liyin37 opened a new issue #103: URL: https://github.com/apache/apisix-docker/issues/103
2020/12/14 09:42:35 [error] 54#54: *960335 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to fetch SSL certificate: not found, context: ssl_certificate_by_lua*, client: 10.112.0.116, server: 0.0.0.0:9443 2020/12/14 09:42:58 [error] 54#54: *963324 [lua] init.lua:180: http_ssl_phase(): failed to fetch ssl config: failed to fetch SSL certificate: not found, context: ssl_certificate_by_lua*, client: 10.112.0.116, server: 0.0.0.0:9443 the config.yaml is below: apisix: node_listen: 9080 # APISIX listening port enable_ipv6: false allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 0.0.0.0/0 # We need to restrict ip access rules for security. 0.0.0.0/0 is for test. admin_key: - name: "admin" key: edd1c9f034335f136f87ad84b625c8f1 role: admin # admin: manage all configuration data # viewer: only can view configuration data - name: "viewer" key: 4054f7cf07e344346cd3f287985e76a2 role: viewer ssl: enable: true # ssl is disabled by default # enable it to use your own cert and key enable_http2: true listen_port: 9443 ssl_trusted_certificate: /usr/local/apisix/conf/cert/ca.pem # Specifies a file path with trusted CA certificates in the PEM format # used to verify the certificate when APISIX needs to do SSL/TLS handshaking # with external services (e.g. etcd) ssl_cert: /usr/local/apisix/conf/cert/server.pem ssl_cert_key: /usr/local/apisix/conf/cert/server.key ssl_protocols: "TLSv1.2 TLSv1.3" ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" ssl_session_tickets: false # disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless. # ref: https://github.com/mozilla/server-side-tls/issues/135 key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin ssl key into etcd. # If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC # !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !! etcd: host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - "http://gistack-etcd:2379" # multiple etcd address prefix: "/apisix" # apisix configurations prefix timeout: 30 # 30 seconds docker ps : dbb324ca4312 registry.cn-beijing.aliyuncs.com/gisuni/apisix:2.1-centos "sh -c '/usr/bin/api…" 2 hours ago Up 2 hours 0.0.0.0:9080->9080/tcp, 0.0.0.0:9443->9443/tcp gistack-apisix 59c37ca479d6 registry.cn-beijing.aliyuncs.com/gisuni/etcd:3.4.9 "/entrypoint.sh etcd" 2 hours ago Up 2 hours 0.0.0.0:2379->2379/tcp, 2380/tcp gistack-etcd the image all use official images ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org