我在 AWS 上有一个运行 Amazon Linux 2 的 EC2 实例。
在上面,我安装了 Git、docker 和 docker-compose。完成后,我克隆了我的存储库并运行docker-compose up让我的生产环境启动。我访问公共 DNS,它可以工作。
我现在想要在网站上启用 HTTPS。
我的项目有一个使用 React 在 Nginx-alpine 服务器上运行的前端。后端是 NodeJS 服务器。
这是我的 nginx.conf 文件:
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri /index.html;
}
location /api/ {
proxy_pass http://${PROJECT_NAME}_backend:${NODE_PORT}/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
这是我的 docker-compose.yml 文件:
version: "3.7"
services:
##############################
# Back-End Container
##############################
backend: # Node-Express backend that acts as an API.
container_name: ${PROJECT_NAME}_backend
init: true
build:
context: ./backend/
target: production
restart: always
environment:
- NODE_PATH=${EXPRESS_NODE_PATH}
- AWS_REGION=${AWS_REGION}
- NODE_ENV=production
- DOCKER_BUILDKIT=1
- PORT=${NODE_PORT}
networks:
- client
##############################
# Front-End Container
##############################
nginx:
container_name: ${PROJECT_NAME}_frontend
build:
context: ./frontend/
target: production
args:
- NODE_PATH=${REACT_NODE_PATH}
- SASS_PATH=${SASS_PATH}
restart: always
environment:
- PROJECT_NAME=${PROJECT_NAME}
- NODE_PORT=${NODE_PORT}
- DOCKER_BUILDKIT=1
command: /bin/ash -c "envsubst '$$PROJECT_NAME $$NODE_PORT' < /etc/nginx/conf.d/nginx.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
expose:
- "80"
ports:
- "80:80"
depends_on:
- backend
networks:
- client
##############################
# General Config
##############################
networks:
client:
我知道有一个 certbot 的 Docker 镜像,但我不知道如何使用它。我还担心我代理请求的方式/api/通过 http 到服务器。这也会给我带来任何问题吗?
Edit:
尝试#1:Traefik
我创建了一个 Traefik 容器来通过 HTTPS 路由所有流量。
version: '2'
services:
traefik:
image: traefik
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
对于 toml 文件,我添加了以下内容:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "ec2-00-000-000-00.eu-west-1.compute.amazonaws.com"
watch = true
exposedByDefault = false
[acme]
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
我将其添加到我的 docker-compose 生产文件中:
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:ec2-00-000-000-00.eu-west-1.compute.amazonaws.com"
- "traefik.basic.port=80"
- "traefik.basic.protocol=https"
I ran docker-compose up对于 Traefik 容器,然后运行docker-compose up在我的生产图像上。我收到以下错误:
无法获得acme证书
我正在阅读 Traefik 文档,显然有一种方法可以专门为 Amazon ECS 配置 toml 文件:https://docs.traefik.io/configuration/backends/ecs/ https://docs.traefik.io/configuration/backends/ecs/
我走在正确的轨道上吗?
