【发布时间】:2021-08-20 07:46:21
【问题描述】:
我在 Docker 中都使用 Jenkins 和 Nginx,
从 Jenkins docker 文档看来,jenkins 需要 2 个端口,50000 和 8080,参考:https://github.com/jenkinsci/docker/blob/master/README.md
作为反向代理的 Nginx 现在有这个配置
server {
listen 80;
server_name jenkins.kryptohive.com
www.jenkins.kryptohive.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://jenkins.kryptohive.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name www.jenkins.kryptohive.com;
server_tokens off;
include /etc/nginx/conf.d/ssl.kryptohive;
return 301 https://jenkins.kryptohive.com$request_uri;
}
# configuration of the server
server {
listen 443 ssl http2;
server_name jenkins.kryptohive.com;
access_log /var/log/nginx/jenkins_access.log;
error_log /var/log/nginx/jenkins_error.log;
include /etc/nginx/conf.d/ssl.kryptohive;
include /etc/nginx/conf.d/gzip_conf;
server_tokens off;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://jenkins:8080;
proxy_read_timeout 90;
proxy_redirect http://jenkins:8080 https://jenkins.kryptohive.com;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off;
add_header 'X-SSH-Endpoint' 'jenkins.kryptohive.com:50000' always;
}
}
这可以很好地为 Jenkins 网站提供服务,但我得到了错误
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
Request headers:
Content-Type: application/json
User-Agent: GitLab/14.0.0-pre
X-Gitlab-Event: Push Hook
Request body:
{
"object_kind": "push",
"event_name": "push",
"before": "e7f7c62995e68446fb1c519fb7f2316eb083bb83",
"after": "9d62e92972ed32ca67c09108395ebad9a20f3e92",
"ref": "refs/heads/master",
"checkout_sha": "9d62e92972ed32ca67c09108395ebad9a20f3e92",
"message": null,
"user_id": 4642285,
"user_name": "Abstract Aesthetics",
"user_username": "4bstractanimation",
"user_email": "",
"user_avatar": "https://secure.gravatar.com/avatar/99a9286c8eaf9b7335f91c3ddbdad7fd?s=80&d=identicon",
"project_id": 26279073,
"project": {
"id": 26279073,
"name": "ucurs-default-shop",
"description": "",
"web_url": "https://gitlab.com/4bstractanimation/django-standard-shop",
"avatar_url": null,
"git_ssh_url": "git@gitlab.com:4bstractanimation/django-standard-shop.git",
"git_http_url": "https://gitlab.com/4bstractanimation/django-standard-shop.git",
"namespace": "Abstract Aesthetics",
"visibility_level": 0,
"path_with_namespace": "4bstractanimation/django-standard-shop",
"default_branch": "master",
"ci_config_path": "",
"homepage": "https://gitlab.com/4bstractanimation/django-standard-shop",
"url": "git@gitlab.com:4bstractanimation/django-standard-shop.git",
"ssh_url": "git@gitlab.com:4bstractanimation/django-standard-shop.git",
"http_url": "https://gitlab.com/4bstractanimation/django-standard-shop.git"
},
"commits": [
{
"id": "9d62e92972ed32ca67c09108395ebad9a20f3e92",
"message": "theme updated\n",
"title": "theme updated",
"timestamp": "2021-05-31T20:45:11+05:00",
"url": "https://gitlab.com/4bstractanimation/django-standard-shop/-/commit/9d62e92972ed32ca67c09108395ebad9a20f3e92",
"author": {
"name": "Abstract Aesthetics",
"email": "4bstractanimation@gmail.com"
},
"added": [
],
"modified": [
"public/index.html"
],
"removed": [
]
},
{
"id": "6eaf6296ce2a7215431ae2e641fd64159fd26be0",
"message": "theme updated\n",
"title": "theme updated",
"timestamp": "2021-05-31T20:44:57+05:00",
"url": "https://gitlab.com/4bstractanimation/django-standard-shop/-/commit/6eaf6296ce2a7215431ae2e641fd64159fd26be0",
"author": {
"name": "Abstract Aesthetics",
"email": "4bstractanimation@gmail.com"
},
"added": [
"src/components/admin-view/images/logo_feild.js"
],
"modified": [
"src/StateStore/reducer.js",
"src/components/admin-view/images/index.js",
"src/components/admin-view/information/TextView.js",
"src/components/admin-view/information/index.js",
"src/components/layout/footer/index.js",
"src/components/layout/header/index.js"
],
"removed": [
]
},
{
"id": "e7f7c62995e68446fb1c519fb7f2316eb083bb83",
"message": "theme updated\n",
"title": "theme updated",
"timestamp": "2021-05-31T19:38:49+05:00",
"url": "https://gitlab.com/4bstractanimation/django-standard-shop/-/commit/e7f7c62995e68446fb1c519fb7f2316eb083bb83",
"author": {
"name": "Abstract Aesthetics",
"email": "4bstractanimation@gmail.com"
},
"added": [
"src/components/customers-view/filter-product/price_filter.js"
],
"modified": [
"public/index.html",
"src/components/customers-view/filter-product/index.js",
"src/components/customers-view/populated-view/index.js",
"src/components/customers-view/single-product-card/index.js",
"src/components/customers-view/single-product-view/index.js"
],
"removed": [
]
}
],
"total_commits_count": 3,
"push_options": {
},
"repository": {
"name": "ucurs-default-shop",
"url": "git@gitlab.com:4bstractanimation/django-standard-shop.git",
"description": "",
"homepage": "https://gitlab.com/4bstractanimation/django-standard-shop",
"git_http_url": "https://gitlab.com/4bstractanimation/django-standard-shop.git",
"git_ssh_url": "git@gitlab.com:4bstractanimation/django-standard-shop.git",
"visibility_level": 0
}
}
当我尝试将 GitLab 连接到 jenkins 时。
我如何将 nginx 配置为也通过 ssl 为 jenkins 的 50000 端口提供服务 我的 docker compose 环境:
version: "3.4"
services:
# JENKINS
jenkins:
image: jenkins/jenkins:lts-jdk11
volumes:
- ${PWD}/Jenkins:/var/jenkins_home
# NGINX SERVER
nginx_server:
image: webdevops/php-nginx:7.3
volumes:
- ${PWD}/config/nginx/conf.d:/etc/nginx/conf.d
- ${PWD}/log/nginx:/var/log/nginx
- ${PWD}/../get-cert/data/certbot/conf:/certs
ports:
- 80:80 # app port
- 443:443
- 50000:50000
container_name: nginx_server
#####################################################
编辑 问题实际上是一般的 SSL,因为我尝试运行
curl jenkins.kryptohive.com
它给出了以下错误
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
我重新创建了 SSL 证书,但仍然是同样的错误,尽管在浏览器中它似乎验证了我的 ssl 证书
【问题讨论】:
-
问题实际上是 SSL,我编辑了帖子并添加了 curl 的日志,请再次查看
标签: docker nginx jenkins docker-compose gitlab