Amazon web services AWS EC2:无法通过docker使用letsencrypt和nginx访问端口80或443(https)
我想使用docker compose文件来设置使用letsencrypt的nginx服务器,以便在我的AWS EC 2实例上启用https 然而,端口80和端口443似乎已关闭 应用程序本身在端口5000下运行,但是,在不启用https的情况下,端口5000可以是 编辑 这里是(几乎)完整的docker-compose.yml,我只在“服务”下添加了最后一节,名为Amazon web services AWS EC2:无法通过docker使用letsencrypt和nginx访问端口80或443(https),amazon-web-services,docker,nginx,lets-encrypt,Amazon Web Services,Docker,Nginx,Lets Encrypt,我想使用docker compose文件来设置使用letsencrypt的nginx服务器,以便在我的AWS EC 2实例上启用https 然而,端口80和端口443似乎已关闭 应用程序本身在端口5000下运行,但是,在不启用https的情况下,端口5000可以是 编辑 这里是(几乎)完整的docker-compose.yml,我只在“服务”下添加了最后一节,名为letsencrypt。遗漏标记为([…]): 它在本地文件夹/config/nginx/site confs/default 默认配
letsencrypt
。遗漏标记为([…]
):
它在本地文件夹/config/nginx/site confs/default
默认配置不执行任何操作,因此根据的建议,我将文件改写如下:
server {
listen 80;
server_name my-website-name.com www.my-website-name.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name _;
root /config/www;
include /config/nginx/ssl.conf;
location / {
index index.html index.htm;
include /config/nginx/proxy.conf;
}
}
server {
listen 443 ssl;
server_name annotator.*;
include /config/nginx/ssl.conf;
location / {
include /config/nginx/proxy.conf;
proxy_pass http://localhost:5000/;
}
location /socket.io {
include /config/nginx/proxy.conf;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://localhost:5000/socket.io;
}
}
我在docker compose.yml
和conf
中编辑的唯一一行是添加我自己的网站名(my website name.com
)。
conf文件似乎公开了http://localhost:5000/
这是正确的
我不确定我错过了什么。我找不到任何防火墙等
>$ sudo ufw status
Status: inactive
是我试图遵循的说明和更多的讨论
更新:下面是netstat-anp | grep-i listen的输出
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::5000 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
unix 2 [ ACC ] STREAM LISTENING 147252 - @/containerd-shim/moby/237614275f32621bfd15c8687fca24c735e48daeffd655ee6fe00fad5ca5d9ca/shim.sock@
unix 2 [ ACC ] SEQPACKET LISTENING 12687 - /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 123417 31697/systemd /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 123421 31697/systemd /run/user/1000/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 123422 31697/systemd /run/user/1000/snapd-session-agent.socket
unix 2 [ ACC ] STREAM LISTENING 123423 31697/systemd /run/user/1000/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 123424 31697/systemd /run/user/1000/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 123425 31697/systemd /run/user/1000/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 123426 31697/systemd /run/user/1000/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 141776 - @/containerd-shim/moby/b943888c331bf79cd6c1e2f7171a5961dddbb9ae163cfa1f27d2e7b6d4662444/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 17631 - @irqbalance924.sock
unix 2 [ ACC ] STREAM LISTENING 141767 - @/containerd-shim/moby/6422696dfae2f404290918b4afff5a9e65155ed1ec333bc0e72994b565e702d5/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 145693 - @/containerd-shim/moby/fb9846bebcc81350c98c47f2c15811526cca22c30a0945ae7c227f921a305cce/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 16691 - /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 16571 - /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 16645 - /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 16647 - /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 16649 - /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 16651 - /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 16653 - @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 141079 - @/containerd-shim/moby/31e14e9fa86fef5166d10363c9a4dd136af9f67f8c0d6f4bf79ebac50a474452/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 12676 - /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 12690 - /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 12702 - /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 43836 - /run/containerd/containerd.sock
unix 2 [ ACC ] STREAM LISTENING 44186 - /var/run/docker.sock
unix 2 [ ACC ] STREAM LISTENING 44343 - /var/run/docker/metrics.sock
unix 2 [ ACC ] STREAM LISTENING 45208 - /var/run/docker/libnetwork/ef4bf6e21227.sock
unix 2 [ ACC ] STREAM LISTENING 12891 - /run/lvm/lvmetad.socket
从同一台机器或从AWS外部访问时是否遇到问题?如果是后者,您是否已将实例安全组配置为允许通信?我可以从外部和内部访问端口5000。我无法从外部或内部访问端口80或443。因此,“是”机器可以从外部访问。“是”我编辑了安全组以允许来自任何地方的所有流量OK;对于存在连接问题的人,安全组始终是第一个要问的问题。我不熟悉您正在使用的映像,因此无法给出具体的指针,但通常我会在主机上使用
netstat-anp | grep-I listen
,以验证Docker是否正在侦听端口,如果是,则将exec放入容器中查看nginx日志。我在上面添加了netstat的输出。也许docker compose文件中的各个服务无法相互通信?但我不知道如何检查这个?我可以发布整个docker-compose.yml,但它可能不会被认为是“最小工作示例”
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::5000 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
unix 2 [ ACC ] STREAM LISTENING 147252 - @/containerd-shim/moby/237614275f32621bfd15c8687fca24c735e48daeffd655ee6fe00fad5ca5d9ca/shim.sock@
unix 2 [ ACC ] SEQPACKET LISTENING 12687 - /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 123417 31697/systemd /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 123421 31697/systemd /run/user/1000/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 123422 31697/systemd /run/user/1000/snapd-session-agent.socket
unix 2 [ ACC ] STREAM LISTENING 123423 31697/systemd /run/user/1000/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 123424 31697/systemd /run/user/1000/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 123425 31697/systemd /run/user/1000/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 123426 31697/systemd /run/user/1000/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 141776 - @/containerd-shim/moby/b943888c331bf79cd6c1e2f7171a5961dddbb9ae163cfa1f27d2e7b6d4662444/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 17631 - @irqbalance924.sock
unix 2 [ ACC ] STREAM LISTENING 141767 - @/containerd-shim/moby/6422696dfae2f404290918b4afff5a9e65155ed1ec333bc0e72994b565e702d5/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 145693 - @/containerd-shim/moby/fb9846bebcc81350c98c47f2c15811526cca22c30a0945ae7c227f921a305cce/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 16691 - /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 16571 - /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 16645 - /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 16647 - /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 16649 - /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 16651 - /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 16653 - @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 141079 - @/containerd-shim/moby/31e14e9fa86fef5166d10363c9a4dd136af9f67f8c0d6f4bf79ebac50a474452/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 12676 - /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 12690 - /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 12702 - /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 43836 - /run/containerd/containerd.sock
unix 2 [ ACC ] STREAM LISTENING 44186 - /var/run/docker.sock
unix 2 [ ACC ] STREAM LISTENING 44343 - /var/run/docker/metrics.sock
unix 2 [ ACC ] STREAM LISTENING 45208 - /var/run/docker/libnetwork/ef4bf6e21227.sock
unix 2 [ ACC ] STREAM LISTENING 12891 - /run/lvm/lvmetad.socket