Nginx / letsencrypt / docker -- Ubuntu 16.04

支持 安装
1

托管:DigitalOcean。
参考:此处所有指南也见于 DigitalOcean,用于安装和配置 NGINX 与 Let’s Encrypt 协同工作。
已成功 运行 HTTPS - https://hkh.pm/
最终 出现 502 Bad Gateway 错误

/etc/nginx/sites-enabled/ 中的 Discourse 配置:

server {
        listen 80;
        server_name www.hkh.pm;
        return 301 https://hkh.pm$request_uri;
}
server {
        listen 443 ssl http2; 
        server_name hkh.pm;

        ssl_certificate /etc/letsencrypt/live/hkh.pm/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/hkh.pm/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass      http://hkh.pm:25654/;
                proxy_read_timeout      90;
                proxy_redirect  http://hkh.pm:25654/ https://hkh.pm;
        }
}

App.yml 配置

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - #"templates/web.ratelimited.template.yml"
## 如果希望添加 Let's Encrypt (https),请取消注释以下两行
  - #"templates/web.ssl.template.yml"
  - #"templates/web.letsencrypt.ssl.template.yml"

## 此容器应暴露哪些 TCP/IP 端口?
## 如果您希望 Discourse 与 Apache 或 nginx 等其他 Web 服务器共享端口,
## 请参阅 https://meta.discourse.org/t/17247 了解详情
expose:
  - "25654:80"   # http
  - "443:443" # https

NGINX 状态:

dbm@hkh:~$ systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:08 UTC; 16min ago
  Process: 1459 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status
  Process: 1389 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exite
 Main PID: 1484 (nginx)
    Tasks: 3
   Memory: 10.4M
      CPU: 229ms
   CGroup: /system.slice/nginx.service
           ├─1484 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           ├─1485 nginx: worker process
           └─1486 nginx: worker process

Docker ps -a

dbm@hkh:~$ docker ps -a
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS                      PORTS               NAMES
b91fdb1b28df        local_discourse/app   "/sbin/boot"        About an hour ago   Exited (5) 17 minutes ago

因此,我的结论是端口方面存在某种问题,表明转发未正确配置,我已束手无策。(几乎尝试了在 Google 和 Discourse 社区能找到的所有方法。)这里可以看到问题所在:

dbm@hkh:~$ sudo netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1417/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1417/sshd

看起来 docker-proxy 未被加载,也未转发到端口 25654。此外,我曾遇到端口 80 被占用的问题。之后我重启了系统,NGINX 不再报告任何错误。

dbm@hkh:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

有任何建议或提示可以帮我解决这个问题吗?提前感谢!

2

What are You trying to achieve?

That configuration looks okay but is there a service running on

http://hkh.pm:25654/

Because that is not returning anything

1 个赞
3

That is the problem… there is no service running there. And it should be running right? – By the configuration. That problem appears when i install nginx. And letsencrypt. Before doing that, i could reach my discourse on that port.

EDITED:

Like i said here, i think that problem come from here.

EDIT2:

 docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:09 UTC; 3h 6min ago
     Docs: https://docs.docker.com
 Main PID: 1382 (dockerd)
    Tasks: 22
   Memory: 113.6M
      CPU: 1min 16.716s
   CGroup: /system.slice/docker.service
           ├─1382 /usr/bin/dockerd -H fd://
           └─1492 docker-containerd --config /var/run/docker/containerd/containerd.toml

Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.658704124Z" level=error msg="b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f767df7031dd5a5e cleanup: fai
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659260943Z" level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659896029Z" level=info msg="Loading containers: done."
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.696332892Z" level=info msg="Docker daemon" commit=03596f5 graphdriver(s)=overlay2 version=18.01.0-ce
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.697512501Z" level=info msg="Daemon has completed initialization"
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.708078451Z" level=info msg="API listen on /var/run/docker.sock"
Jan 13 09:48:09 hkh systemd[1]: Started Docker Application Container Engine.
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/efc749e9f165b37aa8e1
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim reaped" id=efc749e9f165b37aa8e12c891f74b606b38b318e43efc39213903f00c1d74b79 module=
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43.962437141Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="
~

Jan 13 09:48:09 hkh dockerd[1382]: time=“2018-01-13T09:48:09.659260943Z” level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76

This is my docker images;

dbm@hkh:~$ sudo docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
local_discourse/app   latest              c8f855b4c3a9        4 hours ago         2.79GB
<none>                <none>              b0cd4d872d9d        4 hours ago         2.79GB
discourse/base        2.0.20171231        3925ef3919cc        12 days ago         1.73GB
4

Do you have other web sites hosted on this server? What are you trying to do?

5

Docker isn’t running because Your nginx has occupied Port 443 for SSL!

You need to use websockets instead of proxy redirect.

Take some cues from Here: Adding an offline page when rebuilding

1 个赞
6

@itsbhanusharma Thanks, for replying. Gonna try it asap. Keeping this updated

@pfaffman - no, only Discourse

SOLUTION

@itsbhanusharma, @pfaffman - thanks both for help and your time. Highly appreciate it!

Also, special thanks to @fefrei

Cheers! :slight_smile:

4 个赞