526互联

Docker nginx 配置 SSL 证书 cannot load certificate

发布时间 2023-09-11 12:05:04作者: valeb
错误原因分析:
cannot load certificate "/etc/nginx/test.com.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/test.com.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

有很多博客写的是权限 问题! 当然,权限可能只是其一,但问题的本质不是这个。

Nginx  在DOCKER 内,要配置  SSL 证书 , 配置后出现这个问题,查了一天,终是无用。
后思索分析:

Nginx 在 Docker 内 。  配置应该 在 nginx 的容器里,而不是宿主机!!!

故将 SSL 证拷入容器配置后就OK 了! 

最后  将SSL 证书目录  挂载到 nginx 上,配置改用 nginx  内部的文件目录,就OK 。
docker run -p 80:80 -p 433:433 \
-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /etc/nginx/logs:/var/log/nginx \
-v /etc/nginx/html:/usr/share/nginx/html \
-v /etc/nginx/conf:/etc/nginx/conf.d \
-v /etc/certs:/certs \  --- /etc/certs  宿主机SSL 存放目录 ,-- Nginx 容器内存放目录 /certs

-v /etc/localtime:/etc/localtime \ --name nginx \ --restart=always \ -d nginx:latest
seserver { 
		listen 		443 ssl;
		server_name ~^(?<subdomain>.+).test.com$;
		client_max_body_size 10M;
		ssl_certificate      /certs/test.com.pem;
        ssl_certificate_key  /certs/test.com.key;  
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5000m;  
        ssl_prefer_server_ciphers  on; 
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;   
        location / {  
		    proxy_set_header Host $host; 
            proxy_set_header X-Real-IP $remote_addr; 
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
            proxy_redirect   off; 
            proxy_set_header X-Forwarded-Proto $scheme; 
			add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';  
			if ($subdomain ~* "nexus") {   
               proxy_pass http://nexus_ssl;     
            } 
        }  
    }