小贝子编程

jwilder/nginx-proxy:无法将SSL与nginx集成



我们正在努力通过ssl设置多个网站托管,并通过SSL托管,我们能够在没有SSL及其正常工作的情况下部署解决方案将其与SSL放置在HTTPS调用上失败。我们的Docker-Compose文件如下:

docker-compose.yml 

site1:
  build: site1
  environment:
    VIRTUAL_HOST: site1.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always
site2:
  build: site2
  environment:
    VIRTUAL_HOST: site2.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always
site3:
  build: site3
  environment:
    VIRTUAL_HOST: site3.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always
nginx-proxy:
  image: jwilder/nginx-proxy:alpine
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - certs:/etc/nginx/certs:ro
  restart: always
  privileged: true

ps:"证书"文件夹与Docker-Compose文件相同的文件夹中。

使用openssl

使用自签名证书

文件夹结构就像:

Main_folder-|
            |- docker-compose.yml
            |
            |- certs/.csr and .key files
            |
            |- site1/Dockerfile + Nodejs
            |- site2/Dockerfile + Nodejs
            |- site3/Dockerfile + Nodejs

请提出问题的可能原因和解决方案。

Docker PS的输出:

CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                                      NAMES
c71b52c3e6bd        compose_site3   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site3_1
41ffb9ec3983        jwilder/nginx-proxy   "/app/docker-entry..."   3 days ago          Up 3 days           0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   compose_nginx-proxy_1
a154257c62ec        compose_site1   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site1_1
3ed556e9287e        compose_site2   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site2_1

因此,在花了很多时间之后,我才能解决问题。因此,对于与jwilder/nginx-proxy集成的SSL集成,没有任务命名域名的证书和钥匙,而是任何名称的名称,您只需要在Docker-Compose文件中提及证书名称(我找到了这种方法通过命中和审判)。因此,您的Docker撰写文件应该看起来像:

site1:
  build: site1
  environment:
    VIRTUAL_HOST: site1.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always
site2:
  build: site2
  environment:
    VIRTUAL_HOST: site2.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always
site3:
  build: site3
  environment:
    VIRTUAL_HOST: site3.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always
nginx-proxy:
  image: jwilder/nginx-proxy:alpine
  ports:
    - "80:80"
    - "443:443"
  environment:
    DEFAULT_HOST: domainlocal.com #default host
    CERT_NAME: mycertificate # Wildcard Certificate name without extension  
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - /etc/ssl/certs:/etc/nginx/certs  #certificate path in docker container
  restart: always
  privileged: true

,只需使用" docker-compose-up-up"构建并运行构图

您的证书应以'.crt'扩展名而不是'.csr'结束。还要确保它适当地命名为域,与Virtual_Host变量匹配。根据文档:

证书和密钥应以带有.crt和.key扩展名的虚拟主机命名。例如,一个带有virtual_host的容器= foo.bar.com应该有一个foo.bar.com.crt and foo.bar.com..key File在CERTS目录中。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium