Редактировать # 3:
исправить, отключив FirewallD. Оказывается, из-за моего непонимания CentOS. Раньше у меня не было этой проблемы, потому что Alibaba Cloud решила, что лучше всего просто отключить firewalld.
Docker использует iptables, а CentOS имеет свою собственную версию iptables, которая называется firewalld, но что интересно, firewalld по-прежнему использует команду iptables для связи с хуками ядра netfilter.
$ systemctl stop firewalld
$ systemctl disable firewalld
$ systemctl mask firewalld
$ yum install iptables-services
Редактировать # 2:
Не следуйте этому быстрому исправлению
Это нарушило журнал IP-адресов прокси-сервера NGINX (вместо реального IP-адреса журнал NGINX 172.21.0.1).
тома / nginx / proxy.conf
proxy_set_header X-Real-IP $remote_addr;
Редактировать:
Быстрое исправление, как вы думаете?
$ firewall-cmd --zone=public --add-masquerade --permanent && firewall-cmd --reload
Эта проблема связана с дистрибутивом UpCloud centos 8.0.
Я новичок в UpCloud и Cloudflare. Я решил использовать Cloudflare вместо Alibaba Cloud DNS (высокая задержка замедляет TTFB) и планирую разместить небольшой проект с помощью UpCloud, потому что исходящие цены UpCloud в 10 раз дешевле, чем Alibaba Cloud, поэтому я могу обратиться к более мелким клиентам.
Я привык использовать Alibaba Cloud и их продукт DNS, и у меня не было этой проблемы, Ошибка ACME, раньше, поэтому я использую быстрое исправление, чтобы решить проблему с докером без пути к хосту.
Успех ACME Challenge
запрос ping из контейнера докеров
$ ping acme-v02.api.letsencrypt.org
ping: bad address 'acme-v02.api.letsencrypt.org'
$ ping google.com
ping: bad address 'google.com'
Ошибка ACME.
letsencrypt | An unexpected error occurred:
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
letsencrypt | conn = connection.create_connection(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
letsencrypt | for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
letsencrypt | File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
letsencrypt | for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
letsencrypt | socket.gaierror: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
letsencrypt | httplib_response = self._make_request(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
letsencrypt | self._validate_conn(conn)
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
letsencrypt | conn.connect()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 308, in connect
letsencrypt | conn = self._new_conn()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
letsencrypt | raise NewConnectionError(
letsencrypt | urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
letsencrypt | resp = conn.urlopen(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
letsencrypt | retries = retries.increment(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment
letsencrypt | raise MaxRetryError(_pool, url, error or ResponseError(cause))
letsencrypt | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt | Please see the logfiles in /var/log/letsencrypt for more details.
letsencrypt | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
Я не уверен, почему, но дистрибутив Centos от UpCloud ведет себя странно с Docker, я имею в виду, что контейнер Docker не может взаимодействовать между контейнером, хотя порт открыт или контейнер связан.
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 4 -i docker0 -j ACCEPT && firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=172.17.0.0/16 accept' && firewall-cmd --reload
sysctl net.bridge.bridge-nf-call-iptables=0
sysctl net.bridge.bridge-nf-call-arptables=0
sysctl net.bridge.bridge-nf-call-ip6tables=0
systemctl restart docker
ОПЕРАЦИОННЫЕ СИСТЕМЫ: Centos 8.0
Архитектура процессора: Я не уверена.
Как был установлен докер-сервис: https://github.com/jasononggo/docs/blob/master/DOCKER.md
Я изменил URL-адрес, DNSPLUGIN и параметр EMAIL. docker-compose.yml
letsencrypt | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
letsencrypt | [s6-init] ensuring user provided files have correct perms...exited 0.
letsencrypt | [fix-attrs.d] applying ownership & permissions fixes...
letsencrypt | [fix-attrs.d] done.
letsencrypt | [cont-init.d] executing container initialization scripts...
letsencrypt | [cont-init.d] 01-envfile: executing...
letsencrypt | [cont-init.d] 01-envfile: exited 0.
letsencrypt | [cont-init.d] 10-adduser: executing...
letsencrypt | usermod: no changes
letsencrypt |
letsencrypt | -------------------------------------
letsencrypt | _ ()
letsencrypt | | | ___ _ __
letsencrypt | | | / __| | | / \
letsencrypt | | | \__ \ | | | () |
letsencrypt | |_| |___/ |_| \__/
letsencrypt |
letsencrypt |
letsencrypt | Brought to you by linuxserver.io
letsencrypt | -------------------------------------
letsencrypt |
letsencrypt | To support the app dev(s) visit:
letsencrypt | Let's Encrypt: https://letsencrypt.org/donate/
letsencrypt |
letsencrypt | To support LSIO projects visit:
letsencrypt | https://www.linuxserver.io/donate/
letsencrypt | -------------------------------------
letsencrypt | GID/UID
letsencrypt | -------------------------------------
letsencrypt |
letsencrypt | User uid: 1000
letsencrypt | User gid: 1000
letsencrypt | -------------------------------------
letsencrypt |
letsencrypt | [cont-init.d] 10-adduser: exited 0.
letsencrypt | [cont-init.d] 20-config: executing...
letsencrypt | [cont-init.d] 20-config: exited 0.
letsencrypt | [cont-init.d] 30-keygen: executing...
letsencrypt | using keys found in /config/keys
letsencrypt | [cont-init.d] 30-keygen: exited 0.
letsencrypt | [cont-init.d] 50-config: executing...
letsencrypt | Variables set:
letsencrypt | PUID=1000
letsencrypt | PGID=1000
letsencrypt | TZ=UTC
letsencrypt | SUBDOMAINS=www,
letsencrypt | EXTRA_DOMAINS=
letsencrypt | ONLY_SUBDOMAINS=false
letsencrypt | DHLEVEL=4096
letsencrypt | VALIDATION=dns
letsencrypt | DNSPLUGIN=cloudflare
letsencrypt | STAGING=
letsencrypt |
letsencrypt | 4096 bit DH parameters present
letsencrypt | SUBDOMAINS entered, processing
letsencrypt | SUBDOMAINS entered, processing
letsencrypt | dns validation via cloudflare plugin is selected
letsencrypt | Generating new certificate
letsencrypt | Saving debug log to /var/log/letsencrypt/letsencrypt.log
letsencrypt | Plugins selected: Authenticator dns-cloudflare, Installer None
letsencrypt | An unexpected error occurred:
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
letsencrypt | conn = connection.create_connection(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
letsencrypt | for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
letsencrypt | File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
letsencrypt | for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
letsencrypt | socket.gaierror: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
letsencrypt | httplib_response = self._make_request(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
letsencrypt | self._validate_conn(conn)
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
letsencrypt | conn.connect()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 308, in connect
letsencrypt | conn = self._new_conn()
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
letsencrypt | raise NewConnectionError(
letsencrypt | urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | Traceback (most recent call last):
letsencrypt | File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
letsencrypt | resp = conn.urlopen(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
letsencrypt | retries = retries.increment(
letsencrypt | File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment
letsencrypt | raise MaxRetryError(_pool, url, error or ResponseError(cause))
letsencrypt | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt |
letsencrypt | During handling of the above exception, another exception occurred:
letsencrypt |
letsencrypt | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3c380fd730>: Failed to establish a new connection: [Errno -3] Try again'))
letsencrypt | Please see the logfiles in /var/log/letsencrypt for more details.
letsencrypt | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.
С уважением, Джейсон