我正在尝试使用Django-Cookiecutter和docker设置本地HTTPS开发环境。我按照文档使用mkcert;然而,我意识到需要额外的NGINX配置才能使.pem文件工作。在配置了我认为正确的设置之后,我现在遇到了来自NGINX的以下错误:
nginx.1 | 2023/05/24 20:56:23 [error] 37#37: *1 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 172.19.0.1, server: 0.0.0.0:443
nginx.1 | 2023/05/24 20:56:23 [error] 42#42: *2 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 172.19.0.1, server: 0.0.0.0:443
nginx.1 | 2023/05/24 20:56:23 [error] 40#40: *3 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 172.19.0.1, server: 0.0.0.0:443
nginx.1 | 2023/05/24 20:56:23 [error] 39#39: *4 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 172.19.0.1, server: 0.0.0.0:443我已经花了10个小时的大部分时间试图找出如何解决这个问题,并已达到旋转我的车轮的地步。我尝试过的每一个建议都没有改变我的问题,我已经用尽了我认为相关的主题。
目前为止我尝试过的方法(非详尽):
- 无数次重新创建证书/密钥文件
- 安装和重新安装
mkcert无数次 - 重建我的docker compose无数次
- 编辑、简化、测试了太多的NGINX配置
- 从一个空白项目开始
以下是项目的相关部分:
nginx.conf(当前配置)
server {
listen 80;
server_name localhost;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/certs/localhost.pem;
ssl_certificate_key /etc/nginx/certs/localhost-key.pem;
location / {
proxy_pass http://django:8000; # name of django docker container
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}- 注意:这是由于NGINX不会自动接受来自
mkcert的*.pem文件而添加的。*
docker-compose.yml(nginx部分)
nginx:
build:
context: .
dockerfile: ./compose/local/nginx/Dockerfile
container_name: local_nginx
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./certs:/etc/nginx/certs
depends_on:
- django- 注意:
django是我的Django应用。它工作。我可以在localhost:8000访问它而没有问题,并且可以从nginx容器curl它而没有问题。*
./compose/local/nginx/Dockerfile
FROM jwilder/nginx-proxy:latest
RUN rm /etc/nginx/conf.d/default.conf
COPY ./compose/local/nginx/nginx.conf /etc/nginx/conf.d- 注意:这是由于NGINX不会自动接受来自
mkcert的*.pem文件而添加的。*
openssl x509 -text -noout -in localhost.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
99:0c:b3:f7:2a:8b:f9:f7:0f:90:69:8f:63:4c:2a:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = mkcert development CA, OU = dakotahorstman@dur10469-ubuntu (Dakota Horstman), CN = mkcert dakotahorstman@dur10469-ubuntu (Dakota Horstman)
Validity
Not Before: May 24 20:52:44 2023 GMT
Not After : Aug 24 20:52:44 2025 GMT
Subject: O = mkcert development certificate, OU = dakotahorstman@dur10469-ubuntu (Dakota Horstman)
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:d7:17:b3:a9:0e:a1:b0:57:68:32:06:71:7a:
c8:e1:c0:ec:1a:eb:8c:08:bd:12:ea:39:94:f9:8e:
12:85:45:7b:4a:e2:2b:80:17:b2:7d:b1:4b:75:1c:
da:42:3d:e3:0a:9e:8d:ca:61:c5:f1:fd:26:86:d4:
4e:79:c3:0e:7f:f5:ab:76:44:ac:12:16:0b:36:56:
7a:be:be:31:e3:68:cc:47:4e:18:75:4f:36:da:d1:
d6:50:a7:83:7d:4f:fe:60:c1:15:64:71:c4:a9:4d:
b1:74:d5:c5:51:20:9e:38:39:24:46:5b:6c:45:c3:
8e:71:e2:5b:e7:92:f6:0e:42:34:33:f4:e6:36:22:
c0:e2:fd:05:26:75:51:4a:13:23:a1:21:11:b1:88:
14:80:7a:56:70:81:aa:34:97:42:e7:cb:be:7d:e4:
69:cc:a9:e5:ec:42:2e:0b:6c:a9:d1:57:d8:5b:70:
9c:55:46:d0:bc:01:06:97:a2:15:e3:22:0c:32:67:
f0:99:64:a3:6f:41:33:da:ca:a4:c6:d7:09:a8:a8:
2c:26:45:88:09:e6:9f:4b:88:12:ca:de:6a:96:49:
29:49:c4:e0:45:f0:35:e9:de:c8:9b:c7:30:de:8a:
e0:fa:9b:fb:6e:e9:ee:60:78:06:7a:16:e7:6c:6a:
13:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Authority Key Identifier:
keyid:AB:28:4B:C0:36:99:06:7A:D5:FF:CA:EC:83:C6:1D:F3:B6:85:3F:17
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
a5:12:82:ec:25:0b:e5:b5:99:dc:a6:60:a1:5c:f8:03:19:70:
41:10:0d:b8:04:ac:c8:be:7a:d5:b1:23:ce:db:06:0d:1e:98:
31:01:09:f4:00:5d:25:04:00:6c:c2:da:56:3b:f4:f4:5e:88:
4a:26:61:12:9c:34:74:22:b6:27:82:f9:39:35:cd:94:e1:c9:
a4:60:20:f1:d9:87:cb:4e:38:7b:9a:70:7d:82:48:7b:3c:ca:
38:e9:e7:e4:c0:89:73:a0:26:34:61:4d:12:90:f2:3a:ba:dd:
49:3b:cd:75:cb:0d:84:63:0e:4c:09:fe:b6:3b:5e:ea:2d:1d:
a4:04:63:9e:d4:e3:a8:d7:ee:ed:aa:90:9f:bc:26:fe:e3:49:
34:54:4d:82:a6:d2:c2:0c:ca:89:fd:b1:5b:62:4b:f0:c5:cb:
21:09:96:c4:55:88:17:7a:cb:53:ae:e8:83:18:a3:14:1c:87:
2d:7d:72:34:17:04:55:c6:cc:99:5a:92:88:fc:06:bf:08:6b:
b5:49:60:44:03:44:6b:7f:bc:7e:a1:b9:ec:aa:ef:e1:88:47:
3d:76:f0:c2:04:53:d0:57:32:f1:a5:5d:ac:53:e6:e8:a4:a4:
7f:2e:5b:bd:cd:d2:3c:c9:9f:ec:32:36:11:c1:b9:ba:a5:2f:
17:93:69:7e:bf:47:ae:74:2a:40:de:48:7f:f8:96:ce:de:72:
1d:28:27:64:7e:eb:e7:c4:44:77:01:82:6e:93:a2:a8:d3:89:
e7:8b:0a:6f:c5:a5:23:a1:a4:82:59:2f:63:6a:12:c6:50:80:
88:11:fb:38:e9:36:45:10:b9:6c:ba:c3:df:76:5e:fb:3d:c4:
05:67:62:45:3b:21:be:7b:5b:ee:e9:9c:4e:02:fd:03:5d:95:
6f:de:8e:e2:eb:93:b3:cb:90:ff:06:97:a3:1b:2a:5a:34:b3:
4d:de:ed:2e:01:ae:fc:88:9d:bf:37:98:78:40:56:a5:c9:98:
ad:45:e8:85:7d:19openssl rsa -in localhost-key.pem -check
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----Chrome网页x1c 0d1x
1条答案
按热度按时间lhcgjxsq1#
无论出于何种原因,
jwilder/nginx-proxy:latest图像不起作用,而nginx图像起作用。在不更改任何其他文件的情况下,只需将Dockerfile更改为以下文件即可。