努力将 Nginx 代理 + LetsEncrypt Companion 与我的 Docker 组合 Web 应用程序集成
Struggling To Integrate Nginx Proxy + LetsEncrypt Companion With My Docker Composed Web App
我想要达到的目标
我正在尝试为我的生产站点集成一个 SSL 证书,如果我可以为本地开发创建一个自签名证书,那就更好了。
我遇到的问题
尝试集成 nginx-proxy and letsencrypt-companion 时,它总是会导致重定向循环或 502 Bad gateway 错误。
我查看了各种集成这两个伙伴的方法,但我仍然对如何集成这个感到困惑,但在尝试集成到我的环境中时总是问自己同样的问题。
有关我的环境的更多详细信息
我是 运行 一个多容器 Docker Compose 网络应用程序,它使用 PHP/PHP-FPM 7.2、MySQL 和 Nginx。配置如下:
version: '3.1'
networks:
mywebapp:
services:
nr_nginx:
build: ./env/nginx
networks:
- mywebapp
ports:
- 80:80
- 443:443
env_file:
- ./env/nginx/.env
depends_on:
- nr_php72
tty: true
volumes:
- ./src:/home/www/mywebapp/src
- ./storage:/home/www/storage/mywebapp
- ./data/nginx/logs:/var/log/nginx
- ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx/webserver/defaults:/etc/nginx/defaults
- ./env/nginx/webserver/global:/etc/nginx/global
- ./env/nginx/ssl/:/etc/letsencrypt/
- ./env/nginx/share:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nr_mysql:
build: ./env/mysql
networks:
- mywebapp
ports:
- 3306:3306
env_file:
- ./env/mysql/.env
volumes:
- ./data/mysql:/var/lib/mysql
- ./env/mysql/conf.d:/etc/mysql/conf.d
- ./data/dbimport/:/docker-entrypoint-initdb.d
nr_php72:
build: ./env/php72
hostname: php72
networks:
- mywebapp
depends_on:
- nr_mysql
ports:
- 9000:9000
- 8080:8080
volumes:
- ./env/composer:/home/www/.composer
- ./env/global/bashrc:/home/www/.bashrc
- ./data/bash/.bash_history:/home/www/.bash_history
- ~/.ssh:/home/www/.ssh:ro
- ~/.gitconfig:/home/www/.gitconfig:ro
- ./storage:/home/www/storage/mywebapp
- ./src:/home/www/mywebapp/src
问题
- nginx-proxy 是否应该替换我现有的 "nr_nginx" 容器?
- 我是否已删除 "nr_nginx" 的 80:80、433:433 端口映射,而是分配我选择的随机唯一端口,例如5000?
- 如果问题 2 是,我如何告诉 nginx-proxy 代理传递到我的端口 5000 的容器?
好的,我想我已经解决了:
- 不,它不应该替换你自己的 nginx 配置
- 是的,删除端口 80 和 443,因为这将由 nginx-proxy 处理,而不是 公开 容器中的端口。
- 您不需要手动配置
proxy_pass,因为 nginx-proxy 会为您完成此操作,只要您指定 VIRTUAL_PORT 环境变量即可。
这是对我有用的样板代码:
Boilerpalte nginx-proxy-letsencrypt-companion
docker-compose.yml:
version: "3"
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./env/nginx/certs:/etc/nginx/certs
- ./env/nginx/vhost.d:/etc/nginx/vhost.d
- ./env/nginx/share:/usr/share/nginx/html
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
volumes:
- ./env/nginx/certs:/etc/nginx/certs
- ./env/nginx/vhost.d:/etc/nginx/vhost.d
- ./env/nginx/share:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
networks:
default:
external:
name: nginx-proxy
样板 Nginx PHP MySQL 环境
docker-compose.yml
version: '3.1'
services:
nginx:
container_name: nginx
build: ./env/nginx
ports:
- 5000:5000
expose:
- 80
- 443
environment:
- VIRTUAL_HOST=your.domain.com,www.your.domain.com
- VIRTUAL_PORT=5000
- LETSENCRYPT_EMAIL=your@email.com
- LETSENCRYPT_HOST=your.domain.com
depends_on:
- php72
tty: true
volumes:
- ./src:/home/www/webapp/src
- ./storage:/home/www/storage/webapp
- ./data/nginx/logs:/var/log/nginx
- ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx/webserver/defaults:/etc/nginx/defaults
- ./env/nginx/webserver/global:/etc/nginx/global
- /var/run/docker.sock:/tmp/docker.sock:ro
mysql:
container_name: mysql
build: ./env/mysql
ports:
- 3306:3306
env_file:
- ./env/mysql/.env
volumes:
- ./data/mysql:/var/lib/mysql
- ./env/mysql/conf.d:/etc/mysql/conf.d
- ./data/dbimport/:/docker-entrypoint-initdb.d
php72:
container_name: php72
build: ./env/php72
hostname: php72
depends_on:
- mysql
ports:
- 9000:9000
volumes:
- ./env/composer:/home/www/.composer
- ./env/global/bashrc:/home/www/.bashrc
- ./data/bash/.bash_history:/home/www/.bash_history
- ~/.ssh:/home/www/.ssh:ro
- ~/.gitconfig:/home/www/.gitconfig:ro
- ./storage:/home/www/storage/webapp
- ./src:/home/www/webapp/src
networks:
default:
external:
name: nginx-proxy
/etc/nginx/conf.d/default.conf - 在 "nginx" 容器内:
server {
listen 5000;
listen [::]:5000;
server_name www.your.domain.com;
root /my/web/root/src;
index index.php;
include /any/conf/includes/here.conf;
location / {
fastcgi_param HTTPS 'on';
try_files $uri $uri/ /index.php$is_args$args;
}
}
fastcgi_param HTTPS 'on'; conf 防止重定向循环,您也可以将 $_SERVER['HTTPS'] = 'on'; 添加到 index.php
我想要达到的目标
我正在尝试为我的生产站点集成一个 SSL 证书,如果我可以为本地开发创建一个自签名证书,那就更好了。
我遇到的问题
尝试集成 nginx-proxy and letsencrypt-companion 时,它总是会导致重定向循环或 502 Bad gateway 错误。
我查看了各种集成这两个伙伴的方法,但我仍然对如何集成这个感到困惑,但在尝试集成到我的环境中时总是问自己同样的问题。
有关我的环境的更多详细信息
我是 运行 一个多容器 Docker Compose 网络应用程序,它使用 PHP/PHP-FPM 7.2、MySQL 和 Nginx。配置如下:
version: '3.1'
networks:
mywebapp:
services:
nr_nginx:
build: ./env/nginx
networks:
- mywebapp
ports:
- 80:80
- 443:443
env_file:
- ./env/nginx/.env
depends_on:
- nr_php72
tty: true
volumes:
- ./src:/home/www/mywebapp/src
- ./storage:/home/www/storage/mywebapp
- ./data/nginx/logs:/var/log/nginx
- ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx/webserver/defaults:/etc/nginx/defaults
- ./env/nginx/webserver/global:/etc/nginx/global
- ./env/nginx/ssl/:/etc/letsencrypt/
- ./env/nginx/share:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nr_mysql:
build: ./env/mysql
networks:
- mywebapp
ports:
- 3306:3306
env_file:
- ./env/mysql/.env
volumes:
- ./data/mysql:/var/lib/mysql
- ./env/mysql/conf.d:/etc/mysql/conf.d
- ./data/dbimport/:/docker-entrypoint-initdb.d
nr_php72:
build: ./env/php72
hostname: php72
networks:
- mywebapp
depends_on:
- nr_mysql
ports:
- 9000:9000
- 8080:8080
volumes:
- ./env/composer:/home/www/.composer
- ./env/global/bashrc:/home/www/.bashrc
- ./data/bash/.bash_history:/home/www/.bash_history
- ~/.ssh:/home/www/.ssh:ro
- ~/.gitconfig:/home/www/.gitconfig:ro
- ./storage:/home/www/storage/mywebapp
- ./src:/home/www/mywebapp/src
问题
- nginx-proxy 是否应该替换我现有的 "nr_nginx" 容器?
- 我是否已删除 "nr_nginx" 的 80:80、433:433 端口映射,而是分配我选择的随机唯一端口,例如5000?
- 如果问题 2 是,我如何告诉 nginx-proxy 代理传递到我的端口 5000 的容器?
好的,我想我已经解决了:
- 不,它不应该替换你自己的 nginx 配置
- 是的,删除端口 80 和 443,因为这将由 nginx-proxy 处理,而不是 公开 容器中的端口。
- 您不需要手动配置
proxy_pass,因为 nginx-proxy 会为您完成此操作,只要您指定VIRTUAL_PORT环境变量即可。
这是对我有用的样板代码:
Boilerpalte nginx-proxy-letsencrypt-companion
docker-compose.yml:
version: "3"
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./env/nginx/certs:/etc/nginx/certs
- ./env/nginx/vhost.d:/etc/nginx/vhost.d
- ./env/nginx/share:/usr/share/nginx/html
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
volumes:
- ./env/nginx/certs:/etc/nginx/certs
- ./env/nginx/vhost.d:/etc/nginx/vhost.d
- ./env/nginx/share:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
networks:
default:
external:
name: nginx-proxy
样板 Nginx PHP MySQL 环境
docker-compose.yml
version: '3.1'
services:
nginx:
container_name: nginx
build: ./env/nginx
ports:
- 5000:5000
expose:
- 80
- 443
environment:
- VIRTUAL_HOST=your.domain.com,www.your.domain.com
- VIRTUAL_PORT=5000
- LETSENCRYPT_EMAIL=your@email.com
- LETSENCRYPT_HOST=your.domain.com
depends_on:
- php72
tty: true
volumes:
- ./src:/home/www/webapp/src
- ./storage:/home/www/storage/webapp
- ./data/nginx/logs:/var/log/nginx
- ./env/nginx/webserver/nginx.conf:/etc/nginx/nginx.conf
- ./env/nginx/webserver/conf.d:/etc/nginx/conf.d
- ./env/nginx/webserver/defaults:/etc/nginx/defaults
- ./env/nginx/webserver/global:/etc/nginx/global
- /var/run/docker.sock:/tmp/docker.sock:ro
mysql:
container_name: mysql
build: ./env/mysql
ports:
- 3306:3306
env_file:
- ./env/mysql/.env
volumes:
- ./data/mysql:/var/lib/mysql
- ./env/mysql/conf.d:/etc/mysql/conf.d
- ./data/dbimport/:/docker-entrypoint-initdb.d
php72:
container_name: php72
build: ./env/php72
hostname: php72
depends_on:
- mysql
ports:
- 9000:9000
volumes:
- ./env/composer:/home/www/.composer
- ./env/global/bashrc:/home/www/.bashrc
- ./data/bash/.bash_history:/home/www/.bash_history
- ~/.ssh:/home/www/.ssh:ro
- ~/.gitconfig:/home/www/.gitconfig:ro
- ./storage:/home/www/storage/webapp
- ./src:/home/www/webapp/src
networks:
default:
external:
name: nginx-proxy
/etc/nginx/conf.d/default.conf - 在 "nginx" 容器内:
server {
listen 5000;
listen [::]:5000;
server_name www.your.domain.com;
root /my/web/root/src;
index index.php;
include /any/conf/includes/here.conf;
location / {
fastcgi_param HTTPS 'on';
try_files $uri $uri/ /index.php$is_args$args;
}
}
fastcgi_param HTTPS 'on'; conf 防止重定向循环,您也可以将 $_SERVER['HTTPS'] = 'on'; 添加到 index.php