Kutshanje nditshintshe umncedisi wenyani, kwaye kwafuneka ndiqwalasele yonke into kwakhona. Ndikhetha ukuba indawo ifikeleleke nge-https kwaye izatifikethi ze-letsencrypt zifunyenwe kwaye zihlaziywe ngokuzenzekelayo. Oku kunokufezekiswa ngokusebenzisa imifanekiso emibini yedocker ye-nginx-proxy kunye ne-nginx-proxy-iqabane.
Esi sisikhokelo sendlela yokuseta iwebhusayithi kwi-Docker, ene-proxy efumana ngokuzenzekelayo izatifikethi ze-SSL. I-CentOS 7 iseva yenyani iyasetyenziswa.
Ndicinga ukuba iseva sele ithengiwe, yacwangciswa, yangena kusetyenziswa isitshixo, ifail2ban ifakiwe, njl.
Okokuqala kufuneka ufake i-docker.
- Okokuqala kufuneka ufake ukuxhomekeka
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
- Qhagamshela indawo yokugcina
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- Emva koko faka i-docker yoluntu edition
$ sudo yum install docker-ce docker-ce-cli containerd.io
- Yongeza i-docker ukuqalisa kwaye uqhube
$ sudo systemctl enable docker $ sudo systemctl start docker
- Yongeza umsebenzisi kwiqela le-docker ukuze ukwazi ukuqhuba i-docker ngaphandle kwe-sudo
$ usermod -aG docker user
Inyathelo elilandelayo kukufaka i-docker-compose. Into eluncedo inokufakwa ngeendlela ezininzi, kodwa ndikhetha ukuyifaka ngokusebenzisa umphathi wepip kunye ne-virtualenv, ukuze ungaxubanisi inkqubo kunye neepakethe ezingeyomfuneko.
- Faka ipip
$ sudo yum install python-pip
- Faka i-virtualenv
$ pip install virtualenv
- Okulandelayo kufuneka wenze ifolda ngeprojekthi kwaye uyiqalise. Incwadi eneenkcukacha yonke into oyifunayo ukulawula iipakethe iya kubizwa ngokuba yi-ve.
$ mkdir docker $ cd docker $ virtualenv ve
- Ukuqala ukusebenzisa imeko-bume yenyani, kufuneka usebenzise lo myalelo ulandelayo kwifolda yeprojekthi.
$ source ve/bin/activate
- Unokufaka i-docker-compose.
pip install docker-compose
Ukuze izikhongozeli zibonane, siya kwenza inethiwekhi. Ngokungagqibekanga, umqhubi webhulorho usetyenziswa.
$ docker network create network
Okulandelayo kufuneka uqwalasele i-docker-compose, i-proxy iya kuba kwifolda ye-proxy, indawo yokuvavanya iya kuba kwifolda yovavanyo. Umzekelo, ndisebenzisa igama lesizinda umzekelo.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.yml
Umxholo ummeli/idocker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:
Ukuguquguquka kwendalo NGINX_PROXY_CONTAINER Kuyimfuneko kwisikhongozeli se-letsncrypt ukubona isikhongozeli se-proxy. I/etc/nginx/certs/etc/nginx/vhost.d kunye/usr/share/nginx/html iifolda kufuneka kwabelwane ngazo zombini izikhongozeli. Ukuze isikhongozeli se-letsncrypt sisebenze ngokuchanekileyo, isicelo kufuneka sifumaneke kuzo zombini izibuko 80 kunye ne-443.
Umxholo test/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]
Apha, izinto eziguquguqukayo zemekobume ziyafuneka ukuze ummeli aqhube ngokuchanekileyo isicelo kumncedisi kwaye acele isatifikethi segama lesizinda elichanekileyo.
Ekuphela kwento eseleyo kukuqhuba i-docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
umthombo: www.habr.com