M na-adịbeghị anya gbanwere mebere nkesa, na nwere hazi ihe niile ọzọ. Ọ masịrị m ka saịtị ahụ nweta site na https wee nweta asambodo letsencrypt wee nwetaghachi ya na-akpaghị aka. Enwere ike nweta nke a site na iji onyonyo docker abụọ nginx-proxy na nginx-proxy-companion.
Nke a bụ ntuziaka maka otu esi edobe webụsaịtị na Docker, yana proxy na-enweta asambodo SSL na-akpaghị aka. A na-eji sava CentOS 7 mebere.
Echere m na azụrụla ihe nkesa ahụ, hazie ya, jiri igodo wee banye, fail2ban arụnyere, wdg.
Mbụ ịkwesịrị ịwụnye docker.
- Mbụ ị kwesịrị ịwụnye ndabere
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
- Jikọọ ebe nchekwa
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- Wee tinye mbipụta obodo docker
$ sudo yum install docker-ce docker-ce-cli containerd.io
- Tinye docker na mmalite wee gbaa ọsọ
$ sudo systemctl enable docker $ sudo systemctl start docker
- Tinye onye ọrụ na otu docker ka ị nwee ike ịgba docker na-enweghị sudo
$ usermod -aG docker user
Nzọụkwụ ọzọ bụ ịwụnye docker-Compose. Enwere ike itinye ngwa ahụ n'ọtụtụ ụzọ, mana m na-ahọrọ ịwụnye site na njikwa pip na virtualenv, ka ọ ghara imebi usoro ahụ na ngwugwu na-enweghị isi.
- Wụnye pip
$ sudo yum install python-pip
- Wụnye virtualenv
$ pip install virtualenv
- Ọzọ ịkwesịrị ịmepụta folda na ọrụ ahụ wee malite ya. A ga-akpọ nchekwa ahụ nwere ihe niile ịchọrọ ijikwa ngwugwu ve.
$ mkdir docker $ cd docker $ virtualenv ve
- Iji malite iji mebere gburugburu, ịkwesịrị ịme iwu a na folda ọrụ.
$ source ve/bin/activate
- Ị nwere ike ịwụnye docker-Compose.
pip install docker-compose
Ka arịa ndị ahụ wee hụ ibe ha, anyị ga-emepụta netwọk. Site na ndabara, a na-eji ọkwọ ụgbọ ala akwa mmiri.
$ docker network create network
Ọzọ ịkwesịrị ịhazi docker-compose, proxy ga-adị na folda proxy, saịtị nnwale ga-adị na nchekwa ule. Dịka ọmụmaatụ, m na-eji ngalaba aha example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.yml
Ọdịnaya proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:
Ngbanwe gburugburu NGINX_PROXY_CONTAINER ọ dị mkpa ka akpa letsencrypt hụ ebe proxy. A ga-ekekọrịta nchekwa /etc/nginx/certs /etc/nginx/vhost.d na /usr/share/nginx/html site na akpa abụọ ahụ. Ka akpa letsencrypt rụọ ọrụ nke ọma, ngwa a ga-enwerịrị ike ịnweta na ọdụ ụgbọ mmiri 80 na 443.
Ọdịnaya test/docker-gụkọta.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]
Ebe a, gburugburu ebe obibi variables na-mkpa nke mere na proxy n'ụzọ ziri ezi Filiks arịrịọ ka ihe nkesa na-arịọ a akwụkwọ maka ziri ezi na ngalaba aha.
Naanị ihe fọdụrụ bụ ịgba ọsọ docker-Compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
isi: www.habr.com