Why can't volumes from letsencrypt by certbot be transferred to nginx's docker container?

E

EVOSandru62019-12-24 00:09:58

Nginx

EVOSandru6, 2019-12-24 00:09:58

Good afternoon,
I generated certificates that have rights - 777:
/etc/letsencrypt/live/domen.ru/cert.pem
/etc/letsencrypt/live/domen.ru/chain.pem
/etc/letsencrypt/live/domen.ru /fullchain.pem
/etc/letsencrypt/live/domen.ru/privkey.pem There is an nginx
configuration file :

server {
    listen 443 ssl;
    server_name www.domen.ru domen.ru;
    charset utf-8;
    index index.php;
    root /var/www/public;

    location / {
        try_files $uri /index.php?$args;
    }
    location /docs {
        try_files $uri $uri/;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-fpm:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    ssl_certificate /etc/letsencrypt/live/domen.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domen.ru/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/domen.ru/chain.pem;
}

There is docker-compose.yml , which forwards the configuration file and the folder with certificates:

version: '3.7'
services:
  nginx:
    container_name: nginx
    image: nginx:1.15-alpine
    volumes:
      - ./app:/var/www
      - ./volumes/log/nginx/:/var/log/nginx/
      - ./docker/app/nginx/prod/app.conf:/etc/nginx/conf.d/default.conf
      - /etc/letsencrypt/live/domen.ru/:/etc/letsencrypt/live/domen.ru/
    ports:
      - ${HTTP_PORT}:80
      - ${HTTPS_PORT}:443
    restart: unless-stopped
    depends_on:
      - php-fpm

Then I raise the build:
docker-compose up -d
Check containers:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c8f15865564 nginx:1.15-alpine "nginx -g 'daemon of…" 27 minutes ago Restarting (1) 3 seconds ago nginx
...
And look at the logs:
sudo docker-compose logs --tail="all" nginx;
Attaching to nginx
nginx | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/domen.ru/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(' /etc/letsencrypt/live/domen.ru/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/domen.ru/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(' /etc/letsencrypt/live/domen.ru/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/domen.ru/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(' /etc/letsencrypt/live/domen.ru/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/domen.ru/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(' /etc/letsencrypt/live/domen.ru/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file
) :
docker exec -ti 15fb0537b034 ls /etc/letsencrypt/live/domen.ru/
README cert.pem chain.pem fullchain.pem privkey.pem
What could be the problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey Sokolov, 2019-12-24
@EVOSandru6

Instead of a full path to

- /etc/letsencrypt/live/domen.ru/:/etc/letsencrypt/live/domen.ru/

necessary

services:
  nginx:
    # ...
    volumes:
      # ...
      - /etc/letsencrypt:/etc/letsencrypt

because live/domen.ruthe certificates themselves are not in it, but the links to the files are two levels higher. You can see the links, but they point to inaccessible files.