ssl - jwilder/nginx 代理 : Not able to integrate ssl with Nginx

Question

我们正在努力通过 SSL 使用单个端口和 jwilder/nginx-proxy 设置多个网站托管，我们能够在没有 ssl 的情况下部署解决方案并且它工作正常但是当我们尝试使用 SSL 时它失败了HTTPs 调用。我们的 docker-compose 文件如下:

docker-compose.yml

site1:
  build: site1
  environment:
    VIRTUAL_HOST: site1.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

site2:
  build: site2
  environment:
    VIRTUAL_HOST: site2.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

site3:
  build: site3
  environment:
    VIRTUAL_HOST: site3.domainlocal.com
    VIRTUAL_PROTO: https
  restart: always

nginx-proxy:
  image: jwilder/nginx-proxy:alpine
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - certs:/etc/nginx/certs:ro

  restart: always
  privileged: true

PS:“certs”文件夹与 docker-compose 文件保存在同一文件夹中。

使用 openssl 使用自签名证书

文件夹结构如下:

Main_folder-|
            |- docker-compose.yml
            |
            |- certs/.csr and .key files
            |
            |- site1/Dockerfile + Nodejs
            |- site2/Dockerfile + Nodejs
            |- site3/Dockerfile + Nodejs

请提出问题的可能原因和解决方案。

docker ps 的输出:

CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                                      NAMES
c71b52c3e6bd        compose_site3   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site3_1
41ffb9ec3983        jwilder/nginx-proxy   "/app/docker-entry..."   3 days ago          Up 3 days           0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   compose_nginx-proxy_1
a154257c62ec        compose_site1   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site1_1
3ed556e9287e        compose_site2   "/bin/sh -c 'node ..."   3 days ago          Up 3 days           80/tcp                                     compose_site2_1

Answer 1

所以在花了这么多时间之后，我终于能够解决这个问题。因此，对于与 jwilder/nginx-proxy 的 ssl 集成，没有强制要求在域名称中命名证书和 key ，而是它可以是任何名称，只需要在 docker-compose 文件中提及证书名称(我发现这种方法通过点击和试用)。所以你的 docker compose 文件应该是这样的:

site1:
  build: site1
  environment:
    VIRTUAL_HOST: site1.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always

site2:
  build: site2
  environment:
    VIRTUAL_HOST: site2.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always

site3:
  build: site3
  environment:
    VIRTUAL_HOST: site3.domainlocal.com
    CERT_NAME: mycertificate
  volumes:
    - /etc/ssl/certs:/etc/ssl/certs:ro
  restart: always

nginx-proxy:
  image: jwilder/nginx-proxy:alpine
  ports:
    - "80:80"
    - "443:443"
  environment:
    DEFAULT_HOST: domainlocal.com #default host
    CERT_NAME: mycertificate # Wildcard Certificate name without extension  
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock:ro
    - /etc/ssl/certs:/etc/nginx/certs  #certificate path in docker container

  restart: always
  privileged: true

然后使用“docker-compose up --build”构建并运行组合，恭喜你现在已经进入安全层了。