[英]How to publish services with ssl using docker-compose?
I have a service using finatra
server running on docker container. 我有一个使用在
finatra
容器上运行的finatra
服务器的服务。 Currently I am using letsencrypt , and I created my .pfx
file etc. But I don't know how to use it with docker-compose
. 目前,我正在使用letsencrypt,并创建了
.pfx
文件等。但是我不知道如何在docker-compose
使用它。 I have a keystore
folder inside my project which has my ssl files. 我的项目内有一个
keystore
文件夹,其中包含我的ssl文件。 Here is my docker-compose.yml
这是我
docker-compose.yml
version: '2'
services:
test:
build: target/docker/stage
ports:
- "9999:9999"
- "9990:9990"
links:
- mongo:mongo
depends_on:
- mongo
mongo:
image: mongo
ports:
- "27017:27017"
volumes:
- ./mydb:/data/db
I recommend using nginx and its SSL Termination capability: https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/ 我建议使用nginx及其SSL终止功能: https : //docs.nginx.com/nginx/admin-guide/security-controls/terminate-ssl-http/
The nginx service should be the entry point to your application, where you terminate SSL using your provided cert/key then pass unencrypted traffic between your container apps over the overlay network. Nginx服务应该是应用程序的入口点,您可以在其中使用提供的证书/密钥终止SSL,然后通过覆盖网络在容器应用程序之间传递未加密的流量。
It's a best practice to terminate SSL like this, and if you do want to encrypt network traffic within your cluster, then do so with separate certs from your ingress controller. 终止SSL的最佳做法是这样,如果您确实想对集群中的网络流量进行加密,则可以使用与入口控制器分离的证书进行加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.