我试图设置由Jwilder组合的Letsencrypt伴侣容器为ssl制作的Nginx代理泊坞窗容器。 behing代理目前是一个单一的网站,使用球童作为其服务器。 操作系统是Ubuntu 16.04,在防火墙中,我打开了端口80和443.没有Nginx代理,我可以通过HTTPS连接到网站。 但是对于nginx-proxy,我无法通过HTTPS连接到网站。
当我连接到是得到错误,ERR_CONNECTION_REFUSED。
我不知道什么可能会导致错误。
docker-compose yml文件:
version: '2' volumes: postgres_data: {} postgres_backup: {} caddy: {} services: nginx-proxy: image: jwilder/nginx-proxy ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - /path/to/certs:/etc/nginx/certs:rw - /etc/nginx/vhost.d - /usr/share/nginx/html labels: - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy nginx-proxy-ssl-companion: image: jrcs/letsencrypt-nginx-proxy-companion volumes: - /var/run/docker.sock:/var/run/docker.sock:ro volumes_from: - nginx-proxy django: build: context: . dockerfile: ./compose/django/Dockerfile depends_on: - postgres - redis command: /gunicorn.sh env_file: .env postgres: build: ./compose/postgres volumes: - postgres_data:/var/lib/postgresql/data - postgres_backup:/backups env_file: .env caddy: build: ./compose/caddy depends_on: - django volumes: - caddy:/root/.caddy env_file: .env environment: - "VIRTUAL_HOST=www.mydomain.nl, mydomain.nl" expose: - 80 - 443 redis: image: redis:3.0 日志:
postgres_1 | LOG: database system was shut down at 2017-09-17 06:59:52 UTC postgres_1 | LOG: MultiXact member wraparound protections are now enabled postgres_1 | LOG: database system is ready to accept connections postgres_1 | LOG: autovacuum launcher started redis_1 | 1:C 17 Sep 06:59:55.311 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf redis_1 | _._ redis_1 | _.-``__ ''-._ redis_1 | _.-`` `. `_. ''-._ Redis 3.0.7 (00000000/0) 64 bit redis_1 | .-`` .-```. ```\/ _.,_ ''-._ redis_1 | ( ' , .-` | `, ) Running in standalone mode redis_1 | |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 redis_1 | | `-._ `._ / _.-' | PID: 1 redis_1 | `-._ `-._ `-./ _.-' _.-' redis_1 | |`-._`-._ `-.__.-' _.-'_.-'| redis_1 | | `-._`-._ _.-'_.-' | http://redis.io redis_1 | `-._ `-._`-.__.-'_.-' _.-' redis_1 | |`-._`-._ `-.__.-' _.-'_.-'| redis_1 | | `-._`-._ _.-'_.-' | redis_1 | `-._ `-._`-.__.-'_.-' _.-' redis_1 | `-._ `-.__.-' _.-' redis_1 | `-._ _.-' redis_1 | `-.__.-' redis_1 | redis_1 | 1:M 17 Sep 06:59:55.321 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. redis_1 | 1:M 17 Sep 06:59:55.321 # Server started, Redis version 3.0.7 redis_1 | 1:M 17 Sep 06:59:55.321 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. redis_1 | 1:M 17 Sep 06:59:55.321 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. redis_1 | 1:M 17 Sep 06:59:55.321 * DB loaded from disk: 0.000 seconds redis_1 | 1:M 17 Sep 06:59:55.321 * The server is now ready to accept connections on port 6379 nginx-proxy_1 | Custom dhparam.pem file found, generation skipped nginx-proxy_1 | forego | starting dockergen.1 on port 5000 nginx-proxy_1 | forego | starting nginx.1 on port 5100 nginx-proxy_1 | dockergen.1 | 2017/09/17 06:59:56 Generated '/etc/nginx/conf.d/default.conf' from 5 containers nginx-proxy_1 | dockergen.1 | 2017/09/17 06:59:56 Running 'nginx -s reload' nginx-proxy_1 | dockergen.1 | 2017/09/17 06:59:56 Watching docker events django_1 | Postgres is up - continuing... caddy_1 | Activating privacy features... done. caddy_1 | https://www.mydomain.nl caddy_1 | 2017/09/17 06:59:56 https://www.mydomain.nl caddy_1 | https://mydomain.nl caddy_1 | 2017/09/17 06:59:56 https://mydomain.nl caddy_1 | http://www.mydomain.nl caddy_1 | 2017/09/17 06:59:56 http://www.mydomain.nl caddy_1 | http://mydomain.nl caddy_1 | 2017/09/17 06:59:56 http://mydomain.nl nginx-proxy_1 | dockergen.1 | 2017/09/17 06:59:56 Generated '/etc/nginx/conf.d/default.conf' from 6 containers nginx-proxy_1 | dockergen.1 | 2017/09/17 06:59:56 Running 'nginx -s reload' nginx-proxy_1 | dockergen.1 | 2017/09/17 06:59:56 Received event start for container f9ba82a04635 nginx-proxy-ssl-companion_1 | Sleep for 3600s nginx-proxy_1 | dockergen.1 | 2017/09/17 06:59:56 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload' nginx-proxy-ssl-companion_1 | 2017/09/17 06:59:56 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs' nginx-proxy-ssl-companion_1 | 2017/09/17 06:59:56 Watching docker events nginx-proxy-ssl-companion_1 | 2017/09/17 06:59:56 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs' nginx-proxy_1 | nginx.1 | daclass.nl 83.80.189.76 - - [17/Sep/2017:07:00:13 +0000] "GET / HTTP/1.1" 301 54 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0" nginx-proxy_1 | nginx.1 | 37.97.203.190 172.104.108.109 - - [17/Sep/2017:07:15:10 +0000] "GET / HTTP/1.1" 503 213 "-" "Mozilla/5.0" nginx-proxy_1 | nginx.1 | daclass.net 66.249.76.119 - - [17/Sep/2017:07:42:28 +0000] "GET /robots.txt HTTP/1.1" 503 213 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
编辑:删除VIRTUAL_PROTO = https给了我下面的错误,我仍然不知道什么是错误的当前设置:
caddy_1 | 2017/09/21 18:47:50 http: TLS handshake error from 172.18.0.2:45866: tls: first record does not look like a TLS handshake nginx-proxy_1 | nginx.1 | 2017/09/21 18:47:50 [error] 38#38: *2 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: xx.xx.xxx.xx, server: mydomain.nl, request: "GET / HTTP/1.1", upstream: "http://172.18.0.7:443/", host: "mydomain.nl" nginx-proxy_1 | nginx.1 | daclass.nl xx.xx.xxx.xx - - [21/Sep/2017:18:47:50 +0000] "GET / HTTP/1.1" 009 7 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0"