "make dhparams"
cd /etc/nginx/ssl
openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem
fi
#disable ssl configuration and let it run without SSL
mv -v /etc/nginx/conf.d /etc/nginx/conf.d.disabled
(
sleep 5 #give nginx time to start
echo "start letsencrypt updater"
while :
do
echo "trying to update letsencrypt ..."
# /le.sh
rm -f /etc/nginx/conf.d/default.conf 2>/dev/null #remove default config, conflicting on 80
mv -v /etc/nginx/conf.d.disabled /etc/nginx/conf.d #enable
echo "reload nginx with ssl"
ls -al /etc/nginx/ssl
echo "key contents are - "
cat /etc/nginx/ssl/dhparams.pem
nginx -t
nginx -s reload
sleep 60d
done
) &
nginx -g "daemon off;"
所以,在我测试nginx配置的最后脚本中,它给出了以下错误 -
- - - - - - - - 更新 所以,现在我收到了这个错误 -
Step 38/40 : RUN mv /usr/build/app/dist/* /usr/share/nginx/html/
---> Running in 9f59c1d5cb90
mv: cannot stat '/usr/build/app/dist/*': No such file or directory
The command '/bin/sh -c mv /usr/build/app/dist/* /usr/share/nginx/html/' returned a non-zero code: 1
gulp build:dev
命令的日志是 -
---> Running in 1acca8373940
[14:40:09] Using gulpfile /usr/build/app/gulpfile.js
[14:40:09] Starting 'scripts'...
[14:40:09] Starting 'styles'...
[14:40:09] Starting 'fonts-dev'...
[14:40:10] Starting 'other-dev'...
[14:40:10] Finished 'scripts' after 1.14 s
[14:40:10] Finished 'styles' after 1.13 s
[14:40:10] Starting 'inject'...
[14:40:10] Finished 'other-dev' after 39 ms
[14:40:10] Finished 'inject' after 29 ms
[14:40:10] Starting 'html-dev'...
[14:40:10] Finished 'html-dev' after 288 ms
[14:40:11] Finished 'fonts-dev' after 2.44 s
[14:40:11] Starting 'build:dev'...
[14:40:11] Finished 'build:dev' after 123 μs
Removing intermediate container 1acca8373940
这表明gulp构建成功但仍然在这一步 -
Step 34/40 : RUN ls -al /usr/build/app/dist
---> Running in c141120c29dc
total 8
drwxr-xr-x 2 root root 4096 Apr 27 14:35 .
drwxr-xr-x 1 root root 4096 Apr 27 14:35 ..
Removing intermediate container c141120c29dc
我在dist目录中没有得到任何东西。任何调试建议,解决这个问题?
任何人都可以帮我找/调试/解决这个问题吗?