Docker Compose上具有SSL的Kong API网关

时间:2018-12-18 18:47:21

标签: docker ssl docker-compose kong

我正在尝试通过SSL运行Kong代理和管理员。我在ubuntu 18.04上,使用Docker版本18.09.0,内部版本4d60db4和最新版本的Kong(0.14.x)。

我已经阅读了文档和有关配置SSL的问题,并尝试使用自己的自签名证书以及将其留空,而nginx根本无法在8443上启动。

在kong容器中,它仅监听40497、8000和8001,如下所示:

# netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:40497 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 1/kong -c nginx.con
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 1/kong -c nginx.con

因此,这似乎是一个配置问题,但是我很困惑。我正在使用docker-compose并且我的docker-compose.yml文件在下面。我已注释掉以前尝试过并失败的SSL环境变量。顺便说一句,使用8000在http上一切正常。

docker-compose.yml:

version: “3”

networks:
kong-net:
driver: bridge

services:

#######################################

Postgres: The database used by Kong
#######################################
kong-database:
image: postgres:9.6
restart: always
networks:
- kong-net
environment:
POSTGRES_USER: kong
POSTGRES_DB: kong
ports:
- “5432:5432”
healthcheck:
test: [“CMD”, “pg_isready”, “-U”, “kong”]
interval: 5s
timeout: 5s
retries: 5

#######################################

Kong database migration
#######################################
kong-migration:
image: kong:latest
command: “kong migrations up”
networks:
- kong-net
restart: on-failure
environment:
KONG_PG_HOST: kong-database
links:
- kong-database
depends_on:
- kong-database

#######################################

Kong: The API Gateway
#######################################
kong:
image: kong:latest
restart: always
networks:
- kong-net
environment:
KONG_PG_HOST: kong-database
KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl
KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
#KONG_SSL: “on”
#KONG_SSL_CERT: /etc/ssl/certs/nginx-selfsigned.crt
#KONG_SSL_CERT_KEY: /etc/ssl/private/nginx-selfsigned.key
#KONG_ADMIN_SSL_CERT: /etc/ssl/certs/nginx-selfsigned.crt
#KONG_ADMIN_SSL_CERT_KEY: /etc/ssl/private/nginx-selfsigned.key
depends_on:
- kong-migration
- kong-database
healthcheck:
test: [“CMD”, “curl”, “-f”, “http://kong:8001”]
interval: 5s
timeout: 2s
retries: 15
ports:
- “8001:8001”
- “8000:8000”
- “8443:8443”
- “8444:8444”

任何帮助都将不胜感激。

1 个答案:

答案 0 :(得分:0)

您可能需要将ssl证书目录绑定到kong实例