如何使用docker-compose使用ssl发布服务?
[英]How to publish services with ssl using docker-compose?
问题描述
I have a service using finatra server running on docker container. 
我有一个使用在finatra容器上运行的finatra服务器的服务。 Currently I am using letsencrypt , and I created my .pfx file etc. But I don't know how to use it with docker-compose . 目前,我正在使用letsencrypt,并创建了.pfx文件等。但是我不知道如何在docker-compose使用它。 I have a keystore folder inside my project which has my ssl files. 我的项目内有一个keystore文件夹,其中包含我的ssl文件。 Here is my docker-compose.yml 这是我docker-compose.yml
version: '2'
services:
test:
build: target/docker/stage
ports:
- "9999:9999"
- "9990:9990"
links:
- mongo:mongo
depends_on:
- mongo
mongo:
image: mongo
ports:
- "27017:27017"
volumes:
- ./mydb:/data/db
1 个解决方案
解决方案1
1 已采纳 2018-06-09 14:01:39
I recommend using nginx and its SSL Termination capability: https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/ 我建议使用nginx及其SSL终止功能: https : //docs.nginx.com/nginx/admin-guide/security-controls/terminate-ssl-http/
The nginx service should be the entry point to your application, where you terminate SSL using your provided cert/key then pass unencrypted traffic between your container apps over the overlay network. Nginx服务应该是应用程序的入口点,您可以在其中使用提供的证书/密钥终止SSL,然后通过覆盖网络在容器应用程序之间传递未加密的流量。
It's a best practice to terminate SSL like this, and if you do want to encrypt network traffic within your cluster, then do so with separate certs from your ingress controller. 终止SSL的最佳做法是这样,如果您确实想对集群中的网络流量进行加密,则可以使用与入口控制器分离的证书进行加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.