想知道其他人是否有与Docker wordpress容器类似的问题。我对自己的apache / wordpress能力没有信心。也许这里有人可以提供帮助。
尝试使用ssl在nginx反向代理后面设置标准wordpress docker容器。
我的所有其他应用程序都运行正常,它只是问题的worpress / apache。
我的NGINX default.conf:
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
########## ADDED
upstream app-a {
server example.com:2368;
}
upstream app-b {
server example.com:8080;
}
##########
server {
listen 443 ssl;
server_name example.com;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 10G;
location / {
proxy_pass http://app-a;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location = /press {
return 301 https://example.com:8443;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
server {
listen 8443 ssl;
server_name example.com;
#root /usr/share/nginx/html;
root /var/www/html/press;
index index.php index.html index.htm;
client_max_body_size 10G;
location / {
proxy_pass http://app-b;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
我如何启动wordpress容器:
docker run -d --name mywordpress --link mytestsql:mysql -v mypressvol:/var/www/html -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=secret -p 8080:80 wordpress
当我运行WP设置时,我会选择语言,但没有图形,并且在地址栏中显示不安全。但是,如果我在浏览器中转到8080,应用程序工作正常,但没有ssl。就像我说的所有其他应用程序都可以正常工作。它是唯一一个让我适合的WordPress。有任何想法吗?感谢。
答案 0 :(得分:0)
此配置正常工作:
1)Nginx代理
server {
listen 80;
server_name example.ru www.example.ru;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name example.ru www.example.ru;
ssl_certificate /etc/nginx/certs/example.ru.crt;
ssl_certificate_key /etc/nginx/certs/example.ru.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://wp_web;
}
}
不要忘记将它们放在docker-compose.yml中的一个网络中,以便按服务名称访问容器。
2)Wordpress容器。你的主人Apache2 conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName example.ru
ServerAlias www.example.ru
SetEnvIf X-Forwarded-Proto https HTTPS=on
ServerAdmin webmaster@localhost
DocumentRoot /var/www/example
<Directory /var/www/example>
Allowoverride All
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog /var/www/example/logs/apache.error.log
CustomLog /var/www/example/logs/apache.access.log combined_with_x_real_ip
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>