我正在尝试使用反向代理将eventstore码头工人容器暴露给互联网。我是docker-flow proxy和DFPLE的Letencrypt的https。所有这些都在docker swarm mode(新群组)中运行。
我希望可以通过https://example.com/eventstore访问事件存储。
这是我的堆栈文件:
version: "3.6"
services:
eventstore:
image: eventstore/eventstore:release-4.1.1-hotfix1
deploy:
environment:
- EVENTSTORE_RUN_PROJECTIONS=All
- EVENTSTORE_START_STANDARD_PROJECTIONS=True
networks:
- proxy
labels:
- com.df.httpsOnly=true
- com.df.notify=true
- com.df.serviceDomain=example.com
- com.df.servicePath=/eventstore
- com.df.reqPathSearchReplace=/eventstore,/
- com.df.port=2113
- comd.df.srcPort=443
为完整起见,这是代理堆栈:
version: "3.6"
services:
proxy:
image: dockerflow/docker-flow-proxy:18.08.18-81-linux-amd64
ports:
- 80:80
- 443:443
networks:
- proxy
environment:
- LISTENER_ADDRESS=swarm-listener
- MODE=swarm
- SERVICE_NAME=proxy_proxy
deploy:
replicas: 2
swarm-listener:
image: dockerflow/docker-flow-swarm-listener:18.08.01-31-linux-amd64
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DF_NOTIFY_CREATE_SERVICE_URL=http://proxy-le:8080/v1/docker-flow-proxy-letsencrypt/reconfigure
- DF_NOTIFY_REMOVE_SERVICE_URL=http://proxy:8080/v1/docker-flow-proxy/remove
deploy:
placement:
constraints: [node.role == manager]
proxy-le:
image: drozzy/docker-flow-proxy-letsencrypt:0.8
networks:
- proxy
environment:
- DF_PROXY_SERVICE_NAME=proxy_proxy
volumes:
# link docker socket to activate secrets support.
- /var/run/docker.sock:/var/run/docker.sock
# create a dedicated volume for letsencrypt folder.
# MANDATORY to keep persistent certificates on DFPLE.
# Without this volume, certificates will be regenerated every time DFPLE is recreated.
# OPTIONALY you will be able to link this volume to another service that also needs certificates (gitlab/gitlab-ce for example)
- le-certs:/etc/letsencrypt
deploy:
replicas: 1
labels:
- com.df.notify=true
- com.df.distribute=true
- com.df.servicePath=/.well-known/acme-challenge
- com.df.port=8080
networks:
proxy:
external: true
volumes:
le-certs: