[英]How to change http to https using LetsEncrypt with 'docker: nginx + uwgsi + django + solr + db + …'?
Currently I use official nginx
docker image + my own 'django with uwsgi' build and everything works ok. 目前,我使用官方的nginx
docker镜像+我自己的“带有uwsgi的django”构建,一切正常。 I want to add SSL
to the project using jwilder/nginx-proxy
+ jrcs/letsencrypt-nginx-proxy-companion
. 我想使用jwilder/nginx-proxy
+ jrcs/letsencrypt-nginx-proxy-companion
将SSL
添加到项目中。
The structure of my project is the next: 下一个是我的项目的结构:
myproject/
| -- data/
| -- media/
| -- static/
| -- sources/
| -- dockerfiles/
| -- nginx/
| -- nginx.conf
| -- uwsgi_params
| -- solr/
| -- default/ (configs)
| -- Dockerfile
| -- web/
| -- Dockerfile
| -- requirements.txt
| -- myproject/
| -- app_1/
| -- app_2/
| -- settings/
| -- myproject_uwsgi.ini
| -- docker-compose.yml
The relative configs are below: 相对配置如下:
# myproject/sources/docker-compose.yml
version: '2'
services:
nginx:
image: nginx:latest
container_name: myproject_nginx-container
ports:
- "80:80"
depends_on:
- web
volumes:
- ./dockerfiles/nginx:/etc/nginx/conf.d
- ../static:/static
- ../media:/media
web:
build: ./dockerfiles/web/
container_name: myproject_django-container
command: bash -c 'uwsgi --ini ./settings/myproject_uwsgi.ini'
volumes:
- ./web:/web
- ../static:/static
- ../media:/media
solr-docker:
build: ./dockerfiles/solr/
container_name: myproject_solr-container
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- default
ports:
- "8983:8983"
volumes:
- ./dockerfiles/solr/default:/opt/solr/server/solr/mycores/default # configs
- ../data/solr/default/data:/opt/solr/server/solr/mycores/default/data # indexes
# other-services...
next: 下一个:
# myproject/sources/myproject/settings/myproject_uwsgi.ini
[uwsgi]
master = True
lazy-apps = True
# Number of worker processes for handling requests
%k = cpu count
processes = %(%k * 2)
# Number of threads for handling requests
threads = %(%k * 2)
# Respawn processes that take more than ... seconds
# harakiri = 20
# Respawn processes after serving ... requests
max-requests = 5000
# Clear environment on exit
vacuum = True
# the base directory (full path)
chdir = /myproject/
# Django's wsgi file (path starting from chdir/)
module = settings.wsgi:application
# location of settings
# env = DJANGO_SETTINGS_MODULE=$(DJANGO_PROJECT_NAME).settings
socket = :8000
and one more: 还有一个:
# myproject/dockerfiles/nginx/nginx.conf
upstream django {
ip_hash;
server web:8000;
}
# Redirection from WWW to non-WWW
server {
listen 80;
server_name www.myproject.com;
rewrite ^/(.*) http://myproject.com/$1 permanent;
}
server {
listen 80 default_server;
server_name myproject.com;
charset utf-8;
keepalive_timeout 5;
location /media {
alias /media;
}
location /static {
alias /static;
}
location / {
uwsgi_pass django;
include uwsgi_params;
}
}
uwsgi_params
file has a typical configuration which can be seen HERE . uwsgi_params
文件具有典型配置,可以在此处查看。
How to convert http
to https
you can find in my answer below. 如何将http
转换为https
,可以在下面的答案中找到。
In order to implement https
, it is necessary to add to the existing docker-compose.yml
the next two images: jwilder/nginx-proxy
+ jrcs/letsencrypt-nginx-proxy-companion
and add environment variables for: nginx
service which serves django
via uwsgi
+ for solr
. 为了实现https
,有必要将以下两个图像添加到现有docker-compose.yml
中: jwilder/nginx-proxy
+ jrcs/letsencrypt-nginx-proxy-companion
并添加以下环境变量:用于服务django
nginx
服务通过uwsgi
+进行solr
。 Everything else (configs) can be kept as is. 其他所有内容(配置)都可以保持不变。
So here is the final result: 因此,这是最终结果:
# myproject/sources/docker-compose.yml
version: '2'
services:
nginx-proxy: # <-- NEW SECTION
image: jwilder/nginx-proxy
container_name: myproject_nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "/etc/nginx/conf.d"
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
- "./volumes/proxy/certs:/etc/nginx/certs"
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
letsencrypt-companion: # <-- NEW SECTION
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: myproject_letsencrypt-companion-container
volumes_from:
- nginx-proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./volumes/proxy/certs:/etc/nginx/certs:rw"
# ###############################
# Old settings. ALMOST identical.
nginx:
image: nginx:latest
container_name: myproject_nginx-container
# ports: <-- REMOVE SECTION
# - "80:80"
volumes:
- ./dockerfiles/nginx:/etc/nginx/conf.d
- ../static:/static
- ../media:/media
depends_on:
- nginx-proxy # <-- NEW SECTION
- web
environment: # <-- NEW SECTION
- VIRTUAL_HOST=myproject.com
- LETSENCRYPT_HOST=myproject.com
- LETSENCRYPT_EMAIL=info@myproject.com
web:
build: ./dockerfiles/web/
container_name: myproject_django-container
command: bash -c 'uwsgi --ini ./settings/myproject_uwsgi.ini'
volumes:
- ./web:/web
- ../static:/static
- ../media:/media
solr-docker:
build: ./dockerfiles/solr/
container_name: myproject_solr-container
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- default
# ports: <-- REMOVE SECTION
# - "8983:8983"
volumes:
- ./dockerfiles/solr/default:/opt/solr/server/solr/mycores/default # configs
- ../data/solr/default/data:/opt/solr/server/solr/mycores/default/data # indexes
environment: # <-- NEW SECTION
- VIRTUAL_HOST=solr.myproject.com
- VIRTUAL_PORT=8983
- LETSENCRYPT_HOST=solr.myproject.com
- LETSENCRYPT_EMAIL=info@myproject.com
# other-services...
If you want to open Solr
's dashboard now, instead of myproject.com:8983
you need to use solr.myproject.com
. 如果要立即打开Solr
的仪表板,而不是myproject.com:8983
,则需要使用solr.myproject.com
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.