努力将Nginx代理+ LetsEncrypt伴侣与我的Docker组成的Web应用集成

时间:2019-01-28 12:05:37

标签: docker nginx nginx-reverse-proxy

我要实现的目标

我正在尝试为我的生产站点集成SSL证书,如果我可以为本地开发创建自签名证书,那么这是奖励。

我遇到的问题

尝试集成nginx-proxyletsencrypt-companion时,总是会导致重定向循环或502错误的网关错误。

我已经研究了多种方法来集成这两个同伴,但是我仍然对如何进行集成感到困惑,但是在尝试集成到我的环境中时总是问自己同样的问题。

有关我的环境的详细信息

我正在运行一个多容器Docker Compose Web应用程序,该应用程序使用PHP / PHP-FPM 7.2,MySQL和Nginx。配置如下:

version: '3.1'

networks:
  mywebapp:

services:
  nr_nginx:
    build: ./env/nginx
    networks:
      - mywebapp
    ports:
      - 80:80
      - 443:443
    env_file:
      - ./env/nginx/.env
    depends_on:
      - nr_php72
    tty: true
    volumes:
      - ./src:/home/www/mywebapp/src
      - ./storage:/home/www/storage/mywebapp
      - ./data/nginx/logs:/var/log/nginx
      - ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
      - ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
      - ./env/nginx/webserver/defaults:/etc/nginx/defaults
      - ./env/nginx/webserver/global:/etc/nginx/global
      - ./env/nginx/ssl/:/etc/letsencrypt/
      - ./env/nginx/share:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro

  nr_mysql:
    build: ./env/mysql
    networks:
      - mywebapp
    ports:
      - 3306:3306
    env_file:
      - ./env/mysql/.env
    volumes:
      - ./data/mysql:/var/lib/mysql
      - ./env/mysql/conf.d:/etc/mysql/conf.d
      - ./data/dbimport/:/docker-entrypoint-initdb.d

  nr_php72:
    build: ./env/php72
    hostname: php72
    networks:
      - mywebapp
    depends_on:
      - nr_mysql
    ports:
      - 9000:9000
      - 8080:8080
    volumes:
      - ./env/composer:/home/www/.composer
      - ./env/global/bashrc:/home/www/.bashrc
      - ./data/bash/.bash_history:/home/www/.bash_history
      - ~/.ssh:/home/www/.ssh:ro
      - ~/.gitconfig:/home/www/.gitconfig:ro
      - ./storage:/home/www/storage/mywebapp
      - ./src:/home/www/mywebapp/src

问题

  1. nginx代理是否应替换我现有的“ nr_nginx”容器?
  2. 我是否已删除“ nr_nginx”的80:80、433:433端口映射,而是分配了我选择的随机唯一端口,例如5000?
  3. 如果问题2是,我如何告诉nginx-proxy代理传递给我的端口5000的容器?

1 个答案:

答案 0 :(得分:0)

好的,我想我已经解决了:

  1. 不,它不应该替换您自己的nginx配置
  2. 是的,请删除端口80和443,因为这将由nginx代理处理,而暴露容器中的端口。
  3. 只要您指定了.setDepart()环境变量,您就不需要手动配置proxy_pass,因为nginx-proxy会为您完成此操作。

这是对我有用的样板代码:

锅炉调色板nginx-proxy-letsencrypt-companion

docker-compose.yml:

VIRTUAL_PORT

样板Nginx PHP MySQL环境

docker-compose.yml

version: "3"
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./env/nginx/certs:/etc/nginx/certs
      - ./env/nginx/vhost.d:/etc/nginx/vhost.d
      - ./env/nginx/share:/usr/share/nginx/html

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt
    volumes:
      - ./env/nginx/certs:/etc/nginx/certs
      - ./env/nginx/vhost.d:/etc/nginx/vhost.d
      - ./env/nginx/share:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy

networks:
  default:
    external:
      name: nginx-proxy

/etc/nginx/conf.d/default.conf-在“ nginx”容器内:

version: '3.1'

services:

  nginx:
    container_name: nginx
    build: ./env/nginx
    ports:
      - 5000:5000
    expose:
      - 80
      - 443
    environment:
      - VIRTUAL_HOST=your.domain.com,www.your.domain.com
      - VIRTUAL_PORT=5000
      - LETSENCRYPT_EMAIL=your@email.com
      - LETSENCRYPT_HOST=your.domain.com
    depends_on:
      - php72
    tty: true
    volumes:
      - ./src:/home/www/webapp/src
      - ./storage:/home/www/storage/webapp
      - ./data/nginx/logs:/var/log/nginx
      - ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
      - ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
      - ./env/nginx/webserver/defaults:/etc/nginx/defaults
      - ./env/nginx/webserver/global:/etc/nginx/global
      - /var/run/docker.sock:/tmp/docker.sock:ro

  mysql:
    container_name: mysql
    build: ./env/mysql
    ports:
      - 3306:3306
    env_file:
      - ./env/mysql/.env
    volumes:
      - ./data/mysql:/var/lib/mysql
      - ./env/mysql/conf.d:/etc/mysql/conf.d
      - ./data/dbimport/:/docker-entrypoint-initdb.d

  php72:
    container_name: php72
    build: ./env/php72
    hostname: php72
    depends_on:
      - mysql
    ports:
      - 9000:9000
    volumes:
      - ./env/composer:/home/www/.composer
      - ./env/global/bashrc:/home/www/.bashrc
      - ./data/bash/.bash_history:/home/www/.bash_history
      - ~/.ssh:/home/www/.ssh:ro
      - ~/.gitconfig:/home/www/.gitconfig:ro
      - ./storage:/home/www/storage/webapp
      - ./src:/home/www/webapp/src

networks:
  default:
    external:
      name: nginx-proxy

server { listen 5000; listen [::]:5000; server_name www.your.domain.com; root /my/web/root/src; index index.php; include /any/conf/includes/here.conf; location / { fastcgi_param HTTPS 'on'; try_files $uri $uri/ /index.php$is_args$args; } } conf防止重定向循环,您也可以将fastcgi_param HTTPS 'on';添加到index.php