Posachedwa ndasintha seva yeniyeni, ndipo ndimayenera kukonza zonse kachiwiri. Ndimakonda kuti tsambalo lizipezeka kudzera pa https ndi satifiketi za lesencrypt kuti zipezeke ndikusinthidwa zokha. Izi zitha kuchitika pogwiritsa ntchito zithunzi ziwiri za docker nginx-proxy ndi nginx-proxy-companion.
Uwu ndi kalozera wamomwe mungakhazikitsire tsamba la webusayiti pa Docker, wokhala ndi projekiti yomwe imangolandira ziphaso za SSL. Seva yeniyeni ya CentOS 7 imagwiritsidwa ntchito.
Ndikuganiza kuti seva idagulidwa kale, kukonzedwa, kulowetsedwa pogwiritsa ntchito kiyi, fail2ban yoyika, ndi zina.
Choyamba muyenera kukhazikitsa docker.
- Choyamba muyenera kukhazikitsa dependencies
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2 - Gwirizanitsani posungira
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - Kenako yikani mtundu wa gulu la docker
$ sudo yum install docker-ce docker-ce-cli containerd.io - Onjezani docker kuti muyambe ndikuyendetsa
$ sudo systemctl enable docker $ sudo systemctl start docker - Onjezani wogwiritsa pagulu la docker kuti athe kuyendetsa docker popanda sudo
$ usermod -aG docker user
Chotsatira ndikukhazikitsa docker-compose. Zomwe zimagwiritsidwa ntchito zimatha kukhazikitsidwa m'njira zingapo, koma ndimakonda kuyika kudzera pa pip manager ndi virtualenv, kuti musasokoneze dongosolo ndi phukusi losafunika.
- Ikani pip
$ sudo yum install python-pip - Ikani virtualenv
$ pip install virtualenv - Kenako muyenera kupanga chikwatu ndi polojekiti ndikuyambitsa. Foda yomwe ili ndi zonse zomwe mungafune kuti musamalire phukusi imatchedwa ve.
$ mkdir docker $ cd docker $ virtualenv ve - Kuti muyambe kugwiritsa ntchito chilengedwe, muyenera kuyendetsa lamulo lotsatira mufoda ya polojekiti.
$ source ve/bin/activate - Mutha kukhazikitsa docker-compose.
pip install docker-composeKuti makontena awonane, tipanga network. Mwachikhazikitso, woyendetsa mlatho amagwiritsidwa ntchito.
$ docker network create networkKenako muyenera kukonza docker-compose, woyimirayo adzakhala mufoda ya proxy, malo oyeserera adzakhala mufoda yoyeserera. Mwachitsanzo, ndikugwiritsa ntchito domain name example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.ymlZokhutira proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:Kusintha kwa chilengedwe NGINX_PROXY_CONTAINER ndikofunikira kuti chidebe cha letsencrypt chiwone chotengera choyimira. Mafoda a /etc/nginx/certs /etc/nginx/vhost.d ndi /usr/share/nginx/html ayenera kugawidwa ndi zida zonse ziwiri. Kuti chidebe cha letsencrypt chigwire ntchito moyenera, ntchitoyo iyenera kupezeka pamadoko onse 80 ndi 443.
Zokhutira test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]Apa, zosintha zachilengedwe zimafunikira kuti wothandizila agwiritse ntchito bwino pempho ku seva ndikupempha satifiketi ya dzina loyenera la domain.
Zomwe zatsala ndikuyendetsa docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
Source: www.habr.com