Te whakatu i te rehitatanga aunoa o nga tiwhikete letsencrypt ma te whakamahi docker i runga i te linux

No tata nei i hurihia e ahau te tūmau mariko, me whirihora ano nga mea katoa. He pai ki a au kia uru atu te paetukutuku ma te https me te tuku tiwhikete kia whiwhi me te whakahou aunoa. Ka taea tenei ma te whakamahi i nga whakaahua docker e rua nginx-proxy me te nginx-proxy-companion.

He aratohu tenei mo te whakatu i tetahi paetukutuku ki Docker, me te takawaenga ka whiwhi aunoa i nga tiwhikete SSL. Ka whakamahia te tūmau mariko CentOS 7.

Ki taku whakaaro kua hokona kētia te tūmau, kua whirihorahia, kua takiuru ma te whakamahi i te kī, kua whakauruhia a fail2ban, aha atu.

Tuatahi me whakauru koe i te docker.

1. Tuatahi me whakauru koe i nga whakawhirinaki

   $ sudo yum install -y yum-utils  device-mapper-persistent-data lvm2

2. Tūhono putunga

   $ sudo yum-config-manager  --add-repo  https://download.docker.com/linux/centos/docker-ce.repo

3. Na ka whakauru i te putanga hapori docker

   $ sudo yum install docker-ce docker-ce-cli containerd.io

4. Tāpiri docker ki te whakaoho me te oma

   $ sudo systemctl enable docker
   $ sudo systemctl start docker

5. Tāpirihia he kaiwhakamahi ki te roopu docker kia taea ai e koe te whakahaere docker me te kore sudo

   $ usermod -aG docker user

Ko te mahi e whai ake nei ko te whakauru docker-compose. Ka taea te whakauru i te taputapu i roto i nga huarahi maha, engari he pai ake taku ki te whakauru ma te kaiwhakahaere pip me te virtualenv, kia kore ai e pakaru te punaha me nga kohinga kore.

1. Tāuta pip

   $ sudo yum install python-pip

2. Tāuta virtualenv

   $ pip install virtualenv

3. I muri mai me hanga e koe he kōpaki me te kaupapa me te arawhiti. Ko te kōpaki me nga mea katoa e hiahia ana koe ki te whakahaere i nga kohinga ka kiia ko ve.

   $ mkdir docker
   $ cd docker
   $ virtualenv ve

4. Hei timata ki te whakamahi i te taiao mariko, me whakahaere e koe te whakahau e whai ake nei i roto i te kōpaki kaupapa.

   $ source ve/bin/activate

5. Ka taea e koe te whakauru docker-compose.

   pip install docker-compose

   Kia kite nga ipu tetahi ki tetahi, ka hangaia he whatunga. Ma te taunoa, ka whakamahia te taraiwa piriti.

   $ docker network create network

   I muri mai ka hiahia koe ki te whirihora i te docker-compose, ka noho te takawaenga ki te kōpaki takawaenga, ka noho te waahi whakamatautau ki te kōpaki whakamatautau. Hei tauira, kei te whakamahi ahau i te ingoa rohe example.com

   $ mkdir proxy
   $ mkdir test
   $ touch proxy/docker-compose.yml
   $ touch test/docker-compose.yml

   Ihirangi takawaenga/docker-compose.yml

   version: '3'
   
   networks:
     default:
       external:
         name: network
   
   services:
     nginx-proxy:
       container_name: nginx-proxy
       image: jwilder/nginx-proxy
       ports:
         - 80:80
         - 443:443
       volumes:
         - certs:/etc/nginx/certs
         - vhost.d:/etc/nginx/vhost.d
         - html:/usr/share/nginx/html
         - /var/run/docker.sock:/tmp/docker.sock:ro
   
     nginx-proxy-letsencrypt:
       container_name: nginx-proxy-letsencrypt
       image: jrcs/letsencrypt-nginx-proxy-companion
       volumes: 
         - certs:/etc/nginx/certs
         - vhost.d:/etc/nginx/vhost.d
         - html:/usr/share/nginx/html
         - /var/run/docker.sock:/var/run/docker.sock:ro
       environment:
         - NGINX_PROXY_CONTAINER=nginx-proxy
   
   volumes:
     certs:
     vhost.d:
     html:

   Taurangi taiao NGINX_PROXY_CONTAINER he mea tika kia kite te ipu letsencrypt i te ipu takawaenga. Ko nga kōpaki /etc/nginx/certs /etc/nginx/vhost.d me /usr/share/nginx/html me tiri e nga ipu e rua. Kia tika te mahi o te ipu letsencrypt, me uru te tono ki te tauranga 80 me te 443.

   Ihirangi whakamātautau/docker-compose.yml

   version: '3'
   
   networks:
     default:
       external:
         name: network
   
   services:
   
     nginx:
       container_name: nginx
       image: nginx:latest
       environment:
         - VIRTUAL_HOST=example.com
         - LETSENCRYPT_HOST=example.com
         - [email protected]

   I konei, ka hiahiatia nga taurangi taiao kia tika ai te tukatuka i te tono a te takawaenga ki te tūmau me te tono tiwhikete mo te ingoa rohe tika.

   Ko nga mea e toe ana ko te whakahaere docker-compose

   $ cd proxy
   $ docker-compose up -d
   $ cd ../test
   $ docker-compose up -d

Source: will.com