Closed wanghaisheng closed 4 years ago
backend container sock is ok you can find here
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# curl --unix-socket /var/discourse/shared/bbs/nginx.http.sock http:/images/json<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8">
<title>Discourse</title>
<meta name="description" content="">
<meta name="generator" content="Discourse 2.4.0.beta9 - https://github.com/discourse/discourse version 86fb08d04a841b1967e2bb5ec879a07dc6210eee">
<link rel="icon" type="image/png" href="http://bbs.antivte.com/uploads/default/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_32x32.png">
<link rel="apple-touch-icon" type="image/png" href="http://bbs.antivte.com/uploads/default/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_180x180.png">
<meta name="theme-color" content="#ffffff">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, user-scalable=yes, viewport-fit=cover">
<script type="application/ld+json">{"@context":"http://schema.org","@type":"WebSite","url":"http://bbs.antivte.com","potentialAction":{"@type":"SearchAction","target":"http://bbs.antivte.com/search?q={search_term_string}","query-input":"required name=search_term_string"}}</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://bbs.antivte.com/opensearch.xml" title="Discourse Search">
<link href="/stylesheets/desktop_cf66a5b18273cc17f4c0a96847c93ecda0519dc8.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="desktop" data-theme-id="2"/>
<link href="/stylesheets/desktop_theme_2_1dbc8b6a9b9bc0ce8633dbac246d040d6b9e3f6d.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="desktop_theme" data-theme-id="2"/>
<link href="/stylesheets/discourse-details_cf66a5b18273cc17f4c0a96847c93ecda0519dc8.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="discourse-details" data-theme-id="2"/>
<link href="/stylesheets/discourse-local-dates_cf66a5b18273cc17f4c0a96847c93ecda0519dc8.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="discourse-local-dates" data-theme-id="2"/>
<link href="/stylesheets/discourse-presence_cf66a5b18273cc17f4c0a96847c93ecda0519dc8.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="discourse-presence" data-theme-id="2"/>
<link href="/stylesheets/lazy-yt_cf66a5b18273cc17f4c0a96847c93ecda0519dc8.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="lazy-yt" data-theme-id="2"/>
<link href="/stylesheets/poll_cf66a5b18273cc17f4c0a96847c93ecda0519dc8.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="poll" data-theme-id="2"/>
<link href="/stylesheets/poll_desktop_cf66a5b18273cc17f4c0a96847c93ecda0519dc8.css?__ws=bbs.antivte.com" media="all" rel="stylesheet" data-target="poll_desktop" data-theme-id="2"/>
</head>
<body >
<section id='main'>
<header class="d-header">
<div class="wrap">
<div class="contents">
<div class="header-row">
<div class="logo-wrapper">
<a href="/">
<img src="http://bbs.antivte.com/images/discourse-logo-sketch.png" alt="Discourse" id="site-logo">
</a>
</div>
<div class='auth-buttons'>
<a href="/signup" class='btn btn-primary btn-small signup-button'>Sign Up</a>
<a href="/login" class='btn btn-primary btn-small login-button btn-icon-text'><svg class="fa d-icon svg-icon svg-node" aria-hidden="true"><svg id="user" viewBox="0 0 448 512">
<path d="M224 256c70.7 0 128-57.3 128-128S294.7 0 224 0 96 57.3 96 128s57.3 128 128 128zm89.6 32h-16.7c-22.2 10.2-46.9 16-72.9 16s-50.6-5.8-72.9-16h-16.7C60.2 288 0 348.2 0 422.4V464c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48v-41.6c0-74.2-60.2-134.4-134.4-134.4z"/>
</svg></svg>
Log In</a>
</div>
</div>
</div>
</div>
</header>
<div id="main-outlet" class="wrap not-found-container">
<div class="page-not-found">
<h1 class="title">Oops! That page doesn’t exist or is private.</h1>
</div>
<div class="row page-not-found-topics">
<div class="popular-topics">
<h2 class="popular-topics-title">Popular</h2>
<a href="/top" class="btn btn-default">More…</a>
</div>
<div class="recent-topics">
<h2 class="recent-topics-title">Recent</h2>
<div class='not-found-topic'>
<a href="/t/welcome-to-discourse/7">Welcome to Discourse</a>
</div>
<a href="/latest" class="btn btn-default">More…</a>
</div>
</div>
<div class="row">
<div class="page-not-found-search">
<h2>Search this site</h2>
<p>
<form action='/search' id='discourse-search'>
<input type="text" name="q" value="">
<button class="btn btn-primary">Search</button>
</form>
</p>
</div>
</div>
<link rel="preload" href="/assets/onpopstate-handler-09bc9d995084d732c7f6dfaadcd21404e817fc736165b7b893bc2dd040749aae.js" as="script">
<script src="/assets/onpopstate-handler-09bc9d995084d732c7f6dfaadcd21404e817fc736165b7b893bc2dd040749aae.js"></script>
</div>
</section>
</body>
</html>
root@dock
[root@xxx ~]# netstat -lpan | grep :443
nothing shows
finally
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# lsof -iTCP -sTCP:LISTEN -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 981 root 3u IPv4 21114 0t0 TCP *:22 (LISTEN)
sshd 981 root 4u IPv6 21125 0t0 TCP *:22 (LISTEN)
nginx 19460 root 6u IPv4 27536672 0t0 TCP *:443 (LISTEN)
nginx 19460 root 7u IPv6 27536673 0t0 TCP *:80 (LISTEN)
nginx 19460 root 8u IPv4 27536674 0t0 TCP *:80 (LISTEN)
nginx 19461 nobody 6u IPv4 27536672 0t0 TCP *:443 (LISTEN)
nginx 19461 nobody 7u IPv6 27536673 0t0 TCP *:80 (LISTEN)
nginx 19461 nobody 8u IPv4 27536674 0t0 TCP *:80 (LISTEN)
v2ray 29208 root 3u IPv6 8935425 0t0 TCP *:46859 (LISTEN)
ssl-cert- 29777 root 3u IPv4 27268894 0t0 TCP localhost:8999 (LISTEN)
systemd-r 32370 systemd-resolve 13u IPv4 1523074 0t0 TCP localhost:53 (LISTEN)
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# curl -vvv https://128.199.246.56
result
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# curl -vvv https://128.199.246.56
* Rebuilt URL to: https://128.199.246.56/
* Trying 128.199.246.56...
* TCP_NODELAY set
* Connected to 128.199.246.56 (128.199.246.56) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
rerun
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# ./ssl-cert-server_0.2.0_linux_amd64 --listen=127.0.0.1:8999 \ --email=techempower@126.com \ --domain="bbs.antivte.com,ytb.antivte.com,cp.antivte.com,antivte.com" \ -force-rsa true
2019/12/25 01:48:28 start server listening on http://127.0.0.1:8999
2019/12/25 01:49:25 failed get certificate: domain= bbs.antivte.com err= 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
[20191224 17:49:25 127.0.0.1:40312] 500 GET /cert/bbs.antivte.com 1.275953137s
2019/12/25 01:49:26 failed get certificate: domain= bbs.antivte.com err= acme/autocert: missing certificate
[20191224 17:49:26 127.0.0.1:40316] 500 GET /cert/bbs.antivte.com 227.582µs
2019/12/25 01:49:26 failed get certificate: domain= bbs.antivte.com err= acme/autocert: missing certificate
[20191224 17:49:26 127.0.0.1:40318] 500 GET /cert/bbs.antivte.com 49.983µs
2019/12/25 01:49:26 failed get certificate: domain= bbs.antivte.com err= acme/autocert: missing certificate
[20191224 17:49:26 127.0.0.1:40320] 500 GET /cert/bbs.antivte.com 233.692µs
2019/12/25 01:49:43 failed get certificate: domain= bbs.antivte.com err= acme/autocert: missing certificate
[20191224 17:49:43 127.0.0.1:40324] 500 GET /cert/bbs.antivte.com 272.612µs
2019/12/25 01:50:24 failed get certificate: domain= bbs.antivte.com err= acme/autocert: missing certificate
[20191224 17:50:24 127.0.0.1:40328] 500 GET /cert/bbs.antivte.com 51.386µs
2019/12/25 01:50:24 failed get certificate: domain= bbs.antivte.com err= acme/autocert: missing certificate
[20191224 17:50:24 127.0.0.1:40330] 500 GET /cert/bbs.antivte.com 49.028µs
2019/12/25 01:50:26 failed get certificate: domain= bbs.antivte.com err= 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
[20191224 17:50:26 127.0.0.1:40334] 500 GET /cert/bbs.antivte.com 234.875032ms
2019/12/25 01:50:27 failed get certificate: domain= bbs.antivte.com err= acme/autocert: missing certificate
[20191224 17:50:27 127.0.0.1:40336] 500 GET /cert/bbs.antivte.com 47.629µs
latest error.log
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# cat logs/error.log
2019/12/25 13:35:19 [error] 7978#7978: *2 [lua] ssl-cert-server.lua:426: ssl_certificate(): bbs.antivte.com: bad HTTP status 500, context: ssl_certificate_by_lua*, client: 172.69.134.49, server: 0.0.0.0:443
2019/12/25 13:35:19 [error] 7978#7978: *5 [lua] ssl-cert-server.lua:426: ssl_certificate(): bbs.antivte.com: bad HTTP status 500, context: ssl_certificate_by_lua*, client: 172.69.134.49, server: 0.0.0.0:443
2019/12/25 13:35:24 [error] 7978#7978: *8 [lua] ssl-cert-server.lua:426: ssl_certificate(): bbs.antivte.com: bad HTTP status 500, context: ssl_certificate_by_lua*, client: 162.158.166.83, server: 0.0.0.0:443
2019/12/25 13:35:24 [error] 7978#7978: *11 [lua] ssl-cert-server.lua:426: ssl_certificate(): bbs.antivte.com: bad HTTP status 500, context: ssl_certificate_by_lua*, client: 162.158.166.83, server: 0.0.0.0:443
root@docker-
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# ./ssl-cert-server_0.2.0_linux_amd64 --listen=127.0.0.1:8999 \ --email=techempower@126.com \ --domain="bbs.antivte.com,ytb.antivte.com,cp.antivte.com,antivte.com" \ -force-rsa true
2019/12/25 13:34:29 start server listening on http://127.0.0.1:8999
2019/12/25 13:35:19 failed get certificate: domain= bbs.antivte.com err= 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
[20191225 05:35:19 127.0.0.1:34640] 500 GET /cert/bbs.antivte.com 1.17951156s
Sorry for the late reply, it looks like Let's Encrypt has disabled the v1 api, I will have a look of this some time later.
@wanghaisheng hello, I have updated the autocert dependency, which updates the client to support ACMEv2 protocol, the issue should be fixed. If you are still facing the problem, you may try the latest v0.3.0 release ~
thank you at last i give up using this great library
I have 3 docker container running website and listen unix sock instead of 80 port.but after run nginx ,still could not access https url in the browser,522 error
./ssl-cert-server_0.2.0_linux_amd64 --listen=127.0.0.1:8999 \ --email=techempower@126.com \ --domain="bbs.antivte.com,ytb.antivte.com,cp.antivte.com,antivte.com" \ -force-rsa true
conf is like this