自签名证书在docker nginx容器上不起作用
我无法获取SSL证书以在本地安装程序上工作。一切正常,但浏览器报告“连接不安全”。我已将证书添加到MacOs密钥链并选择“始终信任”。我已经为all.test域设置了dnsmasq,以解析到我的本地设置,但我也尝试将域添加到/etc/hosts。什么都不管用 这是我的nginx自签名证书在docker nginx容器上不起作用,docker,ssl,nginx,docker-compose,Docker,Ssl,Nginx,Docker Compose,我无法获取SSL证书以在本地安装程序上工作。一切正常,但浏览器报告“连接不安全”。我已将证书添加到MacOs密钥链并选择“始终信任”。我已经为all.test域设置了dnsmasq,以解析到我的本地设置,但我也尝试将域添加到/etc/hosts。什么都不管用 这是我的nginxdockerfile FROM nginx:latest COPY ./default.conf /etc/nginx/conf.d/default.conf RUN apt-get update &&
dockerfile
FROM nginx:latest
COPY ./default.conf /etc/nginx/conf.d/default.conf
RUN apt-get update && \
apt-get install -y openssl && \
mkdir /etc/nginx/ssl && \
openssl dhparam -out "/etc/nginx/ssl/dh.pem" 2048 && \
openssl req -x509 -newkey rsa:2048 -keyout "/etc/nginx/ssl/key.pem" -out "/etc/nginx/ssl/cert.pem" -days 365 -nodes \
-subj "/C=HR/ST=Zagreb/L=Zagreb/O=XOO/OU=IT Department/CN=domain.test"
这是default.conf
server {
listen 80 default_server;
root /var/www/html;
index index.html index.php;
listen 443 ssl;
server_name default_server;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_dhparam /etc/nginx/ssl/dh.pem;
charset utf-8;
# only this domain
add_header Strict-Transport-Security "max-age=31536000";
# apply also on subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
# protocols
ssl_protocols TLSv1.2 TLSv1.3;
# ciphers
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# SSL stapling
ssl_stapling on;
ssl_stapling_verify on;
最后,这是我的docker compose.yml
version: '1'
services:
nginx:
build: ./docker/nginx/
ports:
- 80:80
- 443:443
links:
- php
volumes_from:
- app
networks:
- default
这可能是因为您没有包含完整的证书链,包括/etc/nginx/ssl/cert.pem中的CA证书。这就是它无法通过验证的原因。