Hauv tsab xov xwm no, kuv xav qhia rau koj txog ib txoj hauv kev tsim daim ntawv pov thawj SSL rau koj daim ntawv thov web khiav ntawm Docker, vim ... Kuv tsis pom qhov kev daws teeb meem zoo li no hauv cov lus Lavxias hauv Is Taws Nem.
Paub meej ntxiv nyob rau hauv qhov txiav.
Peb muaj docker v.17.05, docker-compose v.1.21, Ubuntu Server 18 thiab ib pint ntawm ntshiab Let'sEncrypt. Nws tsis yog qhov yuav tsum tau xa cov khoom tsim tawm ntawm Docker. Tab sis thaum koj pib tsim Docker, nws nyuaj rau nres.
Yog li, pib nrog, kuv yuav muab cov txheej txheem teeb tsa - uas peb muaj nyob rau theem dev, i.e. tsis muaj chaw nres nkoj 443 thiab SSL feem ntau:
docker-compose.yml
version: '2'
services:
php:
build: ./php-fpm
volumes:
- ./StomUp:/var/www/StomUp
- ./php-fpm/php.ini:/usr/local/etc/php/php.ini
depends_on:
- mysql
container_name: "StomPHP"
web:
image: nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- ./StomUp:/var/www/StomUp
- ./nginx/main.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php
mysql:
image: mysql:5.7
command: mysqld --sql_mode=""
environment:
MYSQL_ROOT_PASSWORD: xxx
ports:
- "3333:3306"
nginx/main.conf
server {
listen 80;
server_name *.stomup.ru stomup.ru;
root /var/www/StomUp/public;
client_max_body_size 5M;
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
location ~ ^/index.php(/|$) {
#fastcgi_pass unix:/var/run/php7.2-fpm.sock;
fastcgi_pass php:9000;
fastcgi_split_path_info ^(.+.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
internal;
}
location ~ .php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
Tom ntej no, peb yuav tsum siv SSL. Yuav kom ncaj ncees, kuv tau siv sijhawm li 2 teev kawm txog thaj chaw com. Tag nrho cov kev xaiv muaj muaj nthuav. Tab sis nyob rau theem tam sim no ntawm qhov project, peb (kev lag luam) yuav tsum tau ceev thiab ntseeg tau cov ntsia hlau SSL Let'sEnctypt ΠΊ nginx thawv thiab tsis muaj dab tsi ntxiv.
Ua ntej tshaj plaws, peb tau nruab nws ntawm lub server certbot
sudo apt-get install certbot
Tom ntej no, peb tsim cov ntawv pov thawj wildcard rau peb lub npe
sudo certbot certonly -d stomup.ru -d *.stomup.ru --manual --preferred-challenges dns
Tom qab ua tiav, certbot yuav muab peb 2 TXT cov ntaub ntawv uas yuav tsum tau teev tseg hauv DNS nqis.
_acme-challenge.stomup.ru TXT {ΡΠΎΡΠΠ»ΡΡΠΠΎΡΠΎΡΡΠΉΠΠ°ΠΌΠΡΠ΄Π°Π»CertBot}
Thiab nias nkag.
Tom qab no, certbot yuav kuaj xyuas qhov muaj cov ntaub ntawv no hauv DNS thiab tsim daim ntawv pov thawj rau koj.
yog tias koj tau ntxiv daim ntawv pov thawj tab sis certbot tsis pom nws - sim rov pib dua cov lus txib tom qab 5-10 feeb.
Zoo, ntawm no peb yog cov tswv zoo siab ntawm daim ntawv pov thawj Let'sEncrypt rau 90 hnub, tab sis tam sim no peb yuav tsum tau xa nws mus rau Docker.
Txhawm rau ua qhov no, hauv txoj kev tsis tseem ceeb tshaj plaws, hauv docker-compose.yml, hauv ntu nginx, peb txuas cov npe.
Piv txwv li docker-compose.yml nrog SSL
version: '2'
services:
php:
build: ./php-fpm
volumes:
- ./StomUp:/var/www/StomUp
- /etc/letsencrypt/live/stomup.ru/:/etc/letsencrypt/live/stomup.ru/
- ./php-fpm/php.ini:/usr/local/etc/php/php.ini
depends_on:
- mysql
container_name: "StomPHP"
web:
image: nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- ./StomUp:/var/www/StomUp
- /etc/letsencrypt/:/etc/letsencrypt/
- ./nginx/main.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php
mysql:
image: mysql:5.7
command: mysqld --sql_mode=""
environment:
MYSQL_ROOT_PASSWORD: xxx
ports:
- "3333:3306"
Txuas? Zoo heev - cia peb mus ntxiv:
Tam sim no peb yuav tsum hloov lub config nginx ua haujlwm nrog 443 chaw nres nkoj thiab SSL feem ntau:
Piv txwv main.conf config nrog SSL
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name *.stomup.ru stomup.ru;
set $base /var/www/StomUp;
root $base/public;
# SSL
ssl_certificate /etc/letsencrypt/live/stomup.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stomup.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/stomup.ru/chain.pem;
client_max_body_size 5M;
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
location ~ ^/index.php(/|$) {
#fastcgi_pass unix:/var/run/php7.2-fpm.sock;
fastcgi_pass php:9000;
fastcgi_split_path_info ^(.+.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
internal;
}
location ~ .php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name *.stomup.ru stomup.ru;
location / {
return 301 https://stomup.ru$request_uri;
}
}
Qhov tseeb, tom qab cov kev hloov pauv no, peb mus rau phau ntawv nrog Docker-compose, sau docker-compose li -d. Thiab peb xyuas cov haujlwm ntawm SSL. Txhua yam yuav tsum tawm mus.
Qhov tseem ceeb tshaj plaws yog tsis txhob hnov ββββqab tias Let'sEnctypt daim ntawv pov thawj tau muab rau 90 hnub thiab koj yuav tsum tau rov ua dua tshiab los ntawm cov lus txib sudo certbot renew, thiab tom qab ntawd rov pib qhov project nrog cov lus txib docker-compose restart
Lwm qhov kev xaiv yog ntxiv cov kab ke no rau crontab.
Hauv kuv lub tswv yim qhov no yog qhov yooj yim tshaj plaws los txuas SSL rau Docker Web-app.
PS Thov nco ntsoov tias tag nrho cov ntawv qhia hauv cov ntawv tsis yog qhov kawg, qhov project tam sim no nyob rau theem Dev tob, yog li kuv xav thov kom koj tsis txhob thuam cov configs - lawv yuav raug hloov kho ntau zaus.
Tau qhov twg los: www.hab.com