我有一个在 plesk 上运行的 docker Mercure 容器。但他没空。 现在我尝试手动加载 ssl 证书,但不幸的是这不起作用。 服务器仍尝试从颁发者处获取证书。
这是我的 docker 容器的变量
volumes:
/etc/caddy/Caddyfile : /var/www/vhosts/mydomain/mercureconfig/Caddyfile
/ssl : /usr/local/psa/var/certificates
Environment variables:
MERCURE_PUBLISHER_JWT_KEY: my_secret
MERCURE_SUBSCRIBER_JWT_KEY: my_secret
CORS_ALLOWED_ORIGINS: mydomain
MERCURE_EXTRA_DIRECTIVES: cors_origins my_domain
这是我的 Caddyfile
{
order mercure after encode
{$GLOBAL_OPTIONS}
}
{$CADDY_EXTRA_CONFIG}
{$SERVER_NAME:mydomain:port} {
tls /ssl/5snsn456 /ssl/5snsn456
}
encode zstd gzip
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
{$CADDY_SERVER_EXTRA_DIRECTIVES}
header / Content-Type "text/html; charset=utf-8"
respond / `<!DOCTYPE html>
<html lang=en>
<meta charset="utf-8">
<meta name="robots" content="noindex">
<title>Welcome to Mercure</title>
<h1>Welcome to Mercure</h1>
<p>The URL of your hub is <code>/.well-known/mercure</code>.
Read the documentation on <a href="https://mercure.rocks">Mercure.rocks, real-time apps made easy</a>.`
respond /healthz 200
respond "Not Found" 404
}
我现在有点远了,看来他接受了我的证书
{"level":"info","ts":1705198357.9011054,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1705198357.906006,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
{"level":"info","ts":1705198357.9332263,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1705198357.9337673,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000272200"}
{"level":"info","ts":1705198357.9525166,"logger":"http.auto_https","msg":"skipping automatic certificate management because one or more matching certificates are already loaded","domain":"mydomain","server_name":"srv0"}
{"level":"info","ts":1705198357.9525318,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1705198357.9552448,"logger":"http","msg":"enabling HTTP/3 listener","addr":":32779"}
{"level":"info","ts":1705198357.956028,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
{"level":"info","ts":1705198357.956899,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1705198357.9578297,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1705198357.9581263,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1705198357.9586885,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1705198357.9586966,"msg":"serving initial configuration"}
但是服务器仍然无法访问
解决方案是将服务器名称后面的端口更改为 Plesk 分配的第一个端口。
{$SERVER_NAME:plesk_server:first_assigned_port}