Aku bubar diganti server virtual, lan kudu ngatur kabeh maneh. Aku luwih seneng situs kasebut bisa diakses liwat https lan sertifikat letsencrypt dipikolehi lan dianyari kanthi otomatis. Iki bisa digayuh kanthi nggunakake rong gambar docker nginx-proxy lan nginx-proxy-companion.
Iki minangka pandhuan babagan carane nyiyapake situs web ing Docker, kanthi proxy sing kanthi otomatis nampa sertifikat SSL. Server virtual CentOS 7 digunakake.
Aku nganggep yen server wis dituku, dikonfigurasi, mlebu nggunakake kunci, diinstal fail2ban, lsp.
Pisanan sampeyan kudu nginstal docker.
- Pisanan sampeyan kudu nginstal dependensi
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
- Sambungake repositori
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- Banjur instal edisi komunitas docker
$ sudo yum install docker-ce docker-ce-cli containerd.io
- Tambah docker kanggo miwiti lan mbukak
$ sudo systemctl enable docker $ sudo systemctl start docker
- Tambah pangguna menyang grup docker supaya bisa mbukak docker tanpa sudo
$ usermod -aG docker user
Langkah sabanjure yaiku nginstal docker-compose. Utilitas kasebut bisa diinstal kanthi pirang-pirang cara, nanging aku luwih seneng nginstal liwat manajer pip lan virtualenv, supaya ora ngganggu sistem kanthi paket sing ora perlu.
- Instal pip
$ sudo yum install python-pip
- Instal virtualenv
$ pip install virtualenv
- Sabanjure sampeyan kudu nggawe folder karo project lan initialize iku. Folder karo kabeh sing perlu kanggo ngatur paket bakal disebut ve.
$ mkdir docker $ cd docker $ virtualenv ve
- Kanggo miwiti nggunakake lingkungan virtual, sampeyan kudu mbukak printah ing ngisor iki ing folder project.
$ source ve/bin/activate
- Sampeyan bisa nginstal docker-compose.
pip install docker-compose
Supaya wadhah bisa ndeleng saben liyane, kita bakal nggawe jaringan. Kanthi gawan, driver jembatan digunakake.
$ docker network create network
Sabanjure sampeyan kudu ngonfigurasi docker-compose, proxy bakal ana ing folder proxy, situs test bakal ana ing folder test. Contone, aku nggunakake jeneng domain conto. com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.yml
Konten proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:
Variabel lingkungan NGINX_PROXY_CONTAINER iku perlu kanggo wadhah letsencrypt kanggo ndeleng wadhah proxy. Folder /etc/nginx/certs /etc/nginx/vhost.d lan /usr/share/nginx/html kudu dienggo bareng karo loro wadah kasebut. Supaya wadhah letsencrypt bisa digunakake kanthi bener, aplikasi kasebut kudu bisa diakses ing port 80 lan 443.
Konten test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]
Ing kene, variabel lingkungan dibutuhake supaya proxy kanthi bener ngolah panjaluk menyang server lan njaluk sertifikat kanggo jeneng domain sing bener.
Kabeh sing isih ana yaiku mbukak docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
Source: www.habr.com