nginx通过docker-错误:1408F10B:SSL例程:ssl3_get_record:版本号错误 [英] nginx via docker - error:1408F10B:SSL routines:ssl3_get_record:wrong version number
问题描述
我有一个通过docker设置的collabora服务器.我想将其放在代理后面,以便只能通过https:
I have a collabora server set up via docker. I'd like to put it behind a proxy so that it's accessible only via https:
我已遵循文档此处和在第二个链接上,我正在使用设置2的选项3.我不确定是否应该使用选项1.
On the second link I'm using set up option 2 of 3. I was unsure if I should be using option 1.
运行容器之后,我想按照上面第一个文档链接的底部检查collabora服务器是否正在运行.获得确定"消息表示所有设置均正确:
After running the container, I wanted to check that collabora server is running per the bottom of the first documentation link above. Obtaining the 'OK' message signifies that all is set up correctly:
curl -k https://localhost:9980
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
如果我删除s:
curl -k http://localhost:9980
OK
我在docker-compose中有3个服务,这是日志的最后两行:
I have 3 services in the docker-compose, here's the last couple of lines of the logs:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee6bdb68f8e2 collabora/code "/bin/sh -c 'bash st…" 2 hours ago Up 2 hours 0.0.0.0:9980->9980/tcp collabora
1488465463c6 nginx:1.15-alpine "/bin/sh -c 'while :…" 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp collabora_nginx_1
4361ed3f6df7 certbot/certbot "/bin/sh -c 'trap ex…" 2 hours ago Up 2 hours 80/tcp, 443/tcp collabora_certbot_1
collabora服务器容器/服务:
The collabora server container/service:
docker logs collabora
wsd-00006-00042 2021-03-02 16:39:07.374169 [ websrv_poll ] WRN convert-to: Requesting address is denied: ::ffff:168.119.3.73| wsd/LOOLWSD.cpp:2315
wsd-00006-00042 2021-03-02 16:40:10.725982 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2383
nginx容器/服务:
The nginx container/service:
docker logs collabora_nginx_1
2021/03/02 16:49:47 [error] 10#10: *54 open() "/etc/nginx/html/robots.txt" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /robots.txt HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:47 +0000] "GET /robots.txt HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:48 [error] 10#10: *55 open() "/etc/nginx/html/sitemap.xml" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /sitemap.xml HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:48 +0000] "GET /sitemap.xml HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:50 [error] 10#10: *56 open() "/etc/nginx/html/.well-known/security.txt" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /.well-known/security.txt HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:50 +0000] "GET /.well-known/security.txt HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:51 [error] 10#10: *57 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /favicon.ico HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:51 +0000] "GET /favicon.ico HTTP/1.1" 404 154 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
2021/03/02 16:49:56 [error] 10#10: *62 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 104.155.101.3, server: collabora.mydomain.de, request: "GET / HTTP/1.1", host: "135.181.152.187"
104.155.101.3 - - [02/Mar/2021:16:49:56 +0000] "GET / HTTP/1.1" 404 154 "-" "python-requests/2.25.1" "-"
certbot容器:
The certbot container:
docker logs collabora_certbot_1
logs collabora_certbot_1
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/collabora.mydomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/collabora.mydomain.de/fullchain.pem expires on 2021-05-31 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
我的docker-compose.yaml:
My docker-compose.yaml:
version: "3.5"
services:
collabora:
image: collabora/code
container_name: collabora
restart: always
depends_on:
- nginx
cap_add:
- MKNOD
environment:
- "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
- domain=nx12345\.blah\.de
- dictionaries=en_US
ports:
- "9980:9980"
volumes:
- ./appdata/collabora:/config
nginx:
image: nginx:1.15-alpine
restart: unless-stopped
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
ports:
- "80:80"
- "443:443"
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
我的nginx配置app.conf:
My nginx config app.conf:
server {
listen 80;
server_name mydomain.de;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name collabora.mydomain.de;
ssl_certificate /etc/letsencrypt/live/collabora.mydomain.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/collabora.mydomain.de/privkey.pem;
# static files
location ^~ /loleaflet {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass http://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
如何按照上述使用docker进行的设置,使用nginx将collabora服务器正确放置在代理后面?
How can I correctly place the collabora server behind a proxy using nginx per the above set up using docker?
推荐答案
问题出在网络上.我尚未完全理解的一个概念,但是将其添加到我的docker-compose可以解决问题:
The issue was networks. A concept I do not yet fully understand but adding this to my docker-compose did the trick:
networks:
collabora:
然后在每个服务中,我都引用了相同的网络.
Then in each service I referenced this same network.
这篇关于nginx通过docker-错误:1408F10B:SSL例程:ssl3_get_record:版本号错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!