БЛОГ НА HUSL


Nginx не может найти сертификаты для https

Автор вопроса: Obi1o

Мне нужно перевести сайт с http на https, я получил ssl сертификат и он лежит в папке /etc/letsencrypt/live/brand-battles.ru/, но nginx его почему-то не может найти, хотя права у него есть, доступ я дал к этой папке и ей же дал максимальные права, но по логу он не может найти сертификаты.

Выглядит как будто nginx не видит том(volume) с сертификатом.

Прилагаю лог:

nginx-1    | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx-1    | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx-1    | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx-1    | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx-1    | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx-1    | /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
nginx-1    | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx-1    | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx-1    | /docker-entrypoint.sh: Configuration complete; ready for start up
nginx-1    | 2024/07/07 13:59:06 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/brand-battles.ru/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/brand-battles.ru/fullchain.pem, r) error:10000080:BIO routines::no such file)
certbot-1  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot-1  | Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
quiz       | info: Microsoft.Hosting.Lifetime[14]
quiz       |       Now listening on: http://[::]:8080
quiz       | info: Microsoft.Hosting.Lifetime[0]
quiz       |       Application started. Press Ctrl+C to shut down.
quiz       | info: Microsoft.Hosting.Lifetime[0]
quiz       |       Hosting environment: Development
quiz       | info: Microsoft.Hosting.Lifetime[0]
quiz       |       Content root path: /app
nginx-1 exited with code 0

docker-compose.yml:

version: '3.8'

networks:
  quiz-dev:
    driver: bridge

services:
  app:
    container_name: quiz
    build: .
    depends_on:
      - database
      - redis
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ConnectionStrings__Sql=Server=database,1433;Database=DataStoreDB;User Id=sa;Password=Fast192837465;TrustServerCertificate=True
      - Redis__ConnectionString=redis:6379
    expose:
      - "8080"
    networks:
      - quiz-dev

  database:
    container_name: mssql
    image: mcr.microsoft.com/mssql/server:2019-latest
    environment:
      SA_PASSWORD: "Fast192837465"
      ACCEPT_EULA: "Y"
    ports:
      - "1433:1433"
    networks:
      - quiz-dev
    volumes:
      - sqlserverdata:/var/opt/mssql

  nginx:
    image: nginx:latest
    ports:
      - "80:80"
      - "443:443"
    restart: always
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      - ./certbot/www/:/var/www/certbot/:ro
      -  /etc/letsencrypt/live/brand-battles.ru:/etc/nginx/ssl/live:ro
    depends_on:
      - app
    networks:
      - quiz-dev

  certbot:
    image: certbot/certbot:latest
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw
      - ./certbot/conf/:/etc/letsencrypt/:rw

  redis:
    image: "redis:alpine"
    ports:
      - "6379:6379"
    networks:
      - quiz-dev

volumes:
  sqlserverdata:

Nginx.conf:

server {
    listen 80;
    listen [::]:80;

    server_name brand-battles.ru;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        alias /var/www/certbot/.well-known/acme-challenge/;
        try_files $uri =404;
    }

    location / {
        return 301 https://brand-battles.ru$request_uri;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    server_name brand-battles.ru;

    ssl_certificate /etc/letsencrypt/live/brand-battles.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/brand-battles.ru/privkey.pem;


    location / {
        proxy_pass http://app:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /gameHub {
        proxy_pass http://app:8080/gameHub;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Я пробовал разными способами давать ссылку(напрямую, использую volumes), но ошибка остается той же. Во доказательство того, что сертификат и ключ на месте.

Я новичок и не сильно в этом разбираюсь.

Заранее спасибо!


Источник

Ответы (0 шт):

licensed under cc by-sa 3.0 with attribution.