[GH-ISSUE #197] docker 版本通过 watchtower 升级到 v2.0.0-beta4 后出现问题 #4538

New issue

Closed

opened 2026-03-01 15:34:04 +03:00 by kerem · 22 comments

kerem commented 2026-03-01 15:34:04 +03:00

Owner

Copy link

Originally created by @leic4u on GitHub (Nov 22, 2023).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/197

部署是用的 docker-compose.yml ，内容如下：

docker-compose.yml

version: '3.3'
services:
    nginx-ui:
        stdin_open: true
        tty: true
        container_name: nginx-ui
        restart: always
        environment:
            - TZ=Asia/Shanghai
        volumes:
            - './nginx:/etc/nginx'
            - './nginx-ui:/etc/nginx-ui'
            - './var/www:/var/www'
        network_mode: host
        image: 'uozi/nginx-ui:latest'

今天 watchtower 检测到 docker 版本有更新，自动更新了 nginx-ui 到 v2.0.0-beta4。
更新完后配置的站点都打不开了，检查日志如下：

日志详情

2023/11/22 16:40:30 [emerg] 9#9: cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file)
2023-11-22 16:40:32     INFO    server/server.go:20     Nginx config dir path: /etc/nginx

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[1.770ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="config_backups"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[1.289ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "config_backups" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.979ms] [rows:-] SELECT * FROM `config_backups` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.030ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "config_backups" AND name = "idx_config_backups_deleted_at"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.008ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="auths"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.040ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "auths" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.028ms] [rows:-] SELECT * FROM `auths` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.005ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "auths" AND name = "idx_auths_deleted_at"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="auth_tokens"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.030ms] [rows:1] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "auth_tokens" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.024ms] [rows:-] SELECT * FROM `auth_tokens` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="dns_credentials"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.034ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "dns_credentials" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.024ms] [rows:-] SELECT * FROM `dns_credentials` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.005ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "dns_credentials" AND name = "idx_dns_credentials_deleted_at"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.003ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="certs"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.033ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "certs" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.098ms] [rows:-] SELECT * FROM `certs` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.012ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "certs" AND name = "idx_certs_deleted_at"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.007ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="chat_gpt_logs"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.041ms] [rows:1] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "chat_gpt_logs" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.044ms] [rows:-] SELECT * FROM `chat_gpt_logs` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="sites"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.039ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "sites" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.062ms] [rows:-] SELECT * FROM `sites` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.010ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "sites" AND name = "idx_sites_deleted_at"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="environments"

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.040ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "environments" AND sql IS NOT NULL order by type = "table" desc

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.046ms] [rows:-] SELECT * FROM `environments` LIMIT 1

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65
[0.006ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "environments" AND name = "idx_environments_deleted_at"
2023-11-22 16:40:32     INFO    analytic/analytic.go:51 RecordServerAnalytic Started
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:   export GIN_MODE=release
 - using code:  gin.SetMode(gin.ReleaseMode)

[GIN-debug] GET    /api/install              --> github.com/0xJacky/Nginx-UI/server/api.InstallLockCheck (5 handlers)
[GIN-debug] POST   /api/install              --> github.com/0xJacky/Nginx-UI/server/api.InstallNginxUI (5 handlers)
[GIN-debug] POST   /api/login                --> github.com/0xJacky/Nginx-UI/server/api.Login (5 handlers)
[GIN-debug] DELETE /api/logout               --> github.com/0xJacky/Nginx-UI/server/api.Logout (5 handlers)
[GIN-debug] GET    /api/translation/:code    --> github.com/0xJacky/Nginx-UI/server/api.GetTranslation (5 handlers)
[GIN-debug] GET    /api/analytic             --> github.com/0xJacky/Nginx-UI/server/api.Analytic (7 handlers)
[GIN-debug] GET    /api/analytic/intro       --> github.com/0xJacky/Nginx-UI/server/api.GetNodeStat (7 handlers)
[GIN-debug] GET    /api/analytic/nodes       --> github.com/0xJacky/Nginx-UI/server/api.GetNodesAnalytic (7 handlers)
[GIN-debug] GET    /api/pty                  --> github.com/0xJacky/Nginx-UI/server/api.Pty (7 handlers)
[GIN-debug] GET    /api/nginx_log            --> github.com/0xJacky/Nginx-UI/server/api.NginxLog (7 handlers)
[GIN-debug] GET    /api/analytic/init        --> github.com/0xJacky/Nginx-UI/server/api.GetAnalyticInit (7 handlers)
[GIN-debug] GET    /api/users                --> github.com/0xJacky/Nginx-UI/server/api.GetUsers (7 handlers)
[GIN-debug] GET    /api/user/:id             --> github.com/0xJacky/Nginx-UI/server/api.GetUser (7 handlers)
[GIN-debug] POST   /api/user                 --> github.com/0xJacky/Nginx-UI/server/api.AddUser (7 handlers)
[GIN-debug] POST   /api/user/:id             --> github.com/0xJacky/Nginx-UI/server/api.EditUser (7 handlers)
[GIN-debug] DELETE /api/user/:id             --> github.com/0xJacky/Nginx-UI/server/api.DeleteUser (7 handlers)
[GIN-debug] GET    /api/domains              --> github.com/0xJacky/Nginx-UI/server/api.GetDomains (7 handlers)
[GIN-debug] GET    /api/domain/:name         --> github.com/0xJacky/Nginx-UI/server/api.GetDomain (7 handlers)
[GIN-debug] POST   /api/domain/:name         --> github.com/0xJacky/Nginx-UI/server/api.SaveDomain (7 handlers)
[GIN-debug] POST   /api/ngx/build_config     --> github.com/0xJacky/Nginx-UI/server/api.BuildNginxConfig (7 handlers)
[GIN-debug] POST   /api/ngx/tokenize_config  --> github.com/0xJacky/Nginx-UI/server/api.TokenizeNginxConfig (7 handlers)
[GIN-debug] POST   /api/ngx/format_code      --> github.com/0xJacky/Nginx-UI/server/api.FormatNginxConfig (7 handlers)
[GIN-debug] POST   /api/nginx/reload         --> github.com/0xJacky/Nginx-UI/server/api.ReloadNginx (7 handlers)
[GIN-debug] POST   /api/nginx/restart        --> github.com/0xJacky/Nginx-UI/server/api.RestartNginx (7 handlers)
[GIN-debug] POST   /api/nginx/test           --> github.com/0xJacky/Nginx-UI/server/api.TestNginx (7 handlers)
[GIN-debug] GET    /api/nginx/status         --> github.com/0xJacky/Nginx-UI/server/api.NginxStatus (7 handlers)
[GIN-debug] POST   /api/domain/:name/enable  --> github.com/0xJacky/Nginx-UI/server/api.EnableDomain (7 handlers)
[GIN-debug] POST   /api/domain/:name/disable --> github.com/0xJacky/Nginx-UI/server/api.DisableDomain (7 handlers)
[GIN-debug] POST   /api/domain/:name/advance --> github.com/0xJacky/Nginx-UI/server/api.DomainEditByAdvancedMode (7 handlers)
[GIN-debug] DELETE /api/domain/:name         --> github.com/0xJacky/Nginx-UI/server/api.DeleteDomain (7 handlers)
[GIN-debug] POST   /api/domain/:name/duplicate --> github.com/0xJacky/Nginx-UI/server/api.DuplicateSite (7 handlers)
[GIN-debug] GET    /api/domain/:name/cert    --> github.com/0xJacky/Nginx-UI/server/api.IssueCert (7 handlers)
[GIN-debug] GET    /api/configs              --> github.com/0xJacky/Nginx-UI/server/api.GetConfigs (7 handlers)
[GIN-debug] GET    /api/config/*name         --> github.com/0xJacky/Nginx-UI/server/api.GetConfig (7 handlers)
[GIN-debug] POST   /api/config               --> github.com/0xJacky/Nginx-UI/server/api.AddConfig (7 handlers)
[GIN-debug] POST   /api/config/*name         --> github.com/0xJacky/Nginx-UI/server/api.EditConfig (7 handlers)
[GIN-debug] GET    /api/template             --> github.com/0xJacky/Nginx-UI/server/api.GetTemplate (7 handlers)
[GIN-debug] GET    /api/template/configs     --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateConfList (7 handlers)
[GIN-debug] GET    /api/template/blocks      --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateBlockList (7 handlers)
[GIN-debug] GET    /api/template/block/:name --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateBlock (7 handlers)
[GIN-debug] POST   /api/template/block/:name --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateBlock (7 handlers)
[GIN-debug] GET    /api/certs                --> github.com/0xJacky/Nginx-UI/server/api.GetCertList (7 handlers)
[GIN-debug] GET    /api/cert/:id             --> github.com/0xJacky/Nginx-UI/server/api.GetCert (7 handlers)
[GIN-debug] POST   /api/cert                 --> github.com/0xJacky/Nginx-UI/server/api.AddCert (7 handlers)
[GIN-debug] POST   /api/cert/:id             --> github.com/0xJacky/Nginx-UI/server/api.ModifyCert (7 handlers)
[GIN-debug] DELETE /api/cert/:id             --> github.com/0xJacky/Nginx-UI/server/api.RemoveCert (7 handlers)
[GIN-debug] POST   /api/auto_cert/:name      --> github.com/0xJacky/Nginx-UI/server/api.AddDomainToAutoCert (7 handlers)
[GIN-debug] DELETE /api/auto_cert/:name      --> github.com/0xJacky/Nginx-UI/server/api.RemoveDomainFromAutoCert (7 handlers)
[GIN-debug] GET    /api/auto_cert/dns/providers --> github.com/0xJacky/Nginx-UI/server/api.GetDNSProvidersList (7 handlers)
[GIN-debug] GET    /api/auto_cert/dns/provider/:code --> github.com/0xJacky/Nginx-UI/server/api.GetDNSProvider (7 handlers)
[GIN-debug] GET    /api/dns_credentials      --> github.com/0xJacky/Nginx-UI/server/api.GetDnsCredentialList (7 handlers)
[GIN-debug] GET    /api/dns_credential/:id   --> github.com/0xJacky/Nginx-UI/server/api.GetDnsCredential (7 handlers)
[GIN-debug] POST   /api/dns_credential       --> github.com/0xJacky/Nginx-UI/server/api.AddDnsCredential (7 handlers)
[GIN-debug] POST   /api/dns_credential/:id   --> github.com/0xJacky/Nginx-UI/server/api.EditDnsCredential (7 handlers)
[GIN-debug] DELETE /api/dns_credential/:id   --> github.com/0xJacky/Nginx-UI/server/api.DeleteDnsCredential (7 handlers)
[GIN-debug] POST   /api/nginx_log            --> github.com/0xJacky/Nginx-UI/server/api.GetNginxLogPage (7 handlers)
[GIN-debug] GET    /api/settings             --> github.com/0xJacky/Nginx-UI/server/api.GetSettings (7 handlers)
[GIN-debug] POST   /api/settings             --> github.com/0xJacky/Nginx-UI/server/api.SaveSettings (7 handlers)
[GIN-debug] GET    /api/upgrade/release      --> github.com/0xJacky/Nginx-UI/server/api.GetRelease (7 handlers)
[GIN-debug] GET    /api/upgrade/current      --> github.com/0xJacky/Nginx-UI/server/api.GetCurrentVersion (7 handlers)
[GIN-debug] GET    /api/upgrade/perform      --> github.com/0xJacky/Nginx-UI/server/api.PerformCoreUpgrade (7 handlers)
[GIN-debug] POST   /api/chat_gpt             --> github.com/0xJacky/Nginx-UI/server/api.MakeChatCompletionRequest (7 handlers)
[GIN-debug] POST   /api/chat_gpt_record      --> github.com/0xJacky/Nginx-UI/server/api.StoreChatGPTRecord (7 handlers)
[GIN-debug] GET    /api/environments         --> github.com/0xJacky/Nginx-UI/server/api.GetEnvironmentList (7 handlers)
[GIN-debug] GET    /api/environment/:id      --> github.com/0xJacky/Nginx-UI/server/api.GetEnvironment (7 handlers)
[GIN-debug] POST   /api/environment          --> github.com/0xJacky/Nginx-UI/server/api.AddEnvironment (7 handlers)
[GIN-debug] POST   /api/environment/:id      --> github.com/0xJacky/Nginx-UI/server/api.EditEnvironment (7 handlers)
[GIN-debug] DELETE /api/environment/:id      --> github.com/0xJacky/Nginx-UI/server/api.DeleteEnvironment (7 handlers)
[GIN-debug] GET    /api/node                 --> github.com/0xJacky/Nginx-UI/server/api.GetCurrentNode (7 handlers)
2023-11-22 16:40:32     INFO    cert/auto_cert.go:65    AutoCert Worker Started

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/query/environments.gen.go:295
[3.543ms] [rows:0] SELECT * FROM `environments` WHERE `environments`.`deleted_at` IS NULL

2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/cert.go:52
[3.492ms] [rows:9] SELECT * FROM `certs` WHERE `auto_cert` = 1 AND `certs`.`deleted_at` IS NULL
2023-11-22 16:40:32     INFO    cert/auto_cert.go:127   AutoCert Worker End
[GIN] 2023/11/22 - 16:40:32 | 200 |    1.438489ms |   114.114.123.321 | GET      "/"
[GIN] 2023/11/22 - 16:40:33 | 200 |      41.921µs |   114.114.123.321 | GET      "/assets/index-771398e6.css"
[GIN] 2023/11/22 - 16:40:33 | 200 |     292.681µs |   114.114.123.321 | GET      "/assets/BaseLayout-60c22589.css"
[GIN] 2023/11/22 - 16:40:33 | 200 |     633.564µs |   114.114.123.321 | GET      "/assets/Upgrade-866dccba.css"

2023/11/22 16:40:34 /home/runner/work/nginx-ui/nginx-ui/server/model/auth.go:56
[0.272ms] [rows:1] SELECT * FROM `auth_tokens` WHERE token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYXJtLW5naW54LXVpIiwiZXhwIjoxNzAwNzI4NTg4fQ.STzvV0GRL6LL9au4GaKvVH7jTqNGMtd0yVkW1kIDdjU"
[GIN] 2023/11/22 - 16:40:34 | 200 |     567.963µs |   114.114.123.321 | GET      "/favicon.ico"
[GIN] 2023/11/22 - 16:40:34 | 200 |  412.948473ms |   114.114.123.321 | GET      "/api/upgrade/release?channel=stable"

2023/11/22 16:40:39 /home/runner/work/nginx-ui/nginx-ui/server/model/auth.go:56
[0.439ms] [rows:1] SELECT * FROM `auth_tokens` WHERE token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYXJtLW5naW54LXVpIiwiZXhwIjoxNzAwNzI4NTg4fQ.STzvV0GRL6LL9au4GaKvVH7jTqNGMtd0yVkW1kIDdjU"
[GIN] 2023/11/22 - 16:40:40 | 200 |  690.736937ms |   114.114.123.321 | GET      "/api/upgrade/release?channel=prerelease"
[GIN] 2023/11/22 - 16:41:03 | 200 |     641.364µs |   114.114.123.321 | GET      "/assets/NginxLog-1a913bfe.css"
[GIN] 2023/11/22 - 16:41:03 | 200 |        67.2µs |   114.114.123.321 | GET      "/assets/FooterToolBar-3442f017.css"
[GIN] 2023/11/22 - 16:41:03 | 200 |       115.8µs |   114.114.123.321 | GET      "/"
[GIN] 2023/11/22 - 16:41:03 | 200 |      75.481µs |   114.114.123.321 | GET      "/"
[GIN] 2023/11/22 - 16:41:04 | 200 |      52.481µs |   114.114.123.321 | GET      "/"
[GIN] 2023/11/22 - 16:42:41 | 200 |    1.388768ms |   114.114.123.321 | GET      "/assets/About-9c50bac5.css"
[GIN] 2023/11/22 - 16:42:42 | 200 |     531.643µs |   114.114.123.321 | GET      "/assets/Preference-9ccc1608.js"
[GIN] 2023/11/22 - 16:42:42 | 200 |       33.96µs |   114.114.123.321 | GET      "/assets/Preference-e65ae7c5.css"
[GIN] 2023/11/22 - 16:42:46 | 200 |       56.52µs |   114.114.123.321 | GET      "/assets/StdCurd-cdc48ea2.css"
[GIN] 2023/11/22 - 16:42:46 | 200 |       46.84µs |   114.114.123.321 | GET      "/assets/User-dde51eb1.js"
[GIN] 2023/11/22 - 16:42:46 | 200 |        21.4µs |   114.114.123.321 | GET      "/assets/StdTable-e5572f7a.css"

其中第一条里面的 abc.xyz.fullchain.cer 是之前用 acme.sh 手动申请的证书。
部署本项目后 cp 到 /etc/nginx/ssl 目录下用了几天时间，在 2023/11/19 过期，我就把这个证书删除了。
然后我在站点管理中，把每一个站点配置都点了一下申请证书并且成功了，今天更新之前都是正常运行可以访问的。

站点管理编辑页面

证书列表

此时的现象就是：

上面配置的所有站点，都无法通过域名访问。但可以通过 ip:port 访问到 nginx-ui 面板。
打开 nginx-ui 的部分页面时会一直加载，加载不出来。
docker restart 也试过，没用。
看起来像是 nginx 没有启动的样子。
不过忘了截图了。

我看到 docker 部署手册上有一句：
When using this container for the first time, ensure that the volume mapped to /etc/nginx is empty.
个人猜测是不是 watchtower 更新时，nginx-ui 认为是一次全新安装，而 /etc/nginx 这个文件夹下又有东西了，导致了容器出问题。

敬请排查，如需要其他信息，请告知我。

感谢开发者。

Originally created by @leic4u on GitHub (Nov 22, 2023). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/197 部署是用的 docker-compose.yml ，内容如下： <details> <summary>docker-compose.yml</summary> ``` version: '3.3' services: nginx-ui: stdin_open: true tty: true container_name: nginx-ui restart: always environment: - TZ=Asia/Shanghai volumes: - './nginx:/etc/nginx' - './nginx-ui:/etc/nginx-ui' - './var/www:/var/www' network_mode: host image: 'uozi/nginx-ui:latest' ``` </details> 今天 watchtower 检测到 docker 版本有更新，自动更新了 nginx-ui 到 v2.0.0-beta4。 更新完后配置的站点都打不开了，检查日志如下： <details> <summary>日志详情</summary> ``` 2023/11/22 16:40:30 [emerg] 9#9: cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file) 2023-11-22 16:40:32 INFO server/server.go:20 Nginx config dir path: /etc/nginx 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [1.770ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="config_backups" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [1.289ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "config_backups" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.979ms] [rows:-] SELECT * FROM `config_backups` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.030ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "config_backups" AND name = "idx_config_backups_deleted_at" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.008ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="auths" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.040ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "auths" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.028ms] [rows:-] SELECT * FROM `auths` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.005ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "auths" AND name = "idx_auths_deleted_at" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="auth_tokens" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.030ms] [rows:1] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "auth_tokens" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.024ms] [rows:-] SELECT * FROM `auth_tokens` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="dns_credentials" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.034ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "dns_credentials" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.024ms] [rows:-] SELECT * FROM `dns_credentials` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.005ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "dns_credentials" AND name = "idx_dns_credentials_deleted_at" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.003ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="certs" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.033ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "certs" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.098ms] [rows:-] SELECT * FROM `certs` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.012ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "certs" AND name = "idx_certs_deleted_at" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.007ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="chat_gpt_logs" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.041ms] [rows:1] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "chat_gpt_logs" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.044ms] [rows:-] SELECT * FROM `chat_gpt_logs` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="sites" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.039ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "sites" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.062ms] [rows:-] SELECT * FROM `sites` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.010ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "sites" AND name = "idx_sites_deleted_at" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.004ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type='table' AND name="environments" 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.040ms] [rows:2] SELECT sql FROM sqlite_master WHERE type IN ("table","index") AND tbl_name = "environments" AND sql IS NOT NULL order by type = "table" desc 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.046ms] [rows:-] SELECT * FROM `environments` LIMIT 1 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/model.go:65 [0.006ms] [rows:-] SELECT count(*) FROM sqlite_master WHERE type = "index" AND tbl_name = "environments" AND name = "idx_environments_deleted_at" 2023-11-22 16:40:32 INFO analytic/analytic.go:51 RecordServerAnalytic Started [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production. - using env: export GIN_MODE=release - using code: gin.SetMode(gin.ReleaseMode) [GIN-debug] GET /api/install --> github.com/0xJacky/Nginx-UI/server/api.InstallLockCheck (5 handlers) [GIN-debug] POST /api/install --> github.com/0xJacky/Nginx-UI/server/api.InstallNginxUI (5 handlers) [GIN-debug] POST /api/login --> github.com/0xJacky/Nginx-UI/server/api.Login (5 handlers) [GIN-debug] DELETE /api/logout --> github.com/0xJacky/Nginx-UI/server/api.Logout (5 handlers) [GIN-debug] GET /api/translation/:code --> github.com/0xJacky/Nginx-UI/server/api.GetTranslation (5 handlers) [GIN-debug] GET /api/analytic --> github.com/0xJacky/Nginx-UI/server/api.Analytic (7 handlers) [GIN-debug] GET /api/analytic/intro --> github.com/0xJacky/Nginx-UI/server/api.GetNodeStat (7 handlers) [GIN-debug] GET /api/analytic/nodes --> github.com/0xJacky/Nginx-UI/server/api.GetNodesAnalytic (7 handlers) [GIN-debug] GET /api/pty --> github.com/0xJacky/Nginx-UI/server/api.Pty (7 handlers) [GIN-debug] GET /api/nginx_log --> github.com/0xJacky/Nginx-UI/server/api.NginxLog (7 handlers) [GIN-debug] GET /api/analytic/init --> github.com/0xJacky/Nginx-UI/server/api.GetAnalyticInit (7 handlers) [GIN-debug] GET /api/users --> github.com/0xJacky/Nginx-UI/server/api.GetUsers (7 handlers) [GIN-debug] GET /api/user/:id --> github.com/0xJacky/Nginx-UI/server/api.GetUser (7 handlers) [GIN-debug] POST /api/user --> github.com/0xJacky/Nginx-UI/server/api.AddUser (7 handlers) [GIN-debug] POST /api/user/:id --> github.com/0xJacky/Nginx-UI/server/api.EditUser (7 handlers) [GIN-debug] DELETE /api/user/:id --> github.com/0xJacky/Nginx-UI/server/api.DeleteUser (7 handlers) [GIN-debug] GET /api/domains --> github.com/0xJacky/Nginx-UI/server/api.GetDomains (7 handlers) [GIN-debug] GET /api/domain/:name --> github.com/0xJacky/Nginx-UI/server/api.GetDomain (7 handlers) [GIN-debug] POST /api/domain/:name --> github.com/0xJacky/Nginx-UI/server/api.SaveDomain (7 handlers) [GIN-debug] POST /api/ngx/build_config --> github.com/0xJacky/Nginx-UI/server/api.BuildNginxConfig (7 handlers) [GIN-debug] POST /api/ngx/tokenize_config --> github.com/0xJacky/Nginx-UI/server/api.TokenizeNginxConfig (7 handlers) [GIN-debug] POST /api/ngx/format_code --> github.com/0xJacky/Nginx-UI/server/api.FormatNginxConfig (7 handlers) [GIN-debug] POST /api/nginx/reload --> github.com/0xJacky/Nginx-UI/server/api.ReloadNginx (7 handlers) [GIN-debug] POST /api/nginx/restart --> github.com/0xJacky/Nginx-UI/server/api.RestartNginx (7 handlers) [GIN-debug] POST /api/nginx/test --> github.com/0xJacky/Nginx-UI/server/api.TestNginx (7 handlers) [GIN-debug] GET /api/nginx/status --> github.com/0xJacky/Nginx-UI/server/api.NginxStatus (7 handlers) [GIN-debug] POST /api/domain/:name/enable --> github.com/0xJacky/Nginx-UI/server/api.EnableDomain (7 handlers) [GIN-debug] POST /api/domain/:name/disable --> github.com/0xJacky/Nginx-UI/server/api.DisableDomain (7 handlers) [GIN-debug] POST /api/domain/:name/advance --> github.com/0xJacky/Nginx-UI/server/api.DomainEditByAdvancedMode (7 handlers) [GIN-debug] DELETE /api/domain/:name --> github.com/0xJacky/Nginx-UI/server/api.DeleteDomain (7 handlers) [GIN-debug] POST /api/domain/:name/duplicate --> github.com/0xJacky/Nginx-UI/server/api.DuplicateSite (7 handlers) [GIN-debug] GET /api/domain/:name/cert --> github.com/0xJacky/Nginx-UI/server/api.IssueCert (7 handlers) [GIN-debug] GET /api/configs --> github.com/0xJacky/Nginx-UI/server/api.GetConfigs (7 handlers) [GIN-debug] GET /api/config/*name --> github.com/0xJacky/Nginx-UI/server/api.GetConfig (7 handlers) [GIN-debug] POST /api/config --> github.com/0xJacky/Nginx-UI/server/api.AddConfig (7 handlers) [GIN-debug] POST /api/config/*name --> github.com/0xJacky/Nginx-UI/server/api.EditConfig (7 handlers) [GIN-debug] GET /api/template --> github.com/0xJacky/Nginx-UI/server/api.GetTemplate (7 handlers) [GIN-debug] GET /api/template/configs --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateConfList (7 handlers) [GIN-debug] GET /api/template/blocks --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateBlockList (7 handlers) [GIN-debug] GET /api/template/block/:name --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateBlock (7 handlers) [GIN-debug] POST /api/template/block/:name --> github.com/0xJacky/Nginx-UI/server/api.GetTemplateBlock (7 handlers) [GIN-debug] GET /api/certs --> github.com/0xJacky/Nginx-UI/server/api.GetCertList (7 handlers) [GIN-debug] GET /api/cert/:id --> github.com/0xJacky/Nginx-UI/server/api.GetCert (7 handlers) [GIN-debug] POST /api/cert --> github.com/0xJacky/Nginx-UI/server/api.AddCert (7 handlers) [GIN-debug] POST /api/cert/:id --> github.com/0xJacky/Nginx-UI/server/api.ModifyCert (7 handlers) [GIN-debug] DELETE /api/cert/:id --> github.com/0xJacky/Nginx-UI/server/api.RemoveCert (7 handlers) [GIN-debug] POST /api/auto_cert/:name --> github.com/0xJacky/Nginx-UI/server/api.AddDomainToAutoCert (7 handlers) [GIN-debug] DELETE /api/auto_cert/:name --> github.com/0xJacky/Nginx-UI/server/api.RemoveDomainFromAutoCert (7 handlers) [GIN-debug] GET /api/auto_cert/dns/providers --> github.com/0xJacky/Nginx-UI/server/api.GetDNSProvidersList (7 handlers) [GIN-debug] GET /api/auto_cert/dns/provider/:code --> github.com/0xJacky/Nginx-UI/server/api.GetDNSProvider (7 handlers) [GIN-debug] GET /api/dns_credentials --> github.com/0xJacky/Nginx-UI/server/api.GetDnsCredentialList (7 handlers) [GIN-debug] GET /api/dns_credential/:id --> github.com/0xJacky/Nginx-UI/server/api.GetDnsCredential (7 handlers) [GIN-debug] POST /api/dns_credential --> github.com/0xJacky/Nginx-UI/server/api.AddDnsCredential (7 handlers) [GIN-debug] POST /api/dns_credential/:id --> github.com/0xJacky/Nginx-UI/server/api.EditDnsCredential (7 handlers) [GIN-debug] DELETE /api/dns_credential/:id --> github.com/0xJacky/Nginx-UI/server/api.DeleteDnsCredential (7 handlers) [GIN-debug] POST /api/nginx_log --> github.com/0xJacky/Nginx-UI/server/api.GetNginxLogPage (7 handlers) [GIN-debug] GET /api/settings --> github.com/0xJacky/Nginx-UI/server/api.GetSettings (7 handlers) [GIN-debug] POST /api/settings --> github.com/0xJacky/Nginx-UI/server/api.SaveSettings (7 handlers) [GIN-debug] GET /api/upgrade/release --> github.com/0xJacky/Nginx-UI/server/api.GetRelease (7 handlers) [GIN-debug] GET /api/upgrade/current --> github.com/0xJacky/Nginx-UI/server/api.GetCurrentVersion (7 handlers) [GIN-debug] GET /api/upgrade/perform --> github.com/0xJacky/Nginx-UI/server/api.PerformCoreUpgrade (7 handlers) [GIN-debug] POST /api/chat_gpt --> github.com/0xJacky/Nginx-UI/server/api.MakeChatCompletionRequest (7 handlers) [GIN-debug] POST /api/chat_gpt_record --> github.com/0xJacky/Nginx-UI/server/api.StoreChatGPTRecord (7 handlers) [GIN-debug] GET /api/environments --> github.com/0xJacky/Nginx-UI/server/api.GetEnvironmentList (7 handlers) [GIN-debug] GET /api/environment/:id --> github.com/0xJacky/Nginx-UI/server/api.GetEnvironment (7 handlers) [GIN-debug] POST /api/environment --> github.com/0xJacky/Nginx-UI/server/api.AddEnvironment (7 handlers) [GIN-debug] POST /api/environment/:id --> github.com/0xJacky/Nginx-UI/server/api.EditEnvironment (7 handlers) [GIN-debug] DELETE /api/environment/:id --> github.com/0xJacky/Nginx-UI/server/api.DeleteEnvironment (7 handlers) [GIN-debug] GET /api/node --> github.com/0xJacky/Nginx-UI/server/api.GetCurrentNode (7 handlers) 2023-11-22 16:40:32 INFO cert/auto_cert.go:65 AutoCert Worker Started 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/query/environments.gen.go:295 [3.543ms] [rows:0] SELECT * FROM `environments` WHERE `environments`.`deleted_at` IS NULL 2023/11/22 16:40:32 /home/runner/work/nginx-ui/nginx-ui/server/model/cert.go:52 [3.492ms] [rows:9] SELECT * FROM `certs` WHERE `auto_cert` = 1 AND `certs`.`deleted_at` IS NULL 2023-11-22 16:40:32 INFO cert/auto_cert.go:127 AutoCert Worker End [GIN] 2023/11/22 - 16:40:32 | 200 | 1.438489ms | 114.114.123.321 | GET "/" [GIN] 2023/11/22 - 16:40:33 | 200 | 41.921µs | 114.114.123.321 | GET "/assets/index-771398e6.css" [GIN] 2023/11/22 - 16:40:33 | 200 | 292.681µs | 114.114.123.321 | GET "/assets/BaseLayout-60c22589.css" [GIN] 2023/11/22 - 16:40:33 | 200 | 633.564µs | 114.114.123.321 | GET "/assets/Upgrade-866dccba.css" 2023/11/22 16:40:34 /home/runner/work/nginx-ui/nginx-ui/server/model/auth.go:56 [0.272ms] [rows:1] SELECT * FROM `auth_tokens` WHERE token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYXJtLW5naW54LXVpIiwiZXhwIjoxNzAwNzI4NTg4fQ.STzvV0GRL6LL9au4GaKvVH7jTqNGMtd0yVkW1kIDdjU" [GIN] 2023/11/22 - 16:40:34 | 200 | 567.963µs | 114.114.123.321 | GET "/favicon.ico" [GIN] 2023/11/22 - 16:40:34 | 200 | 412.948473ms | 114.114.123.321 | GET "/api/upgrade/release?channel=stable" 2023/11/22 16:40:39 /home/runner/work/nginx-ui/nginx-ui/server/model/auth.go:56 [0.439ms] [rows:1] SELECT * FROM `auth_tokens` WHERE token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYXJtLW5naW54LXVpIiwiZXhwIjoxNzAwNzI4NTg4fQ.STzvV0GRL6LL9au4GaKvVH7jTqNGMtd0yVkW1kIDdjU" [GIN] 2023/11/22 - 16:40:40 | 200 | 690.736937ms | 114.114.123.321 | GET "/api/upgrade/release?channel=prerelease" [GIN] 2023/11/22 - 16:41:03 | 200 | 641.364µs | 114.114.123.321 | GET "/assets/NginxLog-1a913bfe.css" [GIN] 2023/11/22 - 16:41:03 | 200 | 67.2µs | 114.114.123.321 | GET "/assets/FooterToolBar-3442f017.css" [GIN] 2023/11/22 - 16:41:03 | 200 | 115.8µs | 114.114.123.321 | GET "/" [GIN] 2023/11/22 - 16:41:03 | 200 | 75.481µs | 114.114.123.321 | GET "/" [GIN] 2023/11/22 - 16:41:04 | 200 | 52.481µs | 114.114.123.321 | GET "/" [GIN] 2023/11/22 - 16:42:41 | 200 | 1.388768ms | 114.114.123.321 | GET "/assets/About-9c50bac5.css" [GIN] 2023/11/22 - 16:42:42 | 200 | 531.643µs | 114.114.123.321 | GET "/assets/Preference-9ccc1608.js" [GIN] 2023/11/22 - 16:42:42 | 200 | 33.96µs | 114.114.123.321 | GET "/assets/Preference-e65ae7c5.css" [GIN] 2023/11/22 - 16:42:46 | 200 | 56.52µs | 114.114.123.321 | GET "/assets/StdCurd-cdc48ea2.css" [GIN] 2023/11/22 - 16:42:46 | 200 | 46.84µs | 114.114.123.321 | GET "/assets/User-dde51eb1.js" [GIN] 2023/11/22 - 16:42:46 | 200 | 21.4µs | 114.114.123.321 | GET "/assets/StdTable-e5572f7a.css" ``` </details> 其中第一条里面的 `abc.xyz.fullchain.cer` 是之前用 acme.sh 手动申请的证书。 部署本项目后 cp 到 `/etc/nginx/ssl` 目录下用了几天时间，在 2023/11/19 过期，我就把这个证书删除了。 然后我在站点管理中，把每一个站点配置都点了一下申请证书并且成功了，今天更新之前都是正常运行可以访问的。 <details> <summary>站点管理编辑页面</summary> <img src=https://github.com/0xJacky/nginx-ui/assets/32786903/bc137084-95bc-4bfa-a65d-dd977a5c23a5> </details> <details> <summary>证书列表</summary> <img src=https://github.com/0xJacky/nginx-ui/assets/32786903/25c30529-1215-4a6e-a44b-2a74f132bace> </details> ### 此时的现象就是： 上面配置的所有站点，都无法通过域名访问。但可以通过 `ip:port` 访问到 nginx-ui 面板。 打开 nginx-ui 的部分页面时会一直加载，加载不出来。 docker restart 也试过，没用。 看起来像是 nginx 没有启动的样子。 不过忘了截图了。 我看到 docker 部署手册上有一句： `When using this container for the first time, ensure that the volume mapped to /etc/nginx is empty.` 个人猜测是不是 watchtower 更新时，nginx-ui 认为是一次全新安装，而 `/etc/nginx` 这个文件夹下又有东西了，导致了容器出问题。 敬请排查，如需要其他信息，请告知我。 感谢开发者。

kerem 2026-03-01 15:34:04 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-01 15:34:04 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

not nginx-ui's problem

<!-- gh-comment-id:1822900436 --> @leic4u commented on GitHub (Nov 22, 2023): not nginx-ui's problem

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

我看你的 docker-composer.yaml 里用了相对路径做映射，是不是因为 watchtower 执行更新的时候，执行的目录并不在你原来目录，所以出现了这个问题

<!-- gh-comment-id:1822910242 --> @0xJacky commented on GitHub (Nov 22, 2023): 我看你的 docker-composer.yaml 里用了相对路径做映射，是不是因为 watchtower 执行更新的时候，执行的目录并不在你原来目录，所以出现了这个问题

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

我看你的 docker-composer.yaml 里用了相对路径做映射，是不是因为 watchtower 执行更新的时候，执行的目录并不在你原来目录，所以出现了这个问题

我也怀疑是 watchtower 的问题，所以自己手动执行了一遍 docker compose up -d ，也还是一样不行。
我马上再把 docker-compose.yml 改成绝对路径试试。

<!-- gh-comment-id:1822926355 --> @leic4u commented on GitHub (Nov 22, 2023): > 我看你的 docker-composer.yaml 里用了相对路径做映射，是不是因为 watchtower 执行更新的时候，执行的目录并不在你原来目录，所以出现了这个问题 我也怀疑是 watchtower 的问题，所以自己手动执行了一遍 docker compose up -d ，也还是一样不行。 我马上再把 docker-compose.yml 改成绝对路径试试。

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

试了，把 docker-compose.yml 修改如下：

version: '3.3'
services:
    nginx-ui:
        stdin_open: true
        tty: true
        container_name: nginx-ui
        restart: always
        environment:
            - TZ=Asia/Shanghai
        volumes:
            - '/root/nginx-ui/nginx:/etc/nginx'
            - '/root/nginx-ui/nginx-ui:/etc/nginx-ui'
            - '/root/nginx-ui/var/www:/var/www'
        network_mode: host
        image: 'uozi/nginx-ui:latest'

然后
docker stop nginx-ui

docker rm nginx-ui

docker compose up -d

还是一样，启用/禁用还是报错，访问站点还是证书过期。

而且其他容器的 compose 文件我也是用的相对路径，watchtower 更新都是 OK 的，我感觉应该不是它的原因。

<!-- gh-comment-id:1822943553 --> @leic4u commented on GitHub (Nov 22, 2023): 试了，把 docker-compose.yml 修改如下： ``` version: '3.3' services: nginx-ui: stdin_open: true tty: true container_name: nginx-ui restart: always environment: - TZ=Asia/Shanghai volumes: - '/root/nginx-ui/nginx:/etc/nginx' - '/root/nginx-ui/nginx-ui:/etc/nginx-ui' - '/root/nginx-ui/var/www:/var/www' network_mode: host image: 'uozi/nginx-ui:latest' ``` 然后 `docker stop nginx-ui` `docker rm nginx-ui` `docker compose up -d` 还是一样，启用/禁用还是报错，访问站点还是证书过期。 而且其他容器的 compose 文件我也是用的相对路径，watchtower 更新都是 OK 的，我感觉应该不是它的原因。

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

我注意到 nginx: [emerg] cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file)

请先把相关配置文件禁用，正常启动 Nginx 再试试

<!-- gh-comment-id:1823009242 --> @0xJacky commented on GitHub (Nov 22, 2023): 我注意到 nginx: [emerg] cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file) 请先把相关配置文件禁用，正常启动 Nginx 再试试

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

得全部禁用😂，之前那个是通配符证书。
又手动点了一遍。。。后面考虑搞个多选操作不？

禁用完了我执行 docker restart nginx-ui ，再来启用时还是报错，好像并没有解决问题。

我尝试了下把配置里面的证书路径删掉，保存，也报错（但实际成功了，刷新页面可以看到没有路径了）。

然后重新申请证书，也申请不了。因为 nginx 没有启动起来。

<!-- gh-comment-id:1823028883 --> @leic4u commented on GitHub (Nov 22, 2023):   得全部禁用😂，之前那个是通配符证书。 又手动点了一遍。。。后面考虑搞个多选操作不？ 禁用完了我执行 docker restart nginx-ui ，再来启用时还是报错，好像并没有解决问题。 我尝试了下把配置里面的证书路径删掉，保存，也报错（但实际成功了，刷新页面可以看到没有路径了）。 然后重新申请证书，也申请不了。因为 nginx 没有启动起来。

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

神了，刚刚操作了下申请证书，证书列表就只剩这一个了。（同一个配置的，我为了避免重复，改了下配置名称）

但是文件夹里是全都在的：

<!-- gh-comment-id:1823036687 --> @leic4u commented on GitHub (Nov 22, 2023): 神了，刚刚操作了下申请证书，证书列表就只剩这一个了。（同一个配置的，我为了避免重复，改了下配置名称）  但是文件夹里是全都在的： 

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

得全部禁用😂，之前那个是通配符证书。 又手动点了一遍。。。后面考虑搞个多选操作不？

禁用完了我执行 docker restart nginx-ui ，再来启用时还是报错，好像并没有解决问题。

我尝试了下把配置里面的证书路径删掉，保存，也报错（但实际成功了，刷新页面可以看到没有路径了）。

然后重新申请证书，也申请不了。

正在获取证书，请稍等...

正在生成私钥用于注册账户

正在准备 Lego 的配置

正在创建客户端用于与 CA 服务器通信

使用 HTTP01 challenge provider

正在注册用户

2023/11/22 23:48:57 [INFO] acme: Registering account for abcd@outlook.com

正在获取证书

2023/11/22 23:48:57 [INFO] [www.abc.xyz, abc.xyz] acme: Obtaining bundled SAN certificate

2023/11/22 23:48:58 [INFO] [abc.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448986

2023/11/22 23:48:58 [INFO] [www.abc.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448996

2023/11/22 23:48:58 [INFO] [abc.xyz] acme: Could not find solver for: tls-alpn-01

2023/11/22 23:48:58 [INFO] [abc.xyz] acme: use http-01 solver

2023/11/22 23:48:58 [INFO] [www.abc.xyz] acme: Could not find solver for: tls-alpn-01

2023/11/22 23:48:58 [INFO] [www.abc.xyz] acme: use http-01 solver

2023/11/22 23:48:58 [INFO] [abc.xyz] acme: Trying to solve HTTP-01

2023/11/22 23:49:01 [INFO] [www.abc.xyz] acme: Trying to solve HTTP-01

2023/11/22 23:49:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448986

2023/11/22 23:49:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448996

fail to obtain: error: one or more domains had a problem: [abc.xyz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 2603:aaaa:aaaa::354a: Invalid response from https://abc.xyz/.well-known/acme-challenge/Y0g5RholcJrzZbqD0Xb5ah6tNw0NqInQpfbZE8xjCcw: 404 [www.abc.xyz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 2603:aaaa:aaaa::354a: Invalid response from https://www.abc.xyz/.well-known/acme-challenge/QvDdKtFpO6eOWOzozpIw5aOS6pBtEs5llnba3bjDoto: 404

可以看到错误日志，应该是 location 规则没配好

<!-- gh-comment-id:1823060962 --> @0xJacky commented on GitHub (Nov 22, 2023): >   > > 得全部禁用😂，之前那个是通配符证书。 又手动点了一遍。。。后面考虑搞个多选操作不？ > > 禁用完了我执行 docker restart nginx-ui ，再来启用时还是报错，好像并没有解决问题。 > > 我尝试了下把配置里面的证书路径删掉，保存，也报错（但实际成功了，刷新页面可以看到没有路径了）。 > > 然后重新申请证书，也申请不了。 > > ``` > 正在获取证书，请稍等... > > 正在生成私钥用于注册账户 > > 正在准备 Lego 的配置 > > 正在创建客户端用于与 CA 服务器通信 > > 使用 HTTP01 challenge provider > > 正在注册用户 > > 2023/11/22 23:48:57 [INFO] acme: Registering account for abcd@outlook.com > > 正在获取证书 > > 2023/11/22 23:48:57 [INFO] [www.abc.xyz, abc.xyz] acme: Obtaining bundled SAN certificate > > 2023/11/22 23:48:58 [INFO] [abc.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448986 > > 2023/11/22 23:48:58 [INFO] [www.abc.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448996 > > 2023/11/22 23:48:58 [INFO] [abc.xyz] acme: Could not find solver for: tls-alpn-01 > > 2023/11/22 23:48:58 [INFO] [abc.xyz] acme: use http-01 solver > > 2023/11/22 23:48:58 [INFO] [www.abc.xyz] acme: Could not find solver for: tls-alpn-01 > > 2023/11/22 23:48:58 [INFO] [www.abc.xyz] acme: use http-01 solver > > 2023/11/22 23:48:58 [INFO] [abc.xyz] acme: Trying to solve HTTP-01 > > 2023/11/22 23:49:01 [INFO] [www.abc.xyz] acme: Trying to solve HTTP-01 > > 2023/11/22 23:49:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448986 > > 2023/11/22 23:49:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/286422448996 > > fail to obtain: error: one or more domains had a problem: [abc.xyz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 2603:aaaa:aaaa::354a: Invalid response from https://abc.xyz/.well-known/acme-challenge/Y0g5RholcJrzZbqD0Xb5ah6tNw0NqInQpfbZE8xjCcw: 404 [www.abc.xyz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 2603:aaaa:aaaa::354a: Invalid response from https://www.abc.xyz/.well-known/acme-challenge/QvDdKtFpO6eOWOzozpIw5aOS6pBtEs5llnba3bjDoto: 404 > ``` 可以看到错误日志，应该是 location 规则没配好

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

神了，刚刚操作了下申请证书，证书列表就只剩这一个了。（同一个配置的，我为了避免重复，改了下配置名称）

但是文件夹里是全都在的：

这个证书列表就是只记录在 UI 里启动自动证书或者手动添加的证书，不会自动扫描目录

<!-- gh-comment-id:1823063778 --> @0xJacky commented on GitHub (Nov 22, 2023): > 神了，刚刚操作了下申请证书，证书列表就只剩这一个了。（同一个配置的，我为了避免重复，改了下配置名称）  > > 但是文件夹里是全都在的：  这个证书列表就是只记录在 UI 里启动自动证书或者手动添加的证书，不会自动扫描目录

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

是这样，因为你需要先启用 www. 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。

<!-- gh-comment-id:1823069917 --> @0xJacky commented on GitHub (Nov 22, 2023): 是这样，因为你需要先启用 www. 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

主要是启用和禁用前会使用 nginx -t 检查一次配置文件，如果 nginx 因为什么原因没开起来，就会出现 exit 1，这个需要检查相关日志。

<!-- gh-comment-id:1823073864 --> @0xJacky commented on GitHub (Nov 22, 2023): 主要是启用和禁用前会使用 nginx -t 检查一次配置文件，如果 nginx 因为什么原因没开起来，就会出现 exit 1，这个需要检查相关日志。

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

是这样，因为你需要先启用 www. 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。

是启用了的，配的两个 server_name ，一个 www.abc.xyz 一个 abc.xyz

<!-- gh-comment-id:1823083467 --> @leic4u commented on GitHub (Nov 22, 2023): > 是这样，因为你需要先启用 [www](http://www). 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。 是启用了的，配的两个 server_name ，一个 `www.abc.xyz` 一个 `abc.xyz`

kerem commented 2026-03-01 15:34:05 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

是这样，因为你需要先启用 www. 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。

是启用了的，配的两个 server_name ，一个 www.abc.xyz 一个 abc.xyz

看日志的话是这个问题，建议贴出配置文件看看

<!-- gh-comment-id:1823086747 --> @0xJacky commented on GitHub (Nov 22, 2023): > > 是这样，因为你需要先启用 [www](http://www). 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。 > > 是启用了的，配的两个 server_name ，一个 `www.abc.xyz` 一个 `abc.xyz` 看日志的话是这个问题，建议贴出配置文件看看

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

这个证书列表就是只记录在 UI 里启动自动证书或者手动添加的证书，不会自动扫描目录

在没有重新操作申请证书之前，这个列表能查到所有证书。参见 1 楼的 「证书列表」 处的截图。

<!-- gh-comment-id:1823090447 --> @leic4u commented on GitHub (Nov 22, 2023): > 这个证书列表就是只记录在 UI 里启动自动证书或者手动添加的证书，不会自动扫描目录 在没有重新操作申请证书之前，这个列表能查到所有证书。参见 1 楼的 「证书列表」 处的截图。

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

是这样，因为你需要先启用 www. 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。

是启用了的，配的两个 server_name ，一个 www.abc.xyz 一个 abc.xyz

看日志的话是这个问题，建议贴出配置文件看看

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name www.abc.xyz abc.xyz;
    ssl_certificate /etc/nginx/ssl/www.abc.xyz_abc.xyz/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/www.abc.xyz_abc.xyz/private.key;
    if ($server_port = 80) {
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        client_max_body_size 1000m;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:8090/;
    }
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
}

<!-- gh-comment-id:1823091980 --> @leic4u commented on GitHub (Nov 22, 2023): > > > 是这样，因为你需要先启用 [www](http://www). 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。 > > > > > > 是启用了的，配的两个 server_name ，一个 `www.abc.xyz` 一个 `abc.xyz` > > 看日志的话是这个问题，建议贴出配置文件看看 ``` map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; http2 on; server_name www.abc.xyz abc.xyz; ssl_certificate /etc/nginx/ssl/www.abc.xyz_abc.xyz/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/www.abc.xyz_abc.xyz/private.key; if ($server_port = 80) { rewrite ^(/.*)$ https://$host$1 permanent; } ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; client_max_body_size 1000m; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8090/; } location /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } } ```

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

这个证书列表就是只记录在 UI 里启动自动证书或者手动添加的证书，不会自动扫描目录

在没有重新操作申请证书之前，这个列表能查到所有证书。参见 1 楼的 「证书列表」 处的截图。

我怀疑是 database.db 错了，代码里没有写执行批量删除

<!-- gh-comment-id:1823094694 --> @0xJacky commented on GitHub (Nov 22, 2023): > > 这个证书列表就是只记录在 UI 里启动自动证书或者手动添加的证书，不会自动扫描目录 > > 在没有重新操作申请证书之前，这个列表能查到所有证书。参见 1 楼的 「证书列表」 处的截图。 我怀疑是 database.db 错了，代码里没有写执行批量删除

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Nov 22, 2023):

确定域名都解析对了对吧，我暂时没法定位到问题的原因，可以等后续版本看看JackyOn Nov 23, 2023, at 12:27 AM, leic4u @.***> wrote:

是这样，因为你需要先启用 www. 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。

是启用了的，配的两个 server_name ，一个 www.abc.xyz 一个 abc.xyz

看日志的话是这个问题，建议贴出配置文件看看

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name www.abc.xyz abc.xyz;
ssl_certificate /etc/nginx/ssl/www.immi.run_immi.run/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/www.immi.run_immi.run/private.key;
if ($server_port = 80) {
rewrite ^(/.*)$ https://$host$1 permanent;
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
client_max_body_size 1000m;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8090/;
}
location /.well-known/acme-challenge {
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_pass http://127.0.0.1:9180;
}
}

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>

<!-- gh-comment-id:1823100678 --> @0xJacky commented on GitHub (Nov 22, 2023): 确定域名都解析对了对吧，我暂时没法定位到问题的原因，可以等后续版本看看JackyOn Nov 23, 2023, at 12:27 AM, leic4u ***@***.***> wrote: 是这样，因为你需要先启用 www. 的域名的配置文件，才可以使用 HTTP01 签发证书，或者是改用 DNS Challenge 方式，这样可以在域名不启用的状态下签发证书。 是启用了的，配的两个 server_name ，一个 www.abc.xyz 一个 abc.xyz 看日志的话是这个问题，建议贴出配置文件看看 map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; http2 on; server_name www.abc.xyz abc.xyz; ssl_certificate /etc/nginx/ssl/www.immi.run_immi.run/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/www.immi.run_immi.run/private.key; if ($server_port = 80) { rewrite ^(/.*)$ https://$host$1 permanent; } ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; client_max_body_size 1000m; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8090/; } location /.well-known/acme-challenge { proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_pass http://127.0.0.1:9180; } } —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

确定域名都解析对了对吧，我暂时没法定位到问题的原因，可以等后续版本看看

配置我没有改过，是前两天申请证书成功时的相同配置。解析应该是没有问题的。

<!-- gh-comment-id:1823103285 --> @leic4u commented on GitHub (Nov 22, 2023): > 确定域名都解析对了对吧，我暂时没法定位到问题的原因，可以等后续版本看看 配置我没有改过，是前两天申请证书成功时的相同配置。解析应该是没有问题的。

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

那我先不动容器，保持现在的状态配合排查问题。反正我服务器上都是些个人服务，停几天也不影响。有需要随时留言。

<!-- gh-comment-id:1823117917 --> @leic4u commented on GitHub (Nov 22, 2023): 那我先不动容器，保持现在的状态配合排查问题。反正我服务器上都是些个人服务，停几天也不影响。有需要随时留言。

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

证书过期，申请证书 location 的问题不用看了。乌龙了。

是我晚上 9 点多用 apt-get upgrade 更新并重启 docker 时，自动把我之前停掉的 nginx 容器启起来了，所以 80 和 443 端口被原来那个 nginx 监听了，才出现了能访问站点，但证书过期，和申请证书出现 location 的问题。

现在需要排查的只是在更新 v2.0.0-beta4 后，nginx-ui 面板里面的 nginx 没有启动，导致所有配置站点均无法访问的问题。（下午更新 nginx-ui 时，原来那个 nginx 容器是没有启动的）

我现在把原来那个 nginx 镜像、容器都删掉了。再重启 nginx-ui ，跟下午 4 点多的情况是一样的，无法通过域名访问站点。

---

我把 issue 里面涉及到这个乌龙的日志、问题和描述都删掉了。只需要看更新后为啥没有读取到目录的问题就行。

<!-- gh-comment-id:1823174986 --> @leic4u commented on GitHub (Nov 22, 2023): 证书过期，申请证书 location 的问题不用看了。乌龙了。 是我晚上 9 点多用 `apt-get upgrade` 更新并重启 docker 时，自动把我之前停掉的 nginx 容器启起来了，所以 80 和 443 端口被原来那个 nginx 监听了，才出现了能访问站点，但证书过期，和申请证书出现 location 的问题。 现在需要排查的只是在更新 v2.0.0-beta4 后，nginx-ui 面板里面的 nginx 没有启动，导致所有配置站点均无法访问的问题。（下午更新 nginx-ui 时，原来那个 nginx 容器是没有启动的） 我现在把原来那个 nginx 镜像、容器都删掉了。再重启 nginx-ui ，跟下午 4 点多的情况是一样的，无法通过域名访问站点。 --- 我把 issue 里面涉及到这个乌龙的日志、问题和描述都删掉了。只需要看更新后为啥没有读取到目录的问题就行。

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

我感觉核心就是这一行日志：

2023/11/22 16:40:30 [emerg] 9#9: cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file)
2023-11-22 16:40:32     INFO    server/server.go:20     Nginx config dir path: /etc/nginx

需要排查下，为啥 nginx-ui 会去读一个我删掉了的证书（在面板里和在 SSH 里我都删了，因为我发现虽然我在面板里删了，但文件还是在 ssl 文件夹下面）

可能搞清楚这个原因，就能解决这个 issue 了。

<!-- gh-comment-id:1823190639 --> @leic4u commented on GitHub (Nov 22, 2023): 我感觉核心就是这一行日志： ``` 2023/11/22 16:40:30 [emerg] 9#9: cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/abc.xyz.fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/abc.xyz.fullchain.cer, r) error:10000080:BIO routines::no such file) 2023-11-22 16:40:32 INFO server/server.go:20 Nginx config dir path: /etc/nginx ``` 需要排查下，为啥 nginx-ui 会去读一个我删掉了的证书（在面板里和在 SSH 里我都删了，因为我发现虽然我在面板里删了，但文件还是在 ssl 文件夹下面） 可能搞清楚这个原因，就能解决这个 issue 了。

kerem commented 2026-03-01 15:34:06 +03:00

Author

Owner

Copy link

@leic4u commented on GitHub (Nov 22, 2023):

找到了，是我自己的问题。

因为自己是把 *.abc.xyz 解析到这台服务器的，所以导致我访问任意三级域名，都能跳转到 nginx-ui 面板来。

因此我在 nginx.conf 文件中加了一个 server 配置，以阻挡通过随机域名访问：

    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name _;

    ssl_certificate /etc/nginx/ssl/abc.xyz.fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/abc.xyz.private.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

    return 404;
    }

应该就是这个配置导致了今天晚上浪费了您那么多时间，因为我删掉它之后，重启容器，nginx 就是正常启动状态了。

但由此引发出另外两个问题，这两个问题我明天单独开 issue。这个 issue 先关闭了。

1. 【FR】能否把最终生效的 nginx 配置文件，合成到一起生成出来，可以在一个地方看到所有的 nginx 配置，现在分成了三处，实在不便。类似于 cat *.conf 这个功能。
2. 【BUG】启动一个错误的配置后，本来正常运行的 nginx 就会报错。使用页面右上角的重启和重载功能，也无济于事。只能重启容器。

<!-- gh-comment-id:1823238871 --> @leic4u commented on GitHub (Nov 22, 2023): 找到了，是我自己的问题。 因为自己是把 `*.abc.xyz` 解析到这台服务器的，所以导致我访问任意三级域名，都能跳转到 nginx-ui 面板来。 因此我在 `nginx.conf` 文件中加了一个 `server` 配置，以阻挡通过随机域名访问： ``` server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name _; ssl_certificate /etc/nginx/ssl/abc.xyz.fullchain.cer; ssl_certificate_key /etc/nginx/ssl/abc.xyz.private.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; return 404; } ``` 应该就是这个配置导致了今天晚上浪费了您那么多时间，因为我删掉它之后，重启容器，nginx 就是正常启动状态了。 但由此引发出另外两个问题，这两个问题我明天单独开 issue。这个 issue 先关闭了。 1. 【FR】能否把最终生效的 nginx 配置文件，合成到一起生成出来，可以在一个地方看到所有的 nginx 配置，现在分成了三处，实在不便。类似于 `cat *.conf` 这个功能。 2. 【BUG】启动一个错误的配置后，本来正常运行的 nginx 就会报错。使用页面右上角的重启和重载功能，也无济于事。只能重启容器。

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

weblate

main

renovate/uuid-14.x

renovate/typescript-6.x

renovate/all-minor-patch

cursor/interface-conversion-error-36ec

cursor/docker-api-stat-path-27ca

cursor/nginx-ui-disk-i-o-3d99

cursor/cloudflare-dns-comments-299c

cursor/access-log-dark-mode-font-dfdc

copilot/fix-ai-chat-title-error

cursor/propfind-method-logging-33b5

cursor/docker-client-version-update-d1b4

copilot/fix-nginx-ui-api-errors

cursor/update-x-forwarded-proto-header-handling-1223

cursor/fix-nginx-ui-issue-1455-gpt-5.1-codex-high-079c

cursor/update-nginx-ui-to-vue-3-gpt-5.1-codex-high-3100

cursor/investigate-nginx-ui-issue-1446-gpt-5.1-codex-high-2be0

v1

v2.3.8

v2.3.7

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.1

v2.2.0-patch.1

v2.2.0

v2.1.17

v2.1.16

v2.1.15

v2.1.14

v2.1.13

v2.1.12

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4-patch.1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0-patch.1

v2.1.0

v2.1.0-rc.3

v2.1.0-rc.2

v2.1.0-rc.1

v2.1.0-beta.1

v2.0.2

v2.0.1

v2.0.0

v2.0.0-rc.8-patch.1

v2.0.0-rc.8

v2.0.0-rc.7-patch.6

v2.0.0-rc.7-patch.7

v2.0.0-rc.7-patch.8

v2.0.0-rc.7-patch.5

v2.0.0-rc.7-patch.4

v2.0.0-rc.7-patch.3

v2.0.0-rc.7-patch.2

v2.0.0-rc.7-patch.1

v2.0.0-rc.7

v2.0.0-rc.6-patch.5

v2.0.0-rc.6-patch.4

v2.0.0-rc.6-patch.3

v2.0.0-rc.6-patch.2

v2.0.0-rc.6-patch.1

v2.0.0-rc.6

v2.0.0-rc.5

v2.0.0-rc.4-patch.3

v2.0.0-rc.4-patch.2

v2.0.0-rc.4-patch.1

v2.0.0-rc.4

v2.0.0-rc.3-patch.1

v2.0.0-rc.3

v2.0.0-rc.2

v2.0.0-rc.1-patch.2

v2.0.0-rc.1-patch.1

v2.0.0-rc.1

v2.0.0-beta.42

v2.0.0-beta.41

v2.0.0-beta.40

v2.0.0-beta.39-risefront.6

v2.0.0-beta.39-risefront.5

v2.0.0-beta.39-risefront.4

v2.0.0-beta.39-risefront.3

v2.0.0-beta.39-risefront.2

v2.0.0-beta.39-risefront

v2.0.0-beta.39

v2.0.0-beta.38

v2.0.0-beta.37-patch.5

v2.0.0-beta.37-patch.3

v2.0.0-beta.37-patch.4

v2.0.0-beta.37-patch.2

v2.0.0-beta.37-patch.1

v2.0.0-beta.37

v2.0.0-beta.36

v2.0.0-beta.35

v2.0.0-beta.34

v2.0.0-beta.33

v2.0.0-beta.32-patch.1

v2.0.0-beta.32

v2.0.0-beta.31

v2.0.0-beta.30

v2.0.0-beta.29

v2.0.0-beta.28

v2.0.0-beta.27

v2.0.0-beta.26

v2.0.0-beta.25-patch.2

v2.0.0-beta.25-patch.1

v2.0.0-beta.25

v2.0.0-beta.24

v2.0.0-beta.23-patch.2

v2.0.0-beta.23-patch.1

v2.0.0-beta.23

v2.0.0-beta.22

v2.0.0-beta.21

v2.0.0-beta.20

v2.0.0-beta.19

v2.0.0-beta.18-patch.2

v2.0.0-beta.18-patch.1

v2.0.0-beta.18

v2.0.0-beta.17

v2.0.0-beta.16

v2.0.0-beta.15

v2.0.0-beta.14

v2.0.0-beta.13-patch

v2.0.0-beta.13

v2.0.0-beta.12

v2.0.0-beta.11

v2.0.0-beta.10-patch

v2.0.0-beta.10

v2.0.0-beta.9

v2.0.0-beta.8-patch

v2.0.0-beta.8

v2.0.0-beta.7

v2.0.0-beta.6-patch.2

v2.0.0-beta.6-patch

v2.0.0-beta.6

v2.0.0-beta.5-patch

v2.0.0-beta.5

v2.0.0-beta.4-patch

v2.0.0-beta.4

v2.0.0-beta.3

v2.0.0-beta.2

v2.0.0-beta.1

v1.9.9-4

v1.9.9-3

v1.9.9-2

v1.9.9

v1.9.9-1

v1.8.4-patch

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0-patch

v1.7.0

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.3

v1.6.2

v1.6.1

v1.6.0-fix

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.5.0-beta9

v1.5.0-beta8

v1.5.0-beta7

v1.5.0-beta6

v1.5.0-beta5

v1.5.0-beta4-fix

v1.5.0-beta4

v1.5.0-beta3

v1.5.0-beta2

v1.5.0-beta1

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc1

v1.3.3-rc1

v1.3.2

v1.3.1-fix

v1.3.1

v1.3.0

v1.3.0-rc1

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc.3

v1.2.0-rc.2

v1.2.0-rc.1

v1.2.0-alpha.4

v1.2.0-alpha.3

v1.2.0-alpha.2

v1.1.0

Labels

Clear labels   

Q/A

  

bug

  

casdoor

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

lego

  

platform:openwrt

  

platform:windows

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

Q/A

bug

casdoor

dependencies

docker

documentation

duplicate

enhancement

help wanted

invalid

lego

platform:openwrt

platform:windows

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-ui#4538

No description provided.