如何使用带 'docker: nginx + uwgsi + django + solr + db + ...' 的 LetsEncrypt 将 http 更改为 https?
How to change http to https using LetsEncrypt with 'docker: nginx + uwgsi + django + solr + db + ...'?
目前我使用官方 nginx docker 图像 + 我自己的 'django with uwsgi' 构建,一切正常。我想使用 jwilder/nginx-proxy + jrcs/letsencrypt-nginx-proxy-companion.
将 SSL 添加到项目中
我项目的结构是下一个:
myproject/
| -- data/
| -- media/
| -- static/
| -- sources/
| -- dockerfiles/
| -- nginx/
| -- nginx.conf
| -- uwsgi_params
| -- solr/
| -- default/ (configs)
| -- Dockerfile
| -- web/
| -- Dockerfile
| -- requirements.txt
| -- myproject/
| -- app_1/
| -- app_2/
| -- settings/
| -- myproject_uwsgi.ini
| -- docker-compose.yml
相关配置如下:
# myproject/sources/docker-compose.yml
version: '2'
services:
nginx:
image: nginx:latest
container_name: myproject_nginx-container
ports:
- "80:80"
depends_on:
- web
volumes:
- ./dockerfiles/nginx:/etc/nginx/conf.d
- ../static:/static
- ../media:/media
web:
build: ./dockerfiles/web/
container_name: myproject_django-container
command: bash -c 'uwsgi --ini ./settings/myproject_uwsgi.ini'
volumes:
- ./web:/web
- ../static:/static
- ../media:/media
solr-docker:
build: ./dockerfiles/solr/
container_name: myproject_solr-container
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- default
ports:
- "8983:8983"
volumes:
- ./dockerfiles/solr/default:/opt/solr/server/solr/mycores/default # configs
- ../data/solr/default/data:/opt/solr/server/solr/mycores/default/data # indexes
# other-services...
下一个:
# myproject/sources/myproject/settings/myproject_uwsgi.ini
[uwsgi]
master = True
lazy-apps = True
# Number of worker processes for handling requests
%k = cpu count
processes = %(%k * 2)
# Number of threads for handling requests
threads = %(%k * 2)
# Respawn processes that take more than ... seconds
# harakiri = 20
# Respawn processes after serving ... requests
max-requests = 5000
# Clear environment on exit
vacuum = True
# the base directory (full path)
chdir = /myproject/
# Django's wsgi file (path starting from chdir/)
module = settings.wsgi:application
# location of settings
# env = DJANGO_SETTINGS_MODULE=$(DJANGO_PROJECT_NAME).settings
socket = :8000
还有一个:
# myproject/dockerfiles/nginx/nginx.conf
upstream django {
ip_hash;
server web:8000;
}
# Redirection from WWW to non-WWW
server {
listen 80;
server_name www.myproject.com;
rewrite ^/(.*) http://myproject.com/ permanent;
}
server {
listen 80 default_server;
server_name myproject.com;
charset utf-8;
keepalive_timeout 5;
location /media {
alias /media;
}
location /static {
alias /static;
}
location / {
uwsgi_pass django;
include uwsgi_params;
}
}
uwsgi_params文件有一个典型的配置可以看到HERE.
如何将 http 转换为 https 您可以在下面的答案中找到。
为了实现 https,有必要在现有的 docker-compose.yml 中添加接下来的两个图像:jwilder/nginx-proxy + jrcs/letsencrypt-nginx-proxy-companion 并添加以下环境变量: nginx 通过 uwsgi + 为 solr 服务 django 的服务。其他一切(配置)都可以保持原样。
所以这是最终结果:
# myproject/sources/docker-compose.yml
version: '2'
services:
nginx-proxy: # <-- NEW SECTION
image: jwilder/nginx-proxy
container_name: myproject_nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "/etc/nginx/conf.d"
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
- "./volumes/proxy/certs:/etc/nginx/certs"
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
letsencrypt-companion: # <-- NEW SECTION
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: myproject_letsencrypt-companion-container
volumes_from:
- nginx-proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/proxy/certs:/etc/nginx/certs:rw"
# ###############################
# Old settings. ALMOST identical.
nginx:
image: nginx:latest
container_name: myproject_nginx-container
# ports: <-- REMOVE SECTION
# - "80:80"
volumes:
- ./dockerfiles/nginx:/etc/nginx/conf.d
- ../static:/static
- ../media:/media
depends_on:
- nginx-proxy # <-- NEW SECTION
- web
environment: # <-- NEW SECTION
- VIRTUAL_HOST=myproject.com
- LETSENCRYPT_HOST=myproject.com
- LETSENCRYPT_EMAIL=info@myproject.com
web:
build: ./dockerfiles/web/
container_name: myproject_django-container
command: bash -c 'uwsgi --ini ./settings/myproject_uwsgi.ini'
volumes:
- ./web:/web
- ../static:/static
- ../media:/media
solr-docker:
build: ./dockerfiles/solr/
container_name: myproject_solr-container
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- default
# ports: <-- REMOVE SECTION
# - "8983:8983"
volumes:
- ./dockerfiles/solr/default:/opt/solr/server/solr/mycores/default # configs
- ../data/solr/default/data:/opt/solr/server/solr/mycores/default/data # indexes
environment: # <-- NEW SECTION
- VIRTUAL_HOST=solr.myproject.com
- VIRTUAL_PORT=8983
- LETSENCRYPT_HOST=solr.myproject.com
- LETSENCRYPT_EMAIL=info@myproject.com
# other-services...
如果您想现在打开 Solr 的仪表板,您需要使用 solr.myproject.com.
而不是 myproject.com:8983
目前我使用官方 nginx docker 图像 + 我自己的 'django with uwsgi' 构建,一切正常。我想使用 jwilder/nginx-proxy + jrcs/letsencrypt-nginx-proxy-companion.
SSL 添加到项目中
我项目的结构是下一个:
myproject/
| -- data/
| -- media/
| -- static/
| -- sources/
| -- dockerfiles/
| -- nginx/
| -- nginx.conf
| -- uwsgi_params
| -- solr/
| -- default/ (configs)
| -- Dockerfile
| -- web/
| -- Dockerfile
| -- requirements.txt
| -- myproject/
| -- app_1/
| -- app_2/
| -- settings/
| -- myproject_uwsgi.ini
| -- docker-compose.yml
相关配置如下:
# myproject/sources/docker-compose.yml
version: '2'
services:
nginx:
image: nginx:latest
container_name: myproject_nginx-container
ports:
- "80:80"
depends_on:
- web
volumes:
- ./dockerfiles/nginx:/etc/nginx/conf.d
- ../static:/static
- ../media:/media
web:
build: ./dockerfiles/web/
container_name: myproject_django-container
command: bash -c 'uwsgi --ini ./settings/myproject_uwsgi.ini'
volumes:
- ./web:/web
- ../static:/static
- ../media:/media
solr-docker:
build: ./dockerfiles/solr/
container_name: myproject_solr-container
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- default
ports:
- "8983:8983"
volumes:
- ./dockerfiles/solr/default:/opt/solr/server/solr/mycores/default # configs
- ../data/solr/default/data:/opt/solr/server/solr/mycores/default/data # indexes
# other-services...
下一个:
# myproject/sources/myproject/settings/myproject_uwsgi.ini
[uwsgi]
master = True
lazy-apps = True
# Number of worker processes for handling requests
%k = cpu count
processes = %(%k * 2)
# Number of threads for handling requests
threads = %(%k * 2)
# Respawn processes that take more than ... seconds
# harakiri = 20
# Respawn processes after serving ... requests
max-requests = 5000
# Clear environment on exit
vacuum = True
# the base directory (full path)
chdir = /myproject/
# Django's wsgi file (path starting from chdir/)
module = settings.wsgi:application
# location of settings
# env = DJANGO_SETTINGS_MODULE=$(DJANGO_PROJECT_NAME).settings
socket = :8000
还有一个:
# myproject/dockerfiles/nginx/nginx.conf
upstream django {
ip_hash;
server web:8000;
}
# Redirection from WWW to non-WWW
server {
listen 80;
server_name www.myproject.com;
rewrite ^/(.*) http://myproject.com/ permanent;
}
server {
listen 80 default_server;
server_name myproject.com;
charset utf-8;
keepalive_timeout 5;
location /media {
alias /media;
}
location /static {
alias /static;
}
location / {
uwsgi_pass django;
include uwsgi_params;
}
}
uwsgi_params文件有一个典型的配置可以看到HERE.
如何将 http 转换为 https 您可以在下面的答案中找到。
为了实现 https,有必要在现有的 docker-compose.yml 中添加接下来的两个图像:jwilder/nginx-proxy + jrcs/letsencrypt-nginx-proxy-companion 并添加以下环境变量: nginx 通过 uwsgi + 为 solr 服务 django 的服务。其他一切(配置)都可以保持原样。
所以这是最终结果:
# myproject/sources/docker-compose.yml
version: '2'
services:
nginx-proxy: # <-- NEW SECTION
image: jwilder/nginx-proxy
container_name: myproject_nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "/etc/nginx/conf.d"
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
- "./volumes/proxy/certs:/etc/nginx/certs"
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
letsencrypt-companion: # <-- NEW SECTION
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: myproject_letsencrypt-companion-container
volumes_from:
- nginx-proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/proxy/certs:/etc/nginx/certs:rw"
# ###############################
# Old settings. ALMOST identical.
nginx:
image: nginx:latest
container_name: myproject_nginx-container
# ports: <-- REMOVE SECTION
# - "80:80"
volumes:
- ./dockerfiles/nginx:/etc/nginx/conf.d
- ../static:/static
- ../media:/media
depends_on:
- nginx-proxy # <-- NEW SECTION
- web
environment: # <-- NEW SECTION
- VIRTUAL_HOST=myproject.com
- LETSENCRYPT_HOST=myproject.com
- LETSENCRYPT_EMAIL=info@myproject.com
web:
build: ./dockerfiles/web/
container_name: myproject_django-container
command: bash -c 'uwsgi --ini ./settings/myproject_uwsgi.ini'
volumes:
- ./web:/web
- ../static:/static
- ../media:/media
solr-docker:
build: ./dockerfiles/solr/
container_name: myproject_solr-container
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- default
# ports: <-- REMOVE SECTION
# - "8983:8983"
volumes:
- ./dockerfiles/solr/default:/opt/solr/server/solr/mycores/default # configs
- ../data/solr/default/data:/opt/solr/server/solr/mycores/default/data # indexes
environment: # <-- NEW SECTION
- VIRTUAL_HOST=solr.myproject.com
- VIRTUAL_PORT=8983
- LETSENCRYPT_HOST=solr.myproject.com
- LETSENCRYPT_EMAIL=info@myproject.com
# other-services...
如果您想现在打开 Solr 的仪表板,您需要使用 solr.myproject.com.
myproject.com:8983