标签:load certificate ssl etc header nginx proxy SSL
错误原因分析:
cannot load certificate "/etc/nginx/test.com.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/test.com.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
有很多博客写的是权限 问题! 当然,权限可能只是其一,但问题的本质不是这个。
Nginx 在DOCKER 内,要配置 SSL 证书 , 配置后出现这个问题,查了一天,终是无用。
后思索分析:
Nginx 在 Docker 内 。 配置应该 在 nginx 的容器里,而不是宿主机!!!
故将 SSL 证拷入容器配置后就OK 了!
最后 将SSL 证书目录 挂载到 nginx 上,配置改用 nginx 内部的文件目录,就OK 。
docker run -p 80:80 -p 433:433 \
-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf \
-v /etc/nginx/logs:/var/log/nginx \
-v /etc/nginx/html:/usr/share/nginx/html \
-v /etc/nginx/conf:/etc/nginx/conf.d \
-v /etc/certs:/certs \ --- /etc/certs 宿主机SSL 存放目录 ,-- Nginx 容器内存放目录 /certs
-v /etc/localtime:/etc/localtime \ --name nginx \ --restart=always \ -d nginx:latest
seserver {
listen 443 ssl;
server_name ~^(?<subdomain>.+).test.com$;
client_max_body_size 10M;
ssl_certificate /certs/test.com.pem;
ssl_certificate_key /certs/test.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5000m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($subdomain ~* "nexus") {
proxy_pass http://nexus_ssl;
}
}
}
标签:load,
certificate,
ssl,
etc,
header,
nginx,
proxy,
SSL
From: https://www.cnblogs.com/valeb/p/17693186.html