Haufinyane tjena ke ile ka fetola seva ea sebele, 'me ka tlameha ho lokisa ntho e' ngoe le e 'ngoe hape. Ke khetha hore sebaka sa marang-rang se fumanehe ka https le litifikeiti tsa letsencrypt li fumanoe le ho nchafatsoa ka bohona. Sena se ka finyelloa ka ho sebelisa litšoantšo tse peli tsa docker nginx-proxy le nginx-proxy-companion.
Ena ke tataiso ea mokhoa oa ho theha sebaka sa marang-rang ho Docker, ka proxy e amohelang litifikeiti tsa SSL ka bo eona. Seva ea sebele ea CentOS 7 e sebelisoa.
Ke nahana hore seva se se se rekiloe, se hlophisitsoe, se kene ka har'a senotlolo, se kentsoe fail2ban, joalo-joalo.
Pele o hloka ho kenya docker.
- Pele u lokela ho kenya dependencies
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
- Hokela polokelo
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- Ebe u kenya khatiso ea sechaba ea docker
$ sudo yum install docker-ce docker-ce-cli containerd.io
- Kenya docker ho qala le ho matha
$ sudo systemctl enable docker $ sudo systemctl start docker
- Eketsa mosebelisi ho sehlopha sa li-docker ho khona ho tsamaisa docker ntle le sudo
$ usermod -aG docker user
Mohato o latelang ke ho kenya docker-compose. Sesebelisoa se ka kenngoa ka litsela tse 'maloa, empa ke khetha ho kenya ka mookameli oa pip le virtualenv, e le hore u se ke ua kopanya tsamaiso ka liphutheloana tse sa hlokahaleng.
- Kenya pip
$ sudo yum install python-pip
- Kenya virtualenv
$ pip install virtualenv
- Ka mor'a moo, o hloka ho theha foldara ka projeke ebe o e qala. Foldara e nang le tsohle tseo o li hlokang ho tsamaisa liphutheloana e tla bitsoa ve.
$ mkdir docker $ cd docker $ virtualenv ve
- Ho qala ho sebelisa tikoloho e fumanehang, o hloka ho tsamaisa taelo e latelang foldareng ea projeke.
$ source ve/bin/activate
- U ka kenya docker-compose.
pip install docker-compose
E le hore lijana li bonane, re tla theha marang-rang. Ka ho sa feleng, ho sebelisoa mokhanni oa borokho.
$ docker network create network
Ka mor'a moo o hloka ho lokisa docker-compose, moemeli o tla ba foldareng ea proxy, sebaka sa tlhahlobo se tla ba foldareng ea liteko. Ka mohlala, ke sebelisa domain name example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.yml
Litaba proxy/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:
Tikoloho e fapaneng NGINX_PROXY_CONTAINER hoa hlokahala hore setshelo sa letsencrypt se bone setshelo sa proxy. Li-folders tsa /etc/nginx/certs /etc/nginx/vhost.d le /usr/share/nginx/html li tlameha ho arolelanoa ke lijana ka bobeli. E le hore setshelo sa letsencrypt se sebetse ka nepo, kopo e tlameha ho fumaneha ho li-port 80 le 443 ka bobeli.
Litaba test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]
Mona, ho hlokahala mefuta e fapaneng ea tikoloho e le hore moemeli a sebetse ka nepo kopo ho seva mme a kope setifikeiti sa lebitso le nepahetseng la domain.
Ho setseng ke ho tsamaisa docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
Source: www.habr.com