gpt4 book ai didi

docker - 如何解决 Dockerized 反向代理后面的 LetsEncrypt/Certbot 404?

转载 作者:太空宇宙 更新时间:2023-11-03 13:05:16 29 4
gpt4 key购买 nike

我在 Docker 的反向代理后面有几个 Web 域...作为上下文,这里是 docker-compose.yml 的片段:

version: '2'

services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginxREVERSE
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro

site1:
container_name: 'nginxsite1'
image: nginx:latest
volumes:
- ./sites-available/site1.com/index.html:/usr/share/nginx/html/index.html
- ./sites-available/site1.com/nginx.conf:/etc/nginx/conf.d/default.conf
ports:
- 8080:80
environment:
- VIRTUAL_HOST=site1.com,www.site1.com
- VIRTUAL_PORT:80
- VIRTUAL_PORT:443

site2:
container_name: 'nginxsite2'
image: nginx:latest
volumes:
- ./sites-available/site2.com/index.html:/usr/share/nginx/html/index.html
ports:
- 8082:80
environment:
- VIRTUAL_HOST=site2.com,www.site2.com
- VIRTUAL_PORT:80

这在我的浏览器中完美运行。我可以转到 site1.com/www.site1.com 或 site2.com/www.site2.com,然后通过代理转到正确的 Index.html 页面。

Site1.com 的 nginx.conf 文件:

server {
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;

location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}

root /usr/share/nginx/html;
index index.html;
}

我正在使用此命令在 docker 中运行 Certbot:

sudo docker run -it --rm \
-v /docker-volumes/etc/letsencrypt:/etc/letsencrypt \
-v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt \
-v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt \
-v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" \
certbot/certbot \
certonly --webroot \
--register-unsafely-without-email --agree-tos \
--webroot-path=/data/letsencrypt \
--staging \
-d site1.com -d www.site1.com

当我直接从路由器转发到 site1.com 容器时,上面的工作正常。

当我转发到反向代理时,我从 Certbot 收到这个 404 错误:

Failed authorization procedure. site1.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorizatin :: Invalid response from http://site1.com/.well-known/acme-challenge/x05mYoqEiWlrRFH9ye6VZfEiX-mlwEffVt2kP3twoOU: "<html>\r\n<head><ttle>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.5</ce", www.site1.com (ttp-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.site1/.well-known/acme-challenge/AIDgGYg1WiQRm4-dOVK6fV8-vKqR940nLPzT9poFUZA: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.5</ce"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: site1.com
Type: unauthorized
Detail: Invalid response from
http://site1.com/.well-known/acme-challenge/x05mYoqEiWlrRFH9ye6VZfEiX-mlwEOU:
"<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.15.5</ce"

Domain: www.site1.com
Type: unauthorized
Detail: Invalid response from
http://www.site1.com/.well-known/acme-challenge/AIDgGYg1WiQRm4-dOVK6fV8-poFUZA:
"<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.15.5</ce"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

我缺少什么允许我从我的浏览器访问反向代理背后的网站但不允许 Cerbot?

最佳答案

您 Site1.com 的 nginx.conf 文件中的质询位置与 certbot 选项 --webroot-path 不匹配。这是因为您收到 404 错误。

接下来是一个可能的更正。

Site1.com 的 nginx.conf 文件:

server {
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;

location ~ /.well-known/acme-challenge {
alias /usr/share/nginx/html;
try_files $uri =404;
}

root /usr/share/nginx/html;
index index.html;
}

docker 中的 Certbot 使用此命令:

sudo docker run -it --rm \
-v /docker-volumes/etc/letsencrypt:/etc/letsencrypt \
-v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt \
-v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt \
-v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" \
certbot/certbot \
certonly --webroot \
--register-unsafely-without-email --agree-tos \
--webroot-path=/usr/share/nginx/html \
--staging \
-d site1.com -d www.site1.com

关于docker - 如何解决 Dockerized 反向代理后面的 LetsEncrypt/Certbot 404?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52885499/

29 4 0
文章推荐: node.js - SocketIO 在自签名证书上抛出 net::ERR_CERT_AUTHORITY_INVALID
文章推荐: c# - 将 IQueryable 分配给 IQueryable 时出现编译错误