Kwanan nan na canza uwar garken kama-da-wane, kuma dole in sake saita komai. Na fi son shafin ya kasance ta hanyar https kuma a sami takaddun shaida na letsencrypt kuma a sabunta su ta atomatik. Ana iya samun wannan ta amfani da hotunan docker guda biyu nginx-proxy da nginx-proxy-companion.
Wannan jagora ne kan yadda ake saita gidan yanar gizo akan Docker, tare da wakili wanda ke karɓar takaddun shaida ta SSL kai tsaye. Ana amfani da uwar garken kama-da-wane na CentOS 7.
Ina ɗauka cewa an riga an sayi uwar garken, saita, shiga ta amfani da maɓalli, kasa2ban shigar, da sauransu.
Da farko kuna buƙatar shigar da docker.
- Da farko kuna buƙatar shigar da abubuwan dogaro
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2 - Haɗa wurin ajiya
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - Sannan shigar da bugun al'umman docker
$ sudo yum install docker-ce docker-ce-cli containerd.io - Ƙara docker zuwa farawa kuma gudu
$ sudo systemctl enable docker $ sudo systemctl start docker - Ƙara mai amfani zuwa ƙungiyar docker don samun damar gudanar da docker ba tare da sudo ba
$ usermod -aG docker user
Mataki na gaba shine shigar docker-compose. Za a iya shigar da mai amfani a hanyoyi da yawa, amma na fi son shigarwa ta hanyar mai sarrafa pip da virtualenv, don kada ya lalata tsarin tare da fakitin da ba dole ba.
- Shigar pip
$ sudo yum install python-pip - Shigar da Virtualenv
$ pip install virtualenv - Na gaba kana buƙatar ƙirƙirar babban fayil tare da aikin kuma fara shi. Babban fayil ɗin da ke da duk abin da kuke buƙatar sarrafa fakiti za a kira shi ve.
$ mkdir docker $ cd docker $ virtualenv ve - Don fara amfani da yanayin kama-da-wane, kuna buƙatar gudanar da umarni mai zuwa a cikin babban fayil ɗin aikin.
$ source ve/bin/activate - Kuna iya shigar da docker-compose.
pip install docker-composeDomin kwantena su ga juna, za mu ƙirƙiri hanyar sadarwa. Ta hanyar tsoho, ana amfani da direban gada.
$ docker network create networkNa gaba kuna buƙatar saita docker-compose, wakili zai kasance a cikin babban fayil ɗin wakili, rukunin gwajin zai kasance a cikin babban fayil ɗin gwaji. Misali, Ina amfani da sunan yankin example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.ymlAbun ciki proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:Canjin yanayi NGINX_PROXY_CONTAINER wajibi ne ga akwatin letsencrypt don ganin ganuwar wakili. Dole ne a raba manyan fayiloli /etc/nginx/certs /etc/nginx/vhost.d da /usr/share/nginx/html ta kwantena biyu. Domin kwandon letsencrypt yayi aiki daidai, aikace-aikacen dole ne a sami dama ga tashar tashar jiragen ruwa 80 da 443.
Abun ciki test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]Anan, ana buƙatar masu canjin yanayi ta yadda wakili zai aiwatar da buƙatun zuwa uwar garken daidai kuma yana buƙatar takaddun shaida don sunan yankin daidai.
Duk abin da ya rage shine gudanar da aikin docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
source: www.habr.com