Waxaan dhawaan bedelay server-ka farsamada, oo waxay ahayd inaan wax walba habeeyo mar kale. Waxaan doorbidayaa in goobta laga heli karo https oo shahaadooyinka letsencrypt la helo oo si toos ah loo cusbooneysiiyo. Tan waxaa lagu gaari karaa iyadoo la adeegsanayo laba sawir-qaade nginx-proxy iyo nginx-proxy-companion.
Tani waa hage ku saabsan sida loo sameeyo degel Docker, oo leh wakiil si toos ah u hela shahaadooyinka SSL. Adeegga farsamada ee CentOS 7 ayaa la isticmaalaa.
Waxaan u malaynayaa in server-ka mar hore la iibsaday, la habeeyey, lagu soo galay fure, fail2ban la rakibay, iwm.
Marka hore waxaad u baahan tahay inaad rakibto docker.
- Marka hore waxaad u baahan tahay inaad rakibto ku-tiirsanaanta
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
- Ku xidh kaydka
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- Kadibna ku rakib daabacaadda bulshada docker
$ sudo yum install docker-ce docker-ce-cli containerd.io
- Ku dar docker si aad u bilowdo oo orod
$ sudo systemctl enable docker $ sudo systemctl start docker
- Kudar isticmaale kooxda xirayaasha si ay u awoodaan in ay ku shaqeeyaan docker la'aan sudo
$ usermod -aG docker user
Talaabada xigta waa in lagu rakibo docker-compose. Utility waxaa lagu rakibi karaa siyaabo dhowr ah, laakiin waxaan door bidaa in lagu rakibo iyada oo loo marayo maareeyaha pip iyo virtualenv, si aysan u dhicin nidaamka baakadaha aan loo baahnayn.
- Ku rakib pip
$ sudo yum install python-pip
- Ku rakib virtualenv
$ pip install virtualenv
- Marka xigta waxaad u baahan tahay inaad abuurto galka mashruuca oo aad bilawdo. Galka ay ku jiraan wax kasta oo aad u baahan tahay si aad u maamusho xirmooyinka waxaa loogu yeeraa ve.
$ mkdir docker $ cd docker $ virtualenv ve
- Si aad u bilowdo isticmaalka jawiga farsamada, waxaad u baahan tahay inaad ku socodsiiso amarka soo socda galka mashruuca.
$ source ve/bin/activate
- Waxaad ku rakibi kartaa docker-compose.
pip install docker-compose
Si ay weelku isu arkaan, waxaanu samayn doonaa shabakad. Sida caadiga ah, darawalka buundada ayaa la isticmaalaa.
$ docker network create network
Marka xigta waxaad u baahan tahay inaad dejiso docker-compose, wakiilku wuxuu ku jiri doonaa galka wakiillada, goobta imtixaanku waxay ku jiri doontaa galka tijaabada. Tusaale ahaan, waxaan isticmaalayaa magaca domain example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.yml
Nuxurka proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:
Doorsoomayaasha deegaanka NGINX_PROXY_CONTAINER waa lagama maarmaan in weelka letsencrypt uu arko weelka wakiilka. Faylasha /etc/nginx/certs /etc/nginx/vhost.d iyo /usr/share/nginx/html waa in ay wadaagaan labada weel. Si weelka letsencrypt uu si sax ah ugu shaqeeyo, arjiga waa inuu noqdaa mid laga heli karo dekada 80 iyo 443 labadaba.
Nuxurka test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]
Halkan, doorsoomayaasha deegaanka ayaa loo baahan yahay si wakiilku si sax ah u socodsiiyo codsiga serverka oo uu u codsado shahaado magaca domainka saxda ah.
Waxa hadhay oo dhan waa in la sameeyo docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
Source: www.habr.com