域的Docker SSL
我正在尝试使用域为Docker运行SSL。我正在为我的项目使用以下域的Docker SSL,docker,nginx,docker-compose,jwilder-nginx-proxy,Docker,Nginx,Docker Compose,Jwilder Nginx Proxy,我正在尝试使用域为Docker运行SSL。我正在为我的项目使用以下docker compose.yml: web: build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu volumes: - /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/ - /c/Users/marcin/docker/proj
docker compose.yml
:
web:
build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/conf.d/:/etc/nginx/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/log/:/var/log/nginx/
- /c/Users/marcin/docker/projects/newdocker.app/php/config/:/usr/local/etc/php/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/conf.d/:/etc/supervisor/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/log/:/var/log/supervisor/
- /c/Users/marcin/docker/local_share/:/root/.local_share/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: newdocker.php
hostname: newdocker.app
ports:
- "280:22"
- "8300:80"
- "18300:443"
environment:
- VIRTUAL_HOST=newdocker.app
- VIRTUAL_PORT=443
- VIRTUAL_PROTO=https
db:
build: /Users/marcin/docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/mysql/data/:/var/lib/mysql/
- /c/Users/marcin/docker/projects/newdocker.app/mysql/conf.d/:/etc/mysql/conf.d/source
- /c/Users/marcin/docker/projects/newdocker.app/mysql/log/:/var/log/mysql/
ports:
- "33200:3306"
container_name: newdocker.db
hostname: newdocker.app
我还使用了jwilder/nginx代理和以下docker compose.yml
文件:
proxy:
image: jwilder/nginx-proxy
restart: always
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx/conf.d/proxy.conf:/etc/nginx/conf.d/proxy.conf:ro
- ./certs/default.crt:/etc/nginx/certs/default.crt:ro
- ./certs/default.key:/etc/nginx/certs/default.key:ro
ports:
- "80:80"
- "443:443"
container_name: proxy
问题是这样的:
http://192.168.99.100:8300/ - is working fine
https://192.168.99.100:18300/ - is working fine
https://192.168.99.100/ - I'm getting 503 (this is probably fine - this port is not used for this container)
http://newdocker.app/ - is working fine
https://newdocker.app:18300/ - is working fine
https://newdocker.app/ - I'm getting 500
server {
listen 80;
listen 443 default ssl;
server_name localhost;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# set maximum request size to 20M
client_max_body_size 20M;
root /usr/share/nginx/html/public/;
location / {
root /usr/share/nginx/html/public/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
sendfile off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/public/;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SERVER_NAME $host;
}
}
web:
build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/conf.d/:/etc/nginx/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/log/:/var/log/nginx/
- /c/Users/marcin/docker/projects/newdocker.app/php/config/:/usr/local/etc/php/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/conf.d/:/etc/supervisor/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/log/:/var/log/supervisor/
- /c/Users/marcin/docker/local_share/:/root/.local_share/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: newdocker.php
hostname: newdocker.app
ports:
- "280:22"
- "8300:80"
- "18300:443"
environment:
- VIRTUAL_HOST=newdocker.app
- CERT_NAME=default
- HTTPS_METHOD=noredirect
db:
build: /Users/marcin/docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/mysql/data/:/var/lib/mysql/
- /c/Users/marcin/docker/projects/newdocker.app/mysql/conf.d/:/etc/mysql/conf.d/source
- /c/Users/marcin/docker/projects/newdocker.app/mysql/log/:/var/log/mysql/
ports:
- "33200:3306"
container_name: newdocker.db
hostname: newdocker.app
我的nginx配置文件如下所示:
http://192.168.99.100:8300/ - is working fine
https://192.168.99.100:18300/ - is working fine
https://192.168.99.100/ - I'm getting 503 (this is probably fine - this port is not used for this container)
http://newdocker.app/ - is working fine
https://newdocker.app:18300/ - is working fine
https://newdocker.app/ - I'm getting 500
server {
listen 80;
listen 443 default ssl;
server_name localhost;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# set maximum request size to 20M
client_max_body_size 20M;
root /usr/share/nginx/html/public/;
location / {
root /usr/share/nginx/html/public/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
sendfile off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/public/;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SERVER_NAME $host;
}
}
web:
build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/conf.d/:/etc/nginx/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/log/:/var/log/nginx/
- /c/Users/marcin/docker/projects/newdocker.app/php/config/:/usr/local/etc/php/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/conf.d/:/etc/supervisor/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/log/:/var/log/supervisor/
- /c/Users/marcin/docker/local_share/:/root/.local_share/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: newdocker.php
hostname: newdocker.app
ports:
- "280:22"
- "8300:80"
- "18300:443"
environment:
- VIRTUAL_HOST=newdocker.app
- CERT_NAME=default
- HTTPS_METHOD=noredirect
db:
build: /Users/marcin/docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/mysql/data/:/var/lib/mysql/
- /c/Users/marcin/docker/projects/newdocker.app/mysql/conf.d/:/etc/mysql/conf.d/source
- /c/Users/marcin/docker/projects/newdocker.app/mysql/log/:/var/log/mysql/
ports:
- "33200:3306"
container_name: newdocker.db
hostname: newdocker.app
如何设置此选项以使其与https://newdocker.app/
所以没有端口?经过调查,我的nginx配置文件很好,但我必须像这样更新我的docker composer.yaml
:
http://192.168.99.100:8300/ - is working fine
https://192.168.99.100:18300/ - is working fine
https://192.168.99.100/ - I'm getting 503 (this is probably fine - this port is not used for this container)
http://newdocker.app/ - is working fine
https://newdocker.app:18300/ - is working fine
https://newdocker.app/ - I'm getting 500
server {
listen 80;
listen 443 default ssl;
server_name localhost;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# set maximum request size to 20M
client_max_body_size 20M;
root /usr/share/nginx/html/public/;
location / {
root /usr/share/nginx/html/public/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
sendfile off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/public/;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SERVER_NAME $host;
}
}
web:
build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/conf.d/:/etc/nginx/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/log/:/var/log/nginx/
- /c/Users/marcin/docker/projects/newdocker.app/php/config/:/usr/local/etc/php/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/conf.d/:/etc/supervisor/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/log/:/var/log/supervisor/
- /c/Users/marcin/docker/local_share/:/root/.local_share/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: newdocker.php
hostname: newdocker.app
ports:
- "280:22"
- "8300:80"
- "18300:443"
environment:
- VIRTUAL_HOST=newdocker.app
- CERT_NAME=default
- HTTPS_METHOD=noredirect
db:
build: /Users/marcin/docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/mysql/data/:/var/lib/mysql/
- /c/Users/marcin/docker/projects/newdocker.app/mysql/conf.d/:/etc/mysql/conf.d/source
- /c/Users/marcin/docker/projects/newdocker.app/mysql/log/:/var/log/mysql/
ports:
- "33200:3306"
container_name: newdocker.db
hostname: newdocker.app
最重要的是在这里添加-CERT_NAME=default
,以使其正常工作(在jwilder/nginx proxy中共享的我的证书的名称为default.crt和default.key,如您在第二个docker-compose.yaml中所看到的)因为我想让http和https都工作,所以我也必须添加-https\u METHOD=noredirect
重新启动nginx后,现在我可以使用https://newdocker.app
未添加任何端口和http://newdocker.app
也在工作。调查后,我的nginx配置文件很好,但我必须更新我的docker composer.yaml
,如下所示:
http://192.168.99.100:8300/ - is working fine
https://192.168.99.100:18300/ - is working fine
https://192.168.99.100/ - I'm getting 503 (this is probably fine - this port is not used for this container)
http://newdocker.app/ - is working fine
https://newdocker.app:18300/ - is working fine
https://newdocker.app/ - I'm getting 500
server {
listen 80;
listen 443 default ssl;
server_name localhost;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# set maximum request size to 20M
client_max_body_size 20M;
root /usr/share/nginx/html/public/;
location / {
root /usr/share/nginx/html/public/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
sendfile off;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/public/;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SERVER_NAME $host;
}
}
web:
build: /Users/marcin/docker/definitions/php-nginx/php-7.1-ubuntu
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/html/:/usr/share/nginx/html/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/conf.d/:/etc/nginx/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/nginx/log/:/var/log/nginx/
- /c/Users/marcin/docker/projects/newdocker.app/php/config/:/usr/local/etc/php/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/conf.d/:/etc/supervisor/conf.d/
- /c/Users/marcin/docker/projects/newdocker.app/supervisor/log/:/var/log/supervisor/
- /c/Users/marcin/docker/local_share/:/root/.local_share/
working_dir: /usr/share/nginx/html/
links:
- db
container_name: newdocker.php
hostname: newdocker.app
ports:
- "280:22"
- "8300:80"
- "18300:443"
environment:
- VIRTUAL_HOST=newdocker.app
- CERT_NAME=default
- HTTPS_METHOD=noredirect
db:
build: /Users/marcin/docker/definitions/mysql/5.7
environment:
- MYSQL_ROOT_PASSWORD=pass
- MYSQL_DATABASE=
- MYSQL_USER=
- MYSQL_PASSWORD=
expose:
- 3306
volumes:
- /c/Users/marcin/docker/projects/newdocker.app/mysql/data/:/var/lib/mysql/
- /c/Users/marcin/docker/projects/newdocker.app/mysql/conf.d/:/etc/mysql/conf.d/source
- /c/Users/marcin/docker/projects/newdocker.app/mysql/log/:/var/log/mysql/
ports:
- "33200:3306"
container_name: newdocker.db
hostname: newdocker.app
最重要的是在这里添加-CERT_NAME=default
,以使其正常工作(在jwilder/nginx proxy中共享的我的证书的名称为default.crt和default.key,如您在第二个docker-compose.yaml中所看到的)因为我想让http和https都工作,所以我也必须添加-https\u METHOD=noredirect
重新启动nginx后,现在我可以使用https://newdocker.app
未添加任何端口和http://newdocker.app
也在工作。通常,在nginx config server块中,如果您希望让端口80将传入的http无缝地发送到https,则可以将端口443与端口80分开。。。如果您希望此行为,请为80创建服务器块,以便将连接发送到443。。。然后,大部分逻辑驻留在端口443的服务器块中。。。还是不?让我们知道。。。我可以发布一个具体的例子。。。除了您的问题“是”之外,url从未包含任何端口号,但配置会根据url路径将流量路由到基础服务器及其端口given@ScottStensland谢谢你的评论。我希望对所有类型的站点使用相同的方案,因此我希望http和https能够正常工作,而不需要任何重定向。在您的nginx配置中,您是否尝试过将所有内容重定向到https/443?@Sergiu No,但是我想让http和https都能工作,而不仅仅是httpsso如果你想要80和443,那么给每个服务器块提供它们自己的基本逻辑(这些行可以进入每个块引用的一个文件)除了在80服务器块中没有提到ssl外,通常在nginx config server块中,如果希望让端口80将传入的http无缝地发送到https,请将端口80与端口443分开。。。如果您希望此行为,请为80创建服务器块,以便将连接发送到443。。。然后,大部分逻辑驻留在端口443的服务器块中。。。还是不?让我们知道。。。我可以发布一个具体的例子。。。除了您的问题“是”之外,url从未包含任何端口号,但配置会根据url路径将流量路由到基础服务器及其端口given@ScottStensland谢谢你的评论。我希望对所有类型的站点使用相同的方案,因此我希望http和https能够正常工作,而不需要任何重定向。在您的nginx配置中,您是否尝试过将所有内容重定向到https/443?@Sergiu No,但是我想让http和https都能工作,而不仅仅是httpsso如果您想要80和443,那么就给每个服务器块提供它们自己的服务器块,每个服务器块都有相同的基本逻辑(这些行可以进入每个块引用的一个文件中),除了80服务器块中没有提到ssl之外