Mo ṣẹṣẹ yipada olupin foju, ati pe o ni lati tunto ohun gbogbo lẹẹkansi. Mo fẹ ki aaye naa wa nipasẹ https ati pe awọn iwe-ẹri letsencrypt jẹ ki o tunse laifọwọyi. Eyi le ṣe aṣeyọri nipa lilo awọn aworan docker meji nginx-proxy ati nginx-proxy-companion.
Eyi jẹ itọsọna lori bii o ṣe le ṣeto oju opo wẹẹbu kan lori Docker, pẹlu aṣoju ti o gba awọn iwe-ẹri SSL laifọwọyi. A ti lo olupin foju CentOS 7.
Mo ro pe olupin ti ra tẹlẹ, tunto, buwolu wọle ni lilo bọtini kan, fail2ban fi sori ẹrọ, ati bẹbẹ lọ.
Ni akọkọ o nilo lati fi docker sori ẹrọ.
- Ni akọkọ o nilo lati fi sori ẹrọ awọn igbẹkẹle
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2 - So ibi ipamọ
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - Lẹhinna fi ẹda agbegbe docker sori ẹrọ
$ sudo yum install docker-ce docker-ce-cli containerd.io - Ṣafikun docker si ibẹrẹ ati ṣiṣe
$ sudo systemctl enable docker $ sudo systemctl start docker - Ṣafikun olumulo kan si ẹgbẹ docker lati ni anfani lati ṣiṣẹ docker laisi sudo
$ usermod -aG docker user
Igbesẹ ti o tẹle ni lati fi docker-compose sori ẹrọ. IwUlO le fi sori ẹrọ ni awọn ọna pupọ, ṣugbọn Mo fẹ lati fi sii nipasẹ oluṣakoso pip ati virtualenv, nitorinaa ki o maṣe dapọ eto naa pẹlu awọn idii ti ko wulo.
- Fi sori ẹrọ pip
$ sudo yum install python-pip - Fi sori ẹrọ virtualenv
$ pip install virtualenv - Nigbamii o nilo lati ṣẹda folda kan pẹlu iṣẹ akanṣe ati bẹrẹ rẹ. Awọn folda pẹlu ohun gbogbo ti o nilo lati ṣakoso awọn jo yoo wa ni a npe ve.
$ mkdir docker $ cd docker $ virtualenv ve - Lati bẹrẹ lilo agbegbe foju, o nilo lati ṣiṣẹ aṣẹ atẹle ni folda ise agbese.
$ source ve/bin/activate - O le fi docker-compose sori ẹrọ.
pip install docker-composeNi ibere fun awọn apoti lati rii ara wọn, a yoo ṣẹda nẹtiwọki kan. Nipa aiyipada awakọ Afara ti lo.
$ docker network create networkNigbamii o nilo lati tunto docker-compose, aṣoju yoo wa ninu folda aṣoju, aaye idanwo yoo wa ninu folda idanwo naa. Fun apẹẹrẹ, Mo n lo orukọ ìkápá example.com
$ mkdir proxy $ mkdir test $ touch proxy/docker-compose.yml $ touch test/docker-compose.ymlAkoonu aṣoju/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx-proxy: container_name: nginx-proxy image: jwilder/nginx-proxy ports: - 80:80 - 443:443 volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro nginx-proxy-letsencrypt: container_name: nginx-proxy-letsencrypt image: jrcs/letsencrypt-nginx-proxy-companion volumes: - certs:/etc/nginx/certs - vhost.d:/etc/nginx/vhost.d - html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro environment: - NGINX_PROXY_CONTAINER=nginx-proxy volumes: certs: vhost.d: html:Ayika oniyipada NGINX_PROXY_CONTAINER o jẹ pataki fun letsencrypt eiyan lati ri awọn aṣoju eiyan. Awọn folda /etc/nginx/certs /etc/nginx/vhost.d ati /usr/share/nginx/html gbọdọ jẹ pinpin nipasẹ awọn apoti mejeeji. Fun apo eiyan letsencrypt lati ṣiṣẹ ni deede, ohun elo gbọdọ wa ni iraye si lori ibudo 80 ati 443 mejeeji.
Akoonu igbeyewo/docker-compose.yml
version: '3' networks: default: external: name: network services: nginx: container_name: nginx image: nginx:latest environment: - VIRTUAL_HOST=example.com - LETSENCRYPT_HOST=example.com - [email protected]Nibi, awọn oniyipada ayika ni a nilo ki aṣoju naa ṣe ilana deede ibeere si olupin ati beere ijẹrisi fun orukọ ìkápá to pe.
Gbogbo ohun ti o ku ni lati ṣiṣẹ docker-compose
$ cd proxy $ docker-compose up -d $ cd ../test $ docker-compose up -d
orisun: www.habr.com