我处于需要多个Docker映像实例的情况。每个实例都需要自己的域和一个SSL证书。
我想到了以下解决方案: 我使用jwilder / nginx-proxy和jrcs / letsencrypt-nginx-proxy-companion来处理虚拟主机和SSL证书。像这样:
version: "3.1"
volumes:
certs:
vhost.d:
nginx:
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
ports:
- "80:80"
- "443:443"
volumes:
- certs:/etc/nginx/certs
- vhost.d:/etc/nginx/vhost.d
- nginx:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
letsencrypt-nginx-proxy-companion:
image: jrcs/letsencrypt-nginx-proxy-companion:v1.9.1
depends_on:
- nginx-proxy
volumes:
- certs:/etc/nginx/certs
- vhost.d:/etc/nginx/vhost.d
- nginx:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
swarm_network:
driver: overlay
external: true
实际应用程序包含3个容器。 PHP FPM,MySQL,Nginx。每个应用程序都会获得自己的撰写文件,其中包含应用程序特定的环境变量,卷名等:
version: "3.1"
volumes:
{appName}-symfony:
{appName}-mysql:
services:
webserver:
depends_on:
- php-fpm
image: nginx:alpine
restart: always
working_dir: /var/www/application
environment:
VIRTUAL_HOST: foo.bar
LETSENCRYPT_HOST: foo.bar
LETSENCRYPT_EMAIL: some value
volumes:
- {appName}-symfony:/var/www/application
- ./nginx.conf:/etc/nginx/conf.d/default.conf
mysql:
image: percona:5.7
restart: always
volumes:
- {appName}-mysql:/var/lib/mysql
environment:
some: env
php-fpm:
depends_on:
- mysql
image: app/image:1.0.0
restart: always
working_dir: /var/www/application
volumes:
- {appName}-symfony:/var/www/application
- ./php-ini-overrides.ini:/etc/php/7.2/fpm/conf.d/99-overrides.ini
environment:
some: env
networks:
swarm_network:
driver: overlay
external: true
应用程序的使用频率不高,因此单节点解决方案就足够了。作为ochestration工具,像Docker堆栈甚至docker-compose之类的东西就足够了。
这还意味着,所有容器都必须位于同一网络中,对吗?
此解决方案有用吗?还是我忽略了重点?