nginx通过docker-错误:1408F10B:SSL例程:ssl3_get_record:版本号错误 [英] nginx via docker - error:1408F10B:SSL routines:ssl3_get_record:wrong version number

问题描述

我有一个通过docker设置的collabora服务器.我想将其放在代理后面，以便只能通过https:

I have a collabora server set up via docker. I'd like to put it behind a proxy so that it's accessible only via https:

我已遵循文档此处和在第二个链接上，我正在使用设置2的选项3.我不确定是否应该使用选项1.

On the second link I'm using set up option 2 of 3. I was unsure if I should be using option 1.

运行容器之后，我想按照上面第一个文档链接的底部检查collabora服务器是否正在运行.获得确定"消息表示所有设置均正确:

After running the container, I wanted to check that collabora server is running per the bottom of the first documentation link above. Obtaining the 'OK' message signifies that all is set up correctly:

curl -k https://localhost:9980
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

如果我删除s:

curl -k http://localhost:9980
OK

我在docker-compose中有3个服务，这是日志的最后两行:

I have 3 services in the docker-compose, here's the last couple of lines of the logs:

docker ps
CONTAINER ID   IMAGE               COMMAND                  CREATED       STATUS       PORTS                                      NAMES
ee6bdb68f8e2   collabora/code      "/bin/sh -c 'bash st…"   2 hours ago   Up 2 hours   0.0.0.0:9980->9980/tcp                     collabora
1488465463c6   nginx:1.15-alpine   "/bin/sh -c 'while :…"   2 hours ago   Up 2 hours   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   collabora_nginx_1
4361ed3f6df7   certbot/certbot     "/bin/sh -c 'trap ex…"   2 hours ago   Up 2 hours   80/tcp, 443/tcp                            collabora_certbot_1

collabora服务器容器/服务:

The collabora server container/service:

docker logs collabora
wsd-00006-00042 2021-03-02 16:39:07.374169 [ websrv_poll ] WRN  convert-to: Requesting address is denied: ::ffff:168.119.3.73| wsd/LOOLWSD.cpp:2315
wsd-00006-00042 2021-03-02 16:40:10.725982 [ websrv_poll ] ERR  Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2383

nginx容器/服务:

The nginx container/service:

docker logs collabora_nginx_1
2021/03/02 16:49:47 [error] 10#10: *54 open() "/etc/nginx/html/robots.txt" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /robots.txt HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:47 +0000] "GET /robots.txt HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:48 [error] 10#10: *55 open() "/etc/nginx/html/sitemap.xml" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /sitemap.xml HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:48 +0000] "GET /sitemap.xml HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:50 [error] 10#10: *56 open() "/etc/nginx/html/.well-known/security.txt" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /.well-known/security.txt HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:50 +0000] "GET /.well-known/security.txt HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:51 [error] 10#10: *57 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /favicon.ico HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:51 +0000] "GET /favicon.ico HTTP/1.1" 404 154 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
2021/03/02 16:49:56 [error] 10#10: *62 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 104.155.101.3, server: collabora.mydomain.de, request: "GET / HTTP/1.1", host: "135.181.152.187"
104.155.101.3 - - [02/Mar/2021:16:49:56 +0000] "GET / HTTP/1.1" 404 154 "-" "python-requests/2.25.1" "-"

certbot容器:

The certbot container:

docker logs collabora_certbot_1
logs collabora_certbot_1 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/collabora.mydomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/collabora.mydomain.de/fullchain.pem expires on 2021-05-31 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

我的docker-compose.yaml:

My docker-compose.yaml:

version: "3.5"
services:
  collabora:
    image: collabora/code
    container_name: collabora
    restart: always
    depends_on:
      - nginx
    cap_add:
      - MKNOD
    environment:
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
      - domain=nx12345\.blah\.de
      - dictionaries=en_US
    ports:
      - "9980:9980"
    volumes:
      - ./appdata/collabora:/config    
  nginx:
    image: nginx:1.15-alpine
    restart: unless-stopped
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    ports:
      - "80:80"
      - "443:443"
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
  certbot:
    image: certbot/certbot
    restart: unless-stopped
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

我的nginx配置app.conf:

My nginx config app.conf:

server {
    listen 80;
    server_name mydomain.de;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}


server {
    listen       443 ssl;
    server_name  collabora.mydomain.de;

    ssl_certificate /etc/letsencrypt/live/collabora.mydomain.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/collabora.mydomain.de/privkey.pem;
    
    # static files
    location ^~ /loleaflet {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

如何按照上述使用docker进行的设置，使用nginx将collabora服务器正确放置在代理后面?

How can I correctly place the collabora server behind a proxy using nginx per the above set up using docker?

推荐答案

问题出在网络上.我尚未完全理解的一个概念，但是将其添加到我的docker-compose可以解决问题:

The issue was networks. A concept I do not yet fully understand but adding this to my docker-compose did the trick:

networks:
  collabora:

然后在每个服务中，我都引用了相同的网络.

Then in each service I referenced this same network.

这篇关于nginx通过docker-错误:1408F10B:SSL例程:ssl3_get_record:版本号错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！