如何将 Let encrypt 添加到在 Elastic Beanstalk 上运行的多容器中
[英]How to add lets encrypt to a multi container running on Elastic Beanstalk
问题描述
I am try to add https to my domain using lets encrypt on aws eb.
我正在尝试使用 let encrypt on aws eb 将 https 添加到我的域中。 I am on a tight budget so I can't afford to use the AWS cert and load balancer.我的预算很紧,所以我负担不起使用 AWS 证书和负载均衡器。 I have combed the web to find the best way to go about this but I seem to find only implementation using single containers hence the use of .ebextensions The only documentation I have found on stack overflow that came close was HTTPS on Elastic Beanstalk (Docker Multi-container) I have combed the web to find the best way to go about this but I seem to find only implementation using single containers hence the use of .ebextensions The only documentation I have found on stack overflow that came close was HTTPS on Elastic Beanstalk (Docker Multi -容器)
I also found a documentation on how to use Dockerrun.aws.json on Free HTTPS on AWS Elastic Beanstalk without Load Balancer我还找到了有关如何在没有负载均衡器的 AWS Elastic Beanstalk 上的免费 HTTPS 上使用 Dockerrun.aws.json 的文档
but I can not seem to get the config right.但我似乎无法正确配置。 I already have an nginx server already.我已经有一个 nginx 服务器了。 How do I configure jwilder/nginx-proxy, jrcs/letsencrypt-nginx-proxy-companion and nginx如何配置 jwilder/nginx-proxy、jrcs/letsencrypt-nginx-proxy-companion 和 nginx
Dockerrun.aws.json
{
"AWSEBDockerrunVersion": 2,
"volumes": [{
"name": "home-ec2-user-certs",
"host": {
"sourcePath": "/home/ec2-user/certs"
}
},
{
"name": "etc-nginx-vhost-d",
"host": {
"sourcePath": "/etc/nginx/vhost.d"
}
},
{
"name": "usr-share-nginx-html",
"host": {
"sourcePath": "/usr/share/nginx/html"
}
},
{
"name": "var-run-docker-sock",
"host": {
"sourcePath": "/var/run/docker.sock"
}
}
],
"containerDefinitions": [{
"name": "client",
"image": "example/site-client",
"hostname": "client",
"essential": false,
"memory": 128,
"environment": [{
"name": "VIRTUAL_HOST",
"value": "www.example.com, example.com"
},
{
"name": "LETSENCRYPT_HOST",
"value": "www.example.com, example.com"
}
]
},
{
"name": "server",
"image": "example/site-server",
"hostname": "api",
"essential": false,
"memory": 128
},
{
"name": "admin",
"image": "example/site-admin",
"hostname": "admin",
"essential": false,
"memory": 128,
"environment": [{
"name": "VIRTUAL_HOST",
"value": "admin.example.com"
},
{
"name": "LETSENCRYPT_HOST",
"value": "admin.example.com"
}
]
},
{
"name": "worker",
"image": "example/site-worker",
"hostname": "worker",
"essential": false,
"memory": 128
},
{
"name": "sales",
"image": "example/site-payment",
"hostname": "sales",
"essential": false,
"memory": 128
},
{
"name": "nginx-proxy",
"image": "jwilder/nginx-proxy",
"essential": true,
"memoryReservation": 128,
"dockerLabels": {
"com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy": "true"
},
"portMappings": [{
"containerPort": 80,
"hostPort": 80
},
{
"containerPort": 443,
"hostPort": 443
}
],
"mountPoints": [{
"sourceVolume": "home-ec2-user-certs",
"containerPath": "/etc/nginx/certs",
"readOnly": true
},
{
"sourceVolume": "etc-nginx-vhost-d",
"containerPath": "/etc/nginx/vhost.d"
},
{
"sourceVolume": "usr-share-nginx-html",
"containerPath": "/usr/share/nginx/html"
},
{
"sourceVolume": "var-run-docker-sock",
"containerPath": "/tmp/docker.sock",
"readOnly": true
}
]
},
{
"name": "letsencrypt-nginx-proxy-companion",
"image": "jrcs/letsencrypt-nginx-proxy-companion",
"essential": true,
"memoryReservation": 128,
"volumesFrom": [{
"sourceContainer": "nginx-proxy"
}],
"mountPoints": [{
"sourceVolume": "home-ec2-user-certs",
"containerPath": "/etc/nginx/certs"
},
{
"sourceVolume": "var-run-docker-sock",
"containerPath": "/var/run/docker.sock",
"readOnly": true
}
]
},
{
"name": "nginx",
"image": "example/site-nginx",
"hostname": "nginx",
"essential": true,
"portMappings": [{
"hostPort": 80,
"containerPort": 80
}],
"links": ["client", "server", "admin", "sales"],
"memory": 128
}
]
}
And my nginx file还有我的 nginx 文件
upstream client {
server client:3000;
}
upstream admin {
server admin:8000;
}
upstream sales {
server sales:8626;
}
upstream api {
server api:5000;
}
{
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_ur;
}
server {
# listen 80;
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem.;
ssl_certificate_key /etc/letsencrypt/live/example.com/fullchain.pem.;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://client;
}
location /sales {
rewrite /sales/(.*) /$1 break;
proxy_pass http://sales;
}
location /api {
rewrite /api/(.*) /$1 break;
proxy_pass http://api;
}
}
server {
listen 80;
server_name admin.example.com;
location / {
proxy_pass http://admin;
}
}
1 个解决方案
解决方案1
2 已采纳 2020-08-20 12:37:39
One could "Dockerize" the nginx server and run a few configuration scripts when setting up.可以“Dockerize” nginx 服务器并在设置时运行一些配置脚本。 So something like this:所以是这样的:
FROM nginx:1.16-alpine
RUN apk add --no-cache certbot
RUN mkdir /var/lib/certbot
COPY scripts/setup.sh /setup.sh
RUN chmod +x /setup.sh
COPY config/nginx.conf /etc/nginx/nginx.conf
ENTRYPOINT [ "../setup.sh" ]
The script:剧本:
#!/bin/sh
certbot certonly -n -d DOMAINS \
--standalone --preferred-challenges http --email EMAIL --agree-tos --expand
/usr/sbin/nginx -g "daemon off;"
And then just add the ssl certificate and the key to your nginx configuration as you normally would.然后像往常一样将 ssl 证书和密钥添加到 nginx 配置中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.