大家都叫我李哥

主题

docker反向代理与自动续签证书

创建时间:2023/03/20 23:18
更新时间:2023/03/20 23:19
作者:李哥
分类:
运维

玩具机器一直没有证书,本文添加与记录一下。

nginx + acme 的docker-compose文件

yaml
version: '2.1'
services:
  nginxi-certs:
    image: nginxproxy/acme-companion
    container_name: 'nginx-certs'
    volumes_from:
      - 'nginx'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
    environment:
      DEFAULT_EMAIL: 'me@bigbrotherlee.com'
  nginx:
    image: nginxproxy/nginx-proxy
    container_name: 'nginx'
    volumes:
      - 'certs:/etc/nginx/certs'
      - 'vhost:/etc/nginx/vhost.d'
      -  'html:/usr/share/nginx/html'
      - 'nginx_data:/etc/nginx/'
      - '/var/run/docker.sock:/tmp/docker.sock:ro'
    ports:
      - '80:80'
      - '443:443'
      - '3306:3306'
      - '6379:6379'
    networks:
      public :
networks:
  public:
    external: true
volumes:
  certs:
    external: true
  html:
    external: true
  vhost:
    external: true
  nginx_data:
    external: true

服务

  • portainer:
yaml
version: '2.1'
services:
  portainer:
    image: portainer/portainer-ce
    container_name: 'portainer'
    environment:
      VIRTUAL_HOST: 'server.bigbrotherlee.com'
      LETSENCRYPT_HOST: 'server.bigbrotherlee.com'
      VIRTUAL_PORT: 9000
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
      - 'portainer_data:/data'
    networks:
      public :
networks:
  public:
    external: true
volumes:
  portainer_data:
    external: true
  • showdoc
version: '2.1'
services:
  showdoc:
    image: star7th/showdoc
    mem_limit: 2048m
    container_name: 'showdoc'
    environment:
      VIRTUAL_HOST: 'doc.bigbrotherlee.com'
      LETSENCRYPT_HOST: 'doc.bigbrotherlee.com'
      VIRTUAL_PORT: 80
    networks:
      public :
networks:
  public:
    external: true
  • tasks
version: '2.1'
services:
  task:
    image: whyour/qinglong:latest
    container_name: 'qinglong'
    environment:
      VIRTUAL_HOST: 'task.bigbrotherlee.com'
      LETSENCRYPT_HOST: 'task.bigbrotherlee.com'
      VIRTUAL_PORT: 5700
    networks:
      public :
networks:
  public:
    external: true
  • drive
version: '2.1'
services:
  alist:
    image: xhofe/alist:latest
    container_name: 'alist'
    volumes:
      - 'alist_data:/opt/alist/data'
    environment:
      VIRTUAL_HOST: 'drive.liganma.com,drive.bigbrotherlee.com'
      LETSENCRYPT_HOST: 'drive.liganma.com,drive.bigbrotherlee.com'
      VIRTUAL_PORT: 5244
    networks:
      public :
volumes:
  alist_data:
    external: true
networks:
  public:
    external: true

另外

mysql与redis也走代理,在nginx.conf添加

stream {
  server {
    listen 6379;
    proxy_pass redis:6379;
  }
  server {
    listen 3306;
    proxy_pass mysql:3306;
  }
}

总结

核心是这个监听了docker状态,使得nginx可以与容器交互,这样就使得nginx可以自动代理添加了特定环境变量的容器。 另外,整个服务就只有nginx对外暴露了端口,使得整个服务都在nginx代理的控制之下。可惜了我在showdoc保存的文档了,全没了,建volume真的是一个很好的习惯。

实践、认识、再实践、再认识,这种形式,循环往复以至无穷,而实践和认识之每一循环的内容,都比较地进到了高一级的程度。

©2019-至今 李哥的日志