Ini nguva pfupi yadarika ndakachinja sevha chaiyo, uye ndaifanira kugadzirisa zvese zvakare. Ini ndinoda kuti saiti iwanikwe kuburikidza ne https uye letsencrypt zvitupa zviwanikwe uye kuvandudzwa otomatiki. Izvi zvinogona kuwanikwa nekushandisa maviri docker mifananidzo nginx-proxy uye nginx-proxy-shamwari.
Iri igwara rekuti ungamisa sei webhusaiti paDocker, ine proxy inogamuchira otomatiki zvitupa zveSSL. Iyo CentOS 7 virtual server inoshandiswa.
Ini ndinofungidzira kuti sevha yakatotengwa, yakagadziriswa, yakapinda uchishandisa kiyi, fail2ban yakaiswa, nezvimwe.
Kutanga iwe unofanirwa kuisa docker.
- Kutanga iwe unofanirwa kuisa dependencies
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2 - Batanidza repository
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - Wobva waisa docker nharaunda edition
$ sudo yum install docker-ce docker-ce-cli containerd.io - Wedzera docker kutanga uye kumhanya
$ sudo systemctl enable docker $ sudo systemctl start docker - Wedzera mushandisi kuboka re docker kuti ukwanise kumhanya docker pasina sudo
$ usermod -aG docker user
Nhanho inotevera ndeyekuisa docker-compose. Iyo yekushandisa inogona kuiswa munzira dzinoverengeka, asi ini ndinosarudza kuisa kuburikidza nepip maneja uye virtualenv, kuti urege kusanganisa sisitimu nemapakeji asina kufanira.
- Isa pip
$ sudo yum install python-pip - Isa virtualenv
$ pip install virtualenv - Tevere iwe unofanirwa kugadzira folda ine purojekiti uye woitanga. Iyo folda ine zvese zvaunoda kubata mapakeji ichanzi ve.
$ mkdir docker $ cd docker $ virtualenv ve - Kuti utange kushandisa iyo chaiyo nharaunda, iwe unofanirwa kumhanya unotevera kuraira mune purojekiti folda.
$ source ve/bin/activate - Unogona kuisa docker-compose.
pip install docker-composeKuti midziyo ione mumwe nemumwe, isu tichagadzira network. Nokusingaperi, mutyairi webhiriji anoshandiswa.
$ docker network create networkTevere iwe unofanirwa kugadzirisa docker-compose, iyo proxy ichave iri muproxy folda, saiti yekuyedza ichave muyedzo folda. Semuenzaniso, ndiri kushandisa zita rezita rekuti example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.ymlZvemukati proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:Environment variable NGINX_PROXY_CONTAINER zvinodikanwa kuti letsencrypt mudziyo uone iyo proxy mudziyo. Iyo /etc/nginx/certs /etc/nginx/vhost.d uye /usr/share/nginx/html maforodha anofanira kugovaniswa nemidziyo miviri. Kuti letsencrypt mudziyo ushande nemazvo, application yacho inofanirwa kuwanikwa pachiteshi 80 ne443.
Zvemukati test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]Pano, shanduko yemamiriro ekunze inodiwa kuti proxy inyatso kugadzirisa chikumbiro kune server uye kukumbira chitupa chezita chairo rezita.
Chasara kumhanyisa docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
Source: www.habr.com