0

我拉https://github.com/tomav/docker-mailserver来设置邮件服务器。我想添加让我们加密支持,所以我也拉https://hub.docker.com/r/certbot/certbot/~/dockerfile/

我用这个 2 容器做一个 Docker 撰写文件:

version: '2'
services:
 nginx:
image: pixelfordinner/nginx
container_name: pixelcloud-nginx_proxy-nginx
restart: always
ports:
  - "80:80"
  - "443:443"
volumes:
  - "./volumes/conf.d:/etc/nginx/conf.d:ro"
  - "./volumes/vhost.d:/etc/nginx/vhost.d:ro"
  - "./volumes/certs:/etc/nginx/certs:ro"
  - "/usr/share/nginx/html"
nginx-proxy:
 image: jwilder/docker-gen
 container_name: nginx-proxy
 depends_on:
  - nginx
 volumes_from:
  - nginx
 volumes:
  - "/var/run/docker.sock:/tmp/docker.sock:ro"
  - "./data/templates:/etc/docker-gen/templates:ro"
  - "./volumes/conf.d:/etc/nginx/conf.d:rw"
entrypoint: /usr/local/bin/docker-gen -notify-sighup pixelcloud-nginx_proxy-nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf

letsencrypt-nginx-proxy:
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: ssl
depends_on:
  - nginx
  - nginx-proxy
volumes_from:
  - nginx
volumes:
  - "/var/run/docker.sock:/var/run/docker.sock:ro"
  - "./volumes/vhost.d:/etc/nginx/vhost.d:rw"
  - "./volumes/certs:/etc/nginx/certs:rw"
environment:
  - "NGINX_DOCKER_GEN_CONTAINER=nginx-proxy"
 mail:
image: tvial/docker-mailserver:2.1
hostname: mail
domainname: example.com
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- ./config/:/tmp/docker-mailserver/
- "$PWD/etc/:/etc/letsencrypt/"
- "$PWD/log/:/var/log/letsencrypt/"
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- SSL_TYPE=letsencrypt
cap_add:
- NET_ADMIN
certbot:
image: certbot/certbot
container_name: certbot
command: certbot certonly --standalone -d mail.example.com
ports:
- "8083:80"
- "4432:443"
volumes:
  - /etc/letsencrypt:/etc/letsencrypt
  - /var/lib/letsencrypt:/var/lib/letsencrypt

但是 certbot 不会创建任何证书。443 端口的 nginx 和 certbot 容器之间存在冲突。

如果我为 certbot 使用 443 端口,我的域无法访问,因此 certbot 域验证失败。如果我将 443 用于 nginx,则 certbot 无法正常工作。我不知道该怎么办...

4

1 回答 1

0

让我们加密(certbot)需要可通过端口 80 访问的现有 tld 来实际执行某些操作。您需要创建一些真实的域,例如 dev.existingdomain.com 并使用它。

https://typo3worx.eu/2016/11/lets-encrypt-on-localhost/

对于本地环境,您主要使用自签名证书...

于 2017-04-25T11:27:13.127 回答