Let’s Encrypt
Certbot
docker-nginx-certbot
Let's Encrypt Certificate Generation Using Docker
# apt update -y
# apt upgrade -y
# apt install mc -y
# adduser user
# usermod -aG sudo user
# reboot
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo apt-key fingerprint 0EBFCD88
pub 4096R/0EBFCD88 2017-02-22
Отпечаток ключа = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid Docker Release (CE deb) <docker@docker.com>
sub 4096R/F273FCD8 2017-02-22
$ sudo add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get install docker-ce
$ sudo usermod -aG docker $(whoami)
$ sudo reboot
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ git clone https://github.com/diresi/docker-nginx-certbot.git
$ cd docker-nginx-certbot
Правим:
$ nano ~/docker-nginx-certbot/.env
Правим:
$ nano ~/docker-nginx-certbot/docker-compose.yml
- /letsencrypt:/etc/letsencrypt
$ sudo docker-compose up -d
$ docker-compose exec nginx /etc/nginx/ssl/certbot.sh -v
$ sudo docker-compose down
Сертификаты в /letsencrypt
$ sudo apt-get install nginx
$ sudo nano /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream target {
server localhost:8080;
}
server {
listen 443 ssl;
server_name www.zaz60.com;
ssl_certificate /letsencrypt/live/zaz60.com/fullchain.pem;
ssl_certificate_key /letsencrypt/live/zaz60.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://target;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
proxy_read_timeout 900s;
}
}
server {
listen 80;
server_name www.zaz60.com;
return 301 https://$server_name$request_uri;
}
}
Сохранить.
$ sudo nginx -t
$ sudo service nginx restart
Quickstart: Compose and WordPress
Настройка контейнера docker для разработки и тестирования WordPress
Установка wordpress
$ cd ~
$ mkdir wordpress
$ cd wordpress
$ nano docker-compose.yml
version: '2'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8080:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
Сохранить.
Certbot
docker-nginx-certbot
Let's Encrypt Certificate Generation Using Docker
# apt update -y
# apt upgrade -y
# apt install mc -y
# adduser user
# usermod -aG sudo user
# reboot
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo apt-key fingerprint 0EBFCD88
pub 4096R/0EBFCD88 2017-02-22
Отпечаток ключа = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid Docker Release (CE deb) <docker@docker.com>
sub 4096R/F273FCD8 2017-02-22
$ sudo add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get install docker-ce
$ sudo usermod -aG docker $(whoami)
$ sudo reboot
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ git clone https://github.com/diresi/docker-nginx-certbot.git
$ cd docker-nginx-certbot
Правим:
$ nano ~/docker-nginx-certbot/.env
Правим:
$ nano ~/docker-nginx-certbot/docker-compose.yml
- /letsencrypt:/etc/letsencrypt
$ sudo docker-compose up -d
$ docker-compose exec nginx /etc/nginx/ssl/certbot.sh -v
$ sudo docker-compose down
Сертификаты в /letsencrypt
$ sudo apt-get install nginx
$ sudo nano /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream target {
server localhost:8080;
}
server {
listen 443 ssl;
server_name www.zaz60.com;
ssl_certificate /letsencrypt/live/zaz60.com/fullchain.pem;
ssl_certificate_key /letsencrypt/live/zaz60.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://target;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
proxy_read_timeout 900s;
}
}
server {
listen 80;
server_name www.zaz60.com;
return 301 https://$server_name$request_uri;
}
}
Сохранить.
$ sudo nginx -t
$ sudo service nginx restart
Quickstart: Compose and WordPress
Настройка контейнера docker для разработки и тестирования WordPress
Установка wordpress
$ cd ~
$ mkdir wordpress
$ cd wordpress
$ nano docker-compose.yml
version: '2'
services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8080:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
Сохранить.
Комментариев нет:
Отправить комментарий