Docker compose+；Nginx+；Certbot+；简单的Django Rest框架应用程序_Docker_Nginx_Docker Compose_Lets Encrypt_Certbot

Docker compose+；Nginx+；Certbot+；简单的Django Rest框架应用程序

docker nginx docker-compose

Docker compose+；Nginx+；Certbot+；简单的Django Rest框架应用程序,docker,nginx,docker-compose,lets-encrypt,certbot,Docker,Nginx,Docker Compose,Lets Encrypt,Certbot,我正在尝试使用Docker将一个简单的Django Rest框架应用程序部署到生产服务器。我的目标是安装带有代理和Certbot的Nginx，以同时实现常规的Let'sEncrypt SSL。我在DockerFile和docker compose中管理依赖项因此，文件夹结构具有以下视图：应用程序 DockerFile nginx DockerFile init-letsencrypt.sh nginx.conf docker-compose.yml 我的想法是保存app/do

我正在尝试使用Docker将一个简单的Django Rest框架应用程序部署到生产服务器。我的目标是安装带有代理和Certbot的Nginx，以同时实现常规的Let'sEncrypt SSL。我在DockerFile和docker compose中管理依赖项

因此，文件夹结构具有以下视图：

应用程序
- DockerFile
nginx
- DockerFile
- init-letsencrypt.sh
- nginx.conf
docker-compose.yml

我的想法是保存app/docker-compose.yml中的所有配置，并从同一个源启动许多不同的实例。但我在app/DockerFile中没有任何nginx或certbot配置——这只适用于Django Rest框架，而且运行良好。但是在docker compose.yml中，我有以下代码：

version: '3'

'services':
    app:
      container_name: djangoserver
      command: gunicorn prototyp.wsgi:application --env DJANGO_SETTINGS_MODULE=prototyp.prod_settings --bind 0.0.0.0:8000 --workers=2 --threads=4 --worker-class=gthread
      build:
        context: ./api
        dockerfile: Dockerfile
      restart: always
      ports:
        - "8000:8000"
      depends_on:
        - otherserver
    otherserver:
      container_name: otherserver
      build:
        context: ./otherserver
        dockerfile: Dockerfile
      restart: always
    nginx:
      build: ./nginx
      ports:
         - 80:80
      depends_on:
         - app
      command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
    certbot:
      image: certbot/certbot
      entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

upstream django {
    server app:8000;
}

server {
    listen 80;
    server_name app.com www.app.com;
    location / {
        return 301 https://$host$request_uri;
    }
}

server {

    listen 443 ssl;
    server_name app.com www.app.com;
    access_log /var/log/nginx-access.log;
    error_log /var/log/nginx-error.log;

    ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location ^/static/rest_framework/((img/|css/|js/|fonts).*)$ {
        autoindex on;
        access_log off;
        alias /usr/src/app/static/rest_framework/$1;
    }

    location / {
        proxy_pass http://django;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_body_buffer_size 256k;

        proxy_connect_timeout 120;
        proxy_send_timeout 120;
        proxy_read_timeout 120;

        proxy_buffer_size 64k;
        proxy_buffers 4 64k;
        proxy_busy_buffers_size 64k;
        proxy_temp_file_write_size 64k;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        client_max_body_size 100M;
    }
}

这使得我需要构建“app”、“otherserver”、“nginx”和“certbot”。最重要的部分在“nginx”文件夹中。我使用并克隆了源代码中的文件“init letsencrypt.sh”，就像描述的那样。然后我试着猛击它：

nginx/DockerFile：

FROM nginx:1.19.0-alpine
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/conf.d
RUN mkdir -p /usr/src/app
COPY init-letsencrypt.sh /usr/src/app
WORKDIR /usr/src/app
RUN chmod +x init-letsencrypt.sh
ENTRYPOINT ["/usr/src/app/init-letsencrypt.sh"]

在nginx/nginx.conf中，我有以下代码：

version: '3' 'services': app: container_name: djangoserver command: gunicorn prototyp.wsgi:application --env DJANGO_SETTINGS_MODULE=prototyp.prod_settings --bind 0.0.0.0:8000 --workers=2 --threads=4 --worker-class=gthread build: context: ./api dockerfile: Dockerfile restart: always ports: - "8000:8000" depends_on: - otherserver otherserver: container_name: otherserver build: context: ./otherserver dockerfile: Dockerfile restart: always nginx: build: ./nginx ports: - 80:80 depends_on: - app command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" certbot: image: certbot/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

upstream django { server app:8000; } server { listen 80; server_name app.com www.app.com; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name app.com www.app.com; access_log /var/log/nginx-access.log; error_log /var/log/nginx-error.log; ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location ^/static/rest_framework/((img/|css/|js/|fonts).*)$ { autoindex on; access_log off; alias /usr/src/app/static/rest_framework/$1; } location / { proxy_pass http://django; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_body_buffer_size 256k; proxy_connect_timeout 120; proxy_send_timeout 120; proxy_read_timeout 120; proxy_buffer_size 64k; proxy_buffers 4 64k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 100M; } }
因此，当我执行“docker compose build”时，使用此配置，构建工作没有任何错误，并且所有内容都成功构建。但一旦我做了“docker compose up”，我就有一个问题，certbot和nginx无法连接，只有当我使用而不是使用时，应用程序才能工作。在控制台中，我没有任何错误。
我做错了什么？我错过了什么？如有任何帮助，我们将不胜感激。
如我所见，您尚未公开nginx容器的443端口：

nginx: build: ./nginx ports: - 80:80 - 443:443 depends_on:

添加更多
443
端口。
不幸的是，它抛出了“standard_init_linux.go:211:exec用户进程导致”没有这样的文件或目录“。。。我做错了什么？