Apache 无法使SSL在Docker容器中工作
首先让我说我不是服务器管理员,还有很多事情我不知道。因此,我确信我在设置Docker容器时犯了一个错误,因为SSL不起作用 该容器在Ubuntu14.04上运行Apache2.4和PHP5.6,并链接到MySQL 5.6 Docker容器 我从Docker-开始进行这个基本设置。以下是相关文件: dockfileApache 无法使SSL在Docker容器中工作,apache,ssl,https,docker,openssl,Apache,Ssl,Https,Docker,Openssl,首先让我说我不是服务器管理员,还有很多事情我不知道。因此,我确信我在设置Docker容器时犯了一个错误,因为SSL不起作用 该容器在Ubuntu14.04上运行Apache2.4和PHP5.6,并链接到MySQL 5.6 Docker容器 我从Docker-开始进行这个基本设置。以下是相关文件: dockfile FROM php:5.6-apache RUN apt-get update RUN apt-get install -y net-tools RUN docker-php-ext-
FROM php:5.6-apache
RUN apt-get update
RUN apt-get install -y net-tools
RUN docker-php-ext-install pdo pdo_mysql
RUN docker-php-ext-install sockets
RUN a2enmod rewrite
RUN a2enmod ssl
ADD 000-default.conf /etc/apache2/sites-enabled/
ADD default-ssl.conf /etc/apache2/sites-anabled/
ADD apache2.conf /etc/apache2/
ADD www-server/ www-server/
EXPOSE 443
000 default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /www-server/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory /home/www-server/>
# allow .htaccess overrides to work
AllowOverride All
DirectoryIndex login.html index.html index.php
</Directory>
<Directory /home/www-server/client>
DirectoryIndex home.html
Options All
AllowOverride All
Require all granted
</Directory>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /home/www-server
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/ssl/certs/site.crt
SSLCertificateKeyFile /etc/ssl/certs/site.key
SSLCACertificatePath /etc/ssl/certs/digicert/
</VirtualHost>
</IfModule>
Mutex file:/var/lock/apache2 default
PidFile /var/run/apache2/apache2.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User www-data
Group www-data
HostnameLookups Off
ErrorLog /proc/self/fd/2
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# ports.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /home/www-server/>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
DocumentRoot /home/www-server
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /proc/self/fd/1 combined
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
# Multiple DirectoryIndex directives within the same context will add
# to the list of resources to look for rather than replace
# https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
DirectoryIndex disabled
DirectoryIndex index.php index.html
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
以下是日志文件的一部分:
::1 - - [10/Nov/2015:19:26:19 +0000] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.4.10 (Debian) PHP/5.6.15 OpenSSL/1.0.1k (internal dummy connection)"
::1 - - [10/Nov/2015:19:26:20 +0000] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.4.10 (Debian) PHP/5.6.15 OpenSSL/1.0.1k (internal dummy connection)"
72.5.190.136 - - [10/Nov/2015:19:26:21 +0000] "\x16\x03\x01" 400 0 "-" "-"
72.5.190.136 - - [10/Nov/2015:19:26:21 +0000] "\x16\x03\x01" 400 0 "-" "-"
72.5.190.136 - - [10/Nov/2015:19:26:21 +0000] "\x16\x03\x01" 400 0 "-" "-"
浏览器中出现此错误时:
错误\u SSL\u协议\u错误
TL;DR
我已经按照我在网上找到的所有步骤在Docker容器中安装和使用我的SSL证书,但是我没有成功地使它工作。让SSL在Docker容器中工作有什么明显的我忽略了的吗?有时候,特别是当您试图解决一个问题很长时间,并且在命令行的控制台窗口中编码时,您错过了最简单的事情。查看Dockerfile中的这两行:
ADD 000-default.conf /etc/apache2/sites-enabled/
ADD default-ssl.conf /etc/apache2/sites-anabled/
a
与e
几乎无法区分,这使得拼写错误很难找到。Dockerfile正确构建映像并在容器中添加新目录,然后将配置文件放置在该目录中
drwxr-xr-x 2 www www 4096 Nov 11 15:56 sites-anabled
drwxr-xr-x 2 www www 4096 Oct 23 20:19 sites-available
drwxr-xr-x 2 www www 4096 Nov 11 15:56 sites-enabled
由于没有为未知目录引发错误,并且映像生成成功,因此它将运行,但在这种情况下,SSL将无法正常工作。我不想像其他答案那样“添加”文件。 HTML文件将通过挂载到/var/www安装。 我只需要apache服务器接受HTTPS(SSL), 将HTTP(非SSL)重定向到HTTPS,以及一些次要的PHP配置 以下是我在DockerFile中所做的
# Install PHP Apache as the base image
FROM "php:7.3-apache"
# Install ssl-cert (snakeoil) package
RUN set -eux; \
apt-get update && apt-get install -y ssl-cert; \
: "Clean Apt system" ;\
apt-get clean; \
rm -rf /var/lib/apt/lists/*; \
rm -rf /tmp/* /var/tmp/* /var/log/lastlog /var/log/faillog; \
rm -f /var/log/{apt/*,alternatives.log,dpkg.log}; \
:;
# Set up apache with HTTPS redirect
RUN set -eux; \
: "Time Zone"; \
ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime; \
: "Apache Changes" ;\
# enable SSL \
a2enmod rewrite ssl; \
a2ensite default-ssl; \
cd /etc/apache2/sites-enabled/; \
sed -i '/<\/VirtualHost>/d' 000-default.conf; \
echo 'RewriteEngine On' >> 000-default.conf; \
echo 'RewriteRule . https://%{SERVER_NAME} [R,L]' >> 000-default.conf; \
echo '</VirtualHost>' >> 000-default.conf; \
:;
# PHP Configuration
RUN set -eux; \
cd $PHP_INI_DIR; \
cp php.ini-production php.ini; \
cd conf.d ;\
echo "date.timezone=Australia/Sydney" > date_timezone.ini; \
echo "session.gc_probability=1" > session.ini; \
echo "session.gc_divisor=100" >> session.ini; \
echo "session.gc_maxlifetime=1440" >> session.ini; \
echo "session.cookie=1440" >> session.ini; \
:;
#安装PHP Apache作为基本映像
来自“php:7.3-apache”
#安装ssl证书(蛇油)包
运行集-eux\
apt get update&&apt get install-y ssl证书\
:“清洁Apt系统”\
易于清洁\
rm-rf/var/lib/apt/lists/*\
rm-rf/tmp/*/var/tmp/*/var/log/lastlog/var/log/faillog\
rm-f/var/log/{apt/*,alternations.log,dpkg.log}\
:;
#使用HTTPS重定向设置apache
运行集-eux\
:“时区”\
ln-sf/usr/share/zoneinfo/Australia/Sydney/etc/localtime\
:“Apache更改”\
#启用SSL\
a2enmod重写ssl\
加密默认ssl\
cd/etc/apache2/sites enabled/\
sed-i'//d'000-default.conf\
echo'RewriteEngine On'>>000-default.conf\
“回声”规则。https://%{SERVER_NAME}[R,L]'>>000-default.conf\
echo'>>000-default.conf\
:;
#PHP配置
运行集-eux\
cd$PHP_INI_DIR\
cp php.ini-production php.ini\
cd conf.d\
echo“date.timezone=澳大利亚/悉尼”>date\u timezone.ini\
echo“session.gc_probability=1”>session.ini\
echo“session.gc_除数=100”>>session.ini\
echo“session.gc_maxlifetime=1440”>>session.ini\
echo“session.cookie=1440”>>session.ini\
:;
希望你会觉得这很有帮助现在这已经伤害到了Hoooo boy,确实如此。有几个人错过了@RiggsFollyth这就是为什么我喜欢有拼写检查的IDE:)谢谢@JayBlanchard,你能分享一下你是如何将ssl密钥插入服务器的吗?@AlexanderMills这只是个人喜好。我有时会包含URL中的内容,而您无法使用
COPY
,因此我这样做是为了保持一致性。在这种情况下,我可以很容易地使用COPY
。
# Install PHP Apache as the base image
FROM "php:7.3-apache"
# Install ssl-cert (snakeoil) package
RUN set -eux; \
apt-get update && apt-get install -y ssl-cert; \
: "Clean Apt system" ;\
apt-get clean; \
rm -rf /var/lib/apt/lists/*; \
rm -rf /tmp/* /var/tmp/* /var/log/lastlog /var/log/faillog; \
rm -f /var/log/{apt/*,alternatives.log,dpkg.log}; \
:;
# Set up apache with HTTPS redirect
RUN set -eux; \
: "Time Zone"; \
ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime; \
: "Apache Changes" ;\
# enable SSL \
a2enmod rewrite ssl; \
a2ensite default-ssl; \
cd /etc/apache2/sites-enabled/; \
sed -i '/<\/VirtualHost>/d' 000-default.conf; \
echo 'RewriteEngine On' >> 000-default.conf; \
echo 'RewriteRule . https://%{SERVER_NAME} [R,L]' >> 000-default.conf; \
echo '</VirtualHost>' >> 000-default.conf; \
:;
# PHP Configuration
RUN set -eux; \
cd $PHP_INI_DIR; \
cp php.ini-production php.ini; \
cd conf.d ;\
echo "date.timezone=Australia/Sydney" > date_timezone.ini; \
echo "session.gc_probability=1" > session.ini; \
echo "session.gc_divisor=100" >> session.ini; \
echo "session.gc_maxlifetime=1440" >> session.ini; \
echo "session.cookie=1440" >> session.ini; \
:;