我们正在努力通过ssl设置多个网站托管,并通过SSL托管,我们能够在没有SSL及其正常工作的情况下部署解决方案将其与SSL放置在HTTPS调用上失败。我们的Docker-Compose文件如下:
docker-compose.yml
site1:
build: site1
environment:
VIRTUAL_HOST: site1.domainlocal.com
VIRTUAL_PROTO: https
restart: always
site2:
build: site2
environment:
VIRTUAL_HOST: site2.domainlocal.com
VIRTUAL_PROTO: https
restart: always
site3:
build: site3
environment:
VIRTUAL_HOST: site3.domainlocal.com
VIRTUAL_PROTO: https
restart: always
nginx-proxy:
image: jwilder/nginx-proxy:alpine
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
restart: always
privileged: true
ps:"证书"文件夹与Docker-Compose文件相同的文件夹中。
使用openssl
使用自签名证书文件夹结构就像:
Main_folder-|
|- docker-compose.yml
|
|- certs/.csr and .key files
|
|- site1/Dockerfile + Nodejs
|- site2/Dockerfile + Nodejs
|- site3/Dockerfile + Nodejs
请提出问题的可能原因和解决方案。
Docker PS的输出:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c71b52c3e6bd compose_site3 "/bin/sh -c 'node ..." 3 days ago Up 3 days 80/tcp compose_site3_1
41ffb9ec3983 jwilder/nginx-proxy "/app/docker-entry..." 3 days ago Up 3 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp compose_nginx-proxy_1
a154257c62ec compose_site1 "/bin/sh -c 'node ..." 3 days ago Up 3 days 80/tcp compose_site1_1
3ed556e9287e compose_site2 "/bin/sh -c 'node ..." 3 days ago Up 3 days 80/tcp compose_site2_1
因此,在花了很多时间之后,我才能解决问题。因此,对于与jwilder/nginx-proxy集成的SSL集成,没有任务命名域名的证书和钥匙,而是任何名称的名称,您只需要在Docker-Compose文件中提及证书名称(我找到了这种方法通过命中和审判)。因此,您的Docker撰写文件应该看起来像:
site1:
build: site1
environment:
VIRTUAL_HOST: site1.domainlocal.com
CERT_NAME: mycertificate
volumes:
- /etc/ssl/certs:/etc/ssl/certs:ro
restart: always
site2:
build: site2
environment:
VIRTUAL_HOST: site2.domainlocal.com
CERT_NAME: mycertificate
volumes:
- /etc/ssl/certs:/etc/ssl/certs:ro
restart: always
site3:
build: site3
environment:
VIRTUAL_HOST: site3.domainlocal.com
CERT_NAME: mycertificate
volumes:
- /etc/ssl/certs:/etc/ssl/certs:ro
restart: always
nginx-proxy:
image: jwilder/nginx-proxy:alpine
ports:
- "80:80"
- "443:443"
environment:
DEFAULT_HOST: domainlocal.com #default host
CERT_NAME: mycertificate # Wildcard Certificate name without extension
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/ssl/certs:/etc/nginx/certs #certificate path in docker container
restart: always
privileged: true
,只需使用" docker-compose-up-up"构建并运行构图
您的证书应以'.crt'扩展名而不是'.csr'结束。还要确保它适当地命名为域,与Virtual_Host变量匹配。根据文档:
证书和密钥应以带有.crt和.key扩展名的虚拟主机命名。例如,一个带有virtual_host的容器= foo.bar.com应该有一个foo.bar.com.crt and foo.bar.com..key File在CERTS目录中。