ืืืืจืื ื ืฉืื ืืชื ืืช ืืฉืจืช ืืืืืจืืืืื, ืื ืืืฆืชื ืืืืืืจ ืืื ืฉืื. ืื ื ืืขืืืฃ ืฉืืืชืจ ืืืื ื ืืืฉ ืืจื https ืืืคืฉืจ ืืงืื ืืืฉืืจืื ื-sencrypt ืืืืืฉ ืืืชื ืืืืคื ืืืืืืื. ื ืืชื ืืืฉืื ืืืช ืขื ืืื ืฉืืืืฉ ืืฉืชื ืชืืื ืืช docker nginx-proxy ื-nginx-proxy-companion.
ืืื ืืืจืื ืืืฆื ืืืืืืจ ืืชืจ ื-Docker, ืขื ืคืจืืงืกื ืฉืืงืื ืืืืคื ืืืืืืื ืชืขืืืืช SSL. ื ืขืฉื ืฉืืืืฉ ืืฉืจืช ืืืืจืืืืื CentOS 7.
ืื ื ืื ืื ืฉืืฉืจืช ืืืจ ื ืจืืฉ, ืืืืืจ, ื ืื ืก ืืืืฆืขืืช ืืคืชื, fail2ban ืืืชืงื ืืื'.
ืจืืฉืืช ืขืืื ืืืชืงืื docker.
- ืจืืฉืืช ืขืืื ืืืชืงืื ืชืืืช
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2 - ืืืจ ืืืืจ
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - ืืืืจ ืืื ืืชืงื ืืช ืืืืืจืช ืืงืืืื ืฉื Docker
$ sudo yum install docker-ce docker-ce-cli containerd.io - ืืืกืฃ docker ืืืคืขืื ืืืจืฆื
$ sudo systemctl enable docker $ sudo systemctl start docker - ืืืกืฃ ืืฉืชืืฉ ืืงืืืฆืช docker ืืื ืืืืืช ืืกืืื ืืืคืขืื ืืช docker ืืื sudo
$ usermod -aG docker user
ืืฉืื ืืื ืืื ืืชืงื ืช docker-compose. ื ืืชื ืืืชืงืื ืืช ืืื ืืฉืืจืืช ืืืื ืืจืืื, ืืื ืื ื ืืขืืืฃ ืืืชืงืื ืืจื ื-pip manager ื-virtualenv, ืืื ืื ืืืขืืืก ืขื ืืืขืจืืช ืืืืืืืช ืืืืชืจืืช.
- ืืชืงื pip
$ sudo yum install python-pip - ืืชืงื ืืช virtualenv
$ pip install virtualenv - ืืืืจ ืืื ืขืืื ืืืฆืืจ ืชืืงืื ืขื ืืคืจืืืงื ืืืืชืื ืืืชื. ืืชืืงืื ืขื ืื ืื ืฉืืชื ืฆืจืื ืืื ืื ืื ืืืืืืช ืชืืงืจื ve.
$ mkdir docker $ cd docker $ virtualenv ve - ืืื ืืืชืืื ืืืฉืชืืฉ ืืกืืืื ืืืืจืืืืืืช, ืขืืื ืืืคืขืื ืืช ืืคืงืืื ืืืื ืืชืืงืืืช ืืคืจืืืงื.
$ source ve/bin/activate - ืืชื ืืืื ืืืชืงืื docker-compose.
pip install docker-composeืืื ืฉืืงืื ืืืื ืจืื ืืจืื ืืื ืืช ืืฉื ื, ื ืืฆืืจ ืจืฉืช. ืืืจืืจืช ืืืื, ื ืขืฉื ืฉืืืืฉ ืืื ืื ืืืชืงื ืฉื ืืืฉืจ.
$ docker network create networkืืืืจ ืืื ืขืืื ืืืืืืจ docker-compose, ื-proxy ืืืื ืืชืืงืืืช ื-proxy, ืืชืจ ืืืืืงื ืืืื ืืชืืงืืืช ืืืืืงื. ืืืืืื, ืื ื ืืฉืชืืฉ ืืฉื ืืชืืื example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.ymlืชืึนืึถื proxy/docer-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:ืืฉืชื ื ืืกืืืื NGINX_PROXY_CONTAINER ืืืจืื ืฉืืืืื ืฉื letsencrypt ืืจืื ืืช ืืืื ื-proxy. ืืชืืงืืืช /etc/nginx/certs /etc/nginx/vhost.d ื- /usr/share/nginx/html ืืืืืืช ืืืืืช ืืฉืืชืคืืช ืขื ืืื ืฉื ื ืืืืืืื. ืืื ืฉืืืืื ืฉื letsencrypt ืืคืขื ืืืืื, ืืืคืืืงืฆืื ืืืืืช ืืืืืช ื ืืืฉื ืื ืืืฆืืื 80 ืืื ื-443.
ืชืึนืึถื test/docer-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]ืืื, ืืฉ ืฆืืจื ืืืฉืชื ื ืกืืืื ืืื ืฉืืคืจืืงืกื ืืขืื ื ืืื ืืช ืืืงืฉื ืืฉืจืช ืืืืงืฉ ืืืฉืืจ ืืฉื ืืชืืื ืื ืืื.
ืื ืื ืฉื ืืชืจ ืืื ืืืคืขืื docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
ืืงืืจ: www.habr.com