Docker jwilder/nginx-proxy 和 letencrypt 伴随 ACME 错误
[英]Docker jwilder/nginx-proxy and letsencrypt companion ACME Error
问题描述
I trying to set up, what I believe to be a fairly simple site using nginx-proxy and docker-letsencrypt-nginx-proxy-companion to create an https secured site.
我试图建立一个我认为相当简单的站点,使用nginx-proxy和docker-letsencrypt-nginx-proxy-companion创建一个 https 安全站点。 I have read https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Invalid-authorizations.md , and enabled debug.我已阅读https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Invalid-authorizations.md并启用调试。 The relevant portion of my logs are below:我的日志的相关部分如下:
2020-05-18 18:10:07,185:DEBUG:acme.client:1102: Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/57595483:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMzc0Mjk5NiIsICJub25jZSI6ICIwMDAxYVJ5MlZEYUxTMDRZY
XJjLUY0TnVMc2VzaV9IalFpREdfWWJZbDE2UFVRNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81NzU5NTQ4MyJ9",
"signature": "HBZ-2lgBLzBAnoiFhStjMACkpw7bAB1Xenb4msUoFYLAAXUQXoXcibKYiOm9SKTKdHaQ3I8vOWsmKbUtLGXTLdNNrH5aSbCCeIEcfZGNJtg5-5M0gExvv_ch7l6AxLBwZ4dPeDWvILCubs5YH-g03otRt8LOL
4hqmj_FwIxtlHt-FWuOup3eMWMbYaUx1jOaHRsXc9uOgYz8I9STPP3qkA6COnP3hGoCTDZfMX8M2RQfHd0f-bJJYXo-I32wyhvVcWlMr5PwDy6f8hi6sQYJ_8q8jTQLIf-AbXEduaAZmoogdE73shBh1lHW0-ocrLXhdayxVpAk1v
CY8P1R5E7-_PUhB-GgVecBzo0jKR-TE2C-WN92pM8_9TXnQgq3GOvCnqOv8ZFpuuFVL8uBIYHS5WIvpCf7PQ7jSWMBz_v73QVMaiWs2ZTMxUL40kdBFVbj-he9Z1Ydeu5252QdZK6aLF4AnNsCUfuyeunms1J4ojn_EF_0lxqp3DB
rRNT2d-pbLKcVXFl6Abw7t9zGXHKa52__e162jdTedC-4msq18qblHisgzsCYtSFxva7mYEodIQTF9pdjtYAzmOBc6OX9AN9VB1j-rpv45Q6OZkX7jf5fH6C20mEpjRxLGRDue4VxA6RsTumKmeeVXFI1UtmzJa8DTB8QijYIcelA
VK1AVnI",
"payload": ""
}
2020-05-18 18:10:07,248:DEBUG:urllib3.connectionpool:437: https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/57595483 HTTP/1.1" 200 1301
2020-05-18 18:10:07,250:DEBUG:acme.client:1145: Received response:
HTTP 200
Server: nginx
Date: Mon, 18 May 2020 18:10:07 GMT
Content-Type: application/json
Content-Length: 1301
Connection: keep-alive
Boulder-Requester: 13742996
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00023X_fu6szDFRU3VHPGyDMdgLUl3tqlUVg5Bmbc-CFeU4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mydomain"
},
"status": "invalid",
"expires": "2020-05-25T18:10:05Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://mydomain/.well-known/acme-challenge/NhRLAy2VcaZrjbhwSzVcE2DmUZMA42G5fQnzGIiW7do [161.35.99.16]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx/1.17.6\u003c/ce\"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/57595483/1s01Qw",
"token": "NhRLAy2VcaZrjbhwSzVcE2DmUZMA42G5fQnzGIiW7do",
"validationRecord": [
{
"url": "http://mydomain/.well-known/acme-challenge/NhRLAy2VcaZrjbhwSzVcE2DmUZMA42G5fQnzGIiW7do",
"hostname": "mydomain",
"port": "80",
"addressesResolved": [
"myip"
],
"addressUsed": "myip"
}
]
}
]
}
2020-05-18 18:10:07,253:DEBUG:acme.client:1170: Storing nonce: 00023X_fu6szDFRU3VHPGyDMdgLUl3tqlUVg5Bmbc-CFeU4
2020-05-18 18:10:07,254:ERROR:simp_le:1396: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-chall
enge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your ho
st's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge v
alidation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.
org/docs/caa/). Failing authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/57595483
2020-05-18 18:10:07,258:INFO:simp_le:396: Saving account_key.json
2020-05-18 18:10:07,259:INFO:simp_le:396: Saving account_reg.json
2020-05-18 18:10:07,260:DEBUG:simp_le:1098: Removing validation file at /usr/share/nginx/html/.well-known/acme-challenge/NhRLAy2VcaZrjbhwSzVcE2DmUZMA42G5fQnzGIiW7do
Challenge validation has failed, see error log.
My docker-compose.yml is as below:我的 docker-compose.yml 如下:
version: '3.7'
services:
nginx-reverse-proxy:
image: jwilder/nginx-proxy:alpine
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "${CONFIG}/nginx/certs:/etc/nginx/certs:ro"
- "${CONFIG}/nginx/vhost.d:/etc/nginx/vhost.d"
- "${CONFIG}/nginx/nginx_proxy.conf:/etc/nginx/conf.d/nginx_proxy.conf:ro"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
environment:
- "DEFAULT_HOST=${DOMAIN}.${TOP_LEVEL_DOMAIN}"
- "DHPARAM_GENERATION=false"
tty: true
restart: unless-stopped
letsencrypt-sidecar:
image: jrcs/letsencrypt-nginx-proxy-companion:v1.12.1
volumes:
- "${CONFIG}/nginx/certs:/etc/nginx/certs"
- "${CONFIG}/nginx/vhost.d:/etc/nginx/vhost.d"
- "${CONFIG}/nginx/nginx_proxy.conf:/etc/nginx/conf.d/nginx_proxy.conf"
- "${SITE}:/usr/share/nginx/html"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
environment:
- "DEFAULT_EMAIL=info@${DOMAIN}.${TOP_LEVEL_DOMAIN}"
- "NGINX_PROXY_CONTAINER=nginx-proxy"
- "DEBUG=true"
- "ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory"
tty: true
restart: unless-stopped
nginx-defaultsite:
image: nginx:1.18.0-alpine
volumes:
- "${SITE}:/usr/share/nginx/html:ro"
environment:
- "VIRTUAL_HOST=${DOMAIN}.${TOP_LEVEL_DOMAIN}"
- "LETSENCRYPT_HOST=${DOMAIN}.${TOP_LEVEL_DOMAIN}"
- "LETSENCRYPT_EMAIL=info@${DOMAIN}.${TOP_LEVEL_DOMAIN}"
restart: unless-stopped
I have confirmed that the files are created correctly in both letsencrypt-sidecar and nginx-defaultsite with the below:我已经确认在letsencrypt-sidecar和nginx-defaultsite正确创建了以下文件:
docker exec -it letsencrypt-sidecar bash -c 'echo "Hello world!" > /usr/share/nginx/html/.well-known/acme-challenge/hello-world'
docker exec -it letsencrypt-sidecar /bin/bash bash -c 'cat /usr/share/nginx/html/.well-known/acme-challenge/hello-world'
docker exec -it nginx-defaultsite /bin/bash bash -c 'cat /usr/share/nginx/html/.well-known/acme-challenge/hello-world'
But when I attempt going to http://mydomiain/.well-known/acme-challenge/hello-world I get a 404.但是当我尝试访问http://mydomiain/.well-known/acme-challenge/hello-world我得到了 404。
Any insight into what I could be doing wrong would be greatly appreciated.对我可能做错的任何见解将不胜感激。 I feel like I'm just missing one key component,...我觉得我只是缺少一个关键组件,...
1 个解决方案
解决方案1
0 2020-05-26 18:13:40
The issue was not mounting the /usr/share/nginx/html folder on the nginx-reverse proxy image.问题不是在 nginx 反向代理映像上安装/usr/share/nginx/html文件夹。 I was able to triple mount the site directory between all the services, and it worked.我能够在所有服务之间三次安装站点目录,并且它工作正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
jwilder/nginx-proxy 和 jrcs/letsencrypt-nginx-proxy-companion 后面的 docker 中的 gitea - gitea in docker behind jwilder/nginx-proxy and jrcs/letsencrypt-nginx-proxy-companion
Docker + jwilder/nginx-proxy + jwilder/docker-gen + jrcs/letsencrypt-nginx-proxy-companion + php:7-fpm + wordpress:fpm - Docker + jwilder/nginx-proxy + jwilder/docker-gen + jrcs/letsencrypt-nginx-proxy-companion + php:7-fpm + wordpress:fpm
docker:jwilder/nginx-proxy 后面的 seafile - docker: seafile behind jwilder/nginx-proxy
Docker jwilder / nginx-proxy位置配置 - Docker jwilder/nginx-proxy location configuration
docker 和 jwilder/nginx-proxy http/https 问题 - docker and jwilder/nginx-proxy http/https issue
在jwilder / nginx-proxy Docker容器中重写URL - Rewrite URL in jwilder/nginx-proxy Docker container
Docker - 如何通过 jwilder nginx-proxy 公开端口? - Docker - how to expose port thru jwilder nginx-proxy?
使用jwilder / nginx-proxy的wordpress:fpm出现502错误 - 502 error with wordpress:fpm using jwilder/nginx-proxy
隔离jwilder / nginx-proxy网络上的容器 - Isolate containers on the jwilder/nginx-proxy network
jwilder/nginx-proxy 与 cloudflare SSL 没有 - jwilder/nginx-proxy with cloudflare SSL doesnt
相关标签