在 docker 上将 https 与 grafana/caddy 结合使用
Using https with grafana/caddy on docker compose
我正在尝试了解如何在没有域名的情况下使用 grafana/caddy 在 docker compose 中实现 https。
目前,我通过http://xx.xxx.xx.xx:3000/
访问grafana
我希望这是 https,但我很难理解如何生成证书并使其按预期工作。我认为 letsencrypt 需要一个我没有的域。
version: "3"
networks:
monitor-net:
driver: bridge
volumes:
grafana_data: {}
services:
grafana:
image: grafana/grafana:8.4.4
container_name: grafana
volumes:
- grafana_data:/var/lib/grafana
- ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
- ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
environment:
- GF_SECURITY_ADMIN_USER=${GF_ADMIN_USER}
- GF_SECURITY_ADMIN_PASSWORD=${GF_ADMIN_PASS}
- GF_USERS_ALLOW_SIGN_UP=false
restart: unless-stopped
expose:
- 3000
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
caddy:
image: caddy:2.3.0
container_name: caddy
ports:
- "3000:3000"
- "9090:9090"
- "9093:9093"
- "9091:9091"
volumes:
- ./caddy:/etc/caddy
environment:
- ADMIN_USER=${GF_ADMIN_USER}
- ADMIN_PASSWORD=${GF_ADMIN_PASS}
- ADMIN_PASSWORD_HASH=${ADMIN_PASS_HASH}
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
我假设我会在 /etc/caddy/certs 上创建一个存储证书的卷,但不知道如何仅为 IP 生成它或者它如何被 caddy 识别。
看起来像 Caddy does not support generating HTTPS certificates for IP addresses. Additionally, Let's Encrypt does not currently support issuing certificates for bare IP addresses。
然而,似乎 ZeroSSL supports generating certificates for IPs. You could try using these instructions 将您的一个或所有站点更改为使用 ZeroSSL,但我无法在我的测试服务器上运行它。
最好的选择可能是获得一个可以指向您的服务器的域,然后从那里提供服务。
带 SSL 的 IP 的 Caddy
By default, Caddy serves all sites over HTTPS.
Caddy serves IP addresses and local/internal hostnames over HTTPS using self-signed certificates that are automatically trusted locally (if permitted).
Examples: localhost, 127.0.0.1
在你的 Caddyfile 你必须添加这样的东西
http://192.168.1.25:3000 {
reverse_proxy grafana_ip:3000
}
我正在尝试了解如何在没有域名的情况下使用 grafana/caddy 在 docker compose 中实现 https。
目前,我通过http://xx.xxx.xx.xx:3000/
访问grafana我希望这是 https,但我很难理解如何生成证书并使其按预期工作。我认为 letsencrypt 需要一个我没有的域。
version: "3"
networks:
monitor-net:
driver: bridge
volumes:
grafana_data: {}
services:
grafana:
image: grafana/grafana:8.4.4
container_name: grafana
volumes:
- grafana_data:/var/lib/grafana
- ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
- ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
environment:
- GF_SECURITY_ADMIN_USER=${GF_ADMIN_USER}
- GF_SECURITY_ADMIN_PASSWORD=${GF_ADMIN_PASS}
- GF_USERS_ALLOW_SIGN_UP=false
restart: unless-stopped
expose:
- 3000
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
caddy:
image: caddy:2.3.0
container_name: caddy
ports:
- "3000:3000"
- "9090:9090"
- "9093:9093"
- "9091:9091"
volumes:
- ./caddy:/etc/caddy
environment:
- ADMIN_USER=${GF_ADMIN_USER}
- ADMIN_PASSWORD=${GF_ADMIN_PASS}
- ADMIN_PASSWORD_HASH=${ADMIN_PASS_HASH}
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
我假设我会在 /etc/caddy/certs 上创建一个存储证书的卷,但不知道如何仅为 IP 生成它或者它如何被 caddy 识别。
看起来像 Caddy does not support generating HTTPS certificates for IP addresses. Additionally, Let's Encrypt does not currently support issuing certificates for bare IP addresses。
然而,似乎 ZeroSSL supports generating certificates for IPs. You could try using these instructions 将您的一个或所有站点更改为使用 ZeroSSL,但我无法在我的测试服务器上运行它。
最好的选择可能是获得一个可以指向您的服务器的域,然后从那里提供服务。
带 SSL 的 IP 的 Caddy
By default, Caddy serves all sites over HTTPS. Caddy serves IP addresses and local/internal hostnames over HTTPS using self-signed certificates that are automatically trusted locally (if permitted). Examples: localhost, 127.0.0.1
在你的 Caddyfile 你必须添加这样的东西
http://192.168.1.25:3000 {
reverse_proxy grafana_ip:3000
}