个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
30
4
我想使用 docker-compose 文件设置 nginx 服务器,使用 letsencrypt 在我的 AWS EC 2 实例上启用 https。
不过80端口和443端口好像是关闭的。
应用程序本身在可以是 reached 的端口 5000 下运行,但是没有启用 https。
编辑这是(几乎)完整的 docker-compose.yml,我只在“服务”下添加了最后一部分,名为 letsencrypt。遗漏标记为 ([...]):
version: "3"
volumes:
mongodb_data:
external: false
networks:
cocoannotator:
external: false
services:
webserver:
image: jsbroks/coco-annotator:webserver-stable
container_name: annotator_webclient
restart: always
ports:
- "5000:5000"
[...]
depends_on:
- database
- workers
networks:
- cocoannotator
workers:
container_name: annotator_workers
image: jsbroks/coco-annotator:workers-stable
[...]
depends_on:
- messageq
- database
networks:
- cocoannotator
messageq:
image: rabbitmq:3
container_name: annotator_message_q
[...]
networks:
- cocoannotator
database:
image: mongo:4.0
container_name: annotator_mongodb
restart: always
[...]
networks:
- cocoannotator
letsencrypt:
image: linuxserver/letsencrypt
container_name: letsencrypt
network_mode: host
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./config:/config
environment:
# Domain name
- URL=my-website-name.com
- TZ=America/New_York
- PGID=1000
- PUID=1000
# Subdomains to encrypt
- SUBDOMAINS=www,annotator
cap_add:
- NET_ADMIN
它在本地文件夹 ./config/nginx/site-confs/default 中为 nginx 生成一个配置文件默认配置什么都不做,所以按照 author 的建议,我像这样覆盖了文件:
server {
listen 80;
server_name my-website-name.com www.my-website-name.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name _;
root /config/www;
include /config/nginx/ssl.conf;
location / {
index index.html index.htm;
include /config/nginx/proxy.conf;
}
}
server {
listen 443 ssl;
server_name annotator.*;
include /config/nginx/ssl.conf;
location / {
include /config/nginx/proxy.conf;
proxy_pass http://localhost:5000/;
}
location /socket.io {
include /config/nginx/proxy.conf;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://localhost:5000/socket.io;
}
}
我在 docker-compose.yml 和 conf 中编辑的唯一一行是添加我自己的网站名称 (my-website-name.com )。conf 文件似乎公开了正确的 http://localhost:5000/。
我不确定我错过了什么。我找不到任何防火墙等。
>$ sudo ufw status
Status: inactive
更新:
这是 netstat -anp | 的输出grep -i 监听
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::5000 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
unix 2 [ ACC ] STREAM LISTENING 147252 - @/containerd-shim/moby/237614275f32621bfd15c8687fca24c735e48daeffd655ee6fe00fad5ca5d9ca/shim.sock@
unix 2 [ ACC ] SEQPACKET LISTENING 12687 - /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 123417 31697/systemd /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 123421 31697/systemd /run/user/1000/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 123422 31697/systemd /run/user/1000/snapd-session-agent.socket
unix 2 [ ACC ] STREAM LISTENING 123423 31697/systemd /run/user/1000/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 123424 31697/systemd /run/user/1000/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 123425 31697/systemd /run/user/1000/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 123426 31697/systemd /run/user/1000/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 141776 - @/containerd-shim/moby/b943888c331bf79cd6c1e2f7171a5961dddbb9ae163cfa1f27d2e7b6d4662444/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 17631 - @irqbalance924.sock
unix 2 [ ACC ] STREAM LISTENING 141767 - @/containerd-shim/moby/6422696dfae2f404290918b4afff5a9e65155ed1ec333bc0e72994b565e702d5/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 145693 - @/containerd-shim/moby/fb9846bebcc81350c98c47f2c15811526cca22c30a0945ae7c227f921a305cce/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 16691 - /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 16571 - /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 16645 - /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 16647 - /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 16649 - /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 16651 - /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 16653 - @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 141079 - @/containerd-shim/moby/31e14e9fa86fef5166d10363c9a4dd136af9f67f8c0d6f4bf79ebac50a474452/shim.sock@
unix 2 [ ACC ] STREAM LISTENING 12676 - /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 12690 - /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 12702 - /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 43836 - /run/containerd/containerd.sock
unix 2 [ ACC ] STREAM LISTENING 44186 - /var/run/docker.sock
unix 2 [ ACC ] STREAM LISTENING 44343 - /var/run/docker/metrics.sock
unix 2 [ ACC ] STREAM LISTENING 45208 - /var/run/docker/libnetwork/ef4bf6e21227.sock
unix 2 [ ACC ] STREAM LISTENING 12891 - /run/lvm/lvmetad.socket
最佳答案
我设法通过添加一个外部网络在本地运行它,并将 letsencrypt(现在是 SWAG)添加到该外部网络和 cocoannotator 网络并删除 network_mode: "host"(我相信意味着它使用默认的“桥”?)
docker-compose.yml 的内容:
version: "3"
volumes:
mongodb_data:
external: false
networks:
cocoannotator:
external: false
external_net:
external: true
services:
letsencrypt:
image: linuxserver/swag
container_name: letsencrypt
ports:
- 80:80
- 443:443
restart: always
volumes:
- ./config:/config
environment:
# Domain name
- URL=domain.com
- TZ=Europe/London
- PGID=1000
- PUID=1000
# Subdomains to encrypt
cap_add:
- NET_ADMIN
networks:
- external_net
- cocoannotator
webserver:
image: jsbroks/coco-annotator:webserver-stable
container_name: annotator_webclient
restart: always
environment:
- SECRET_KEY=RandomSecretKeyHere
- FILE_WATCHER=true
- ALLOW_REGISTRATION=false
volumes:
- "./datasets:/datasets"
- "./models:/models"
depends_on:
- database
- workers
networks:
- cocoannotator
workers:
container_name: annotator_workers
image: jsbroks/coco-annotator:workers-stable
volumes:
- "./datasets:/datasets"
depends_on:
- messageq
- database
networks:
- cocoannotator
messageq:
image: rabbitmq:3
container_name: annotator_message_q
environment:
- RABBITMQ_DEFAULT_USER=user
- RABBITMQ_DEFAULT_PASS=password
networks:
- cocoannotator
database:
image: mongo:4.0
container_name: annotator_mongodb
restart: always
environment:
- MONGO_DATA_DIR=/data/db
- MONGO_LOG_DIR=/dev/null
volumes:
- "mongodb_data:/data/db"
command: "mongod --smallfiles --logpath=/dev/null"
networks:
- cocoannotator
这是配置\nginx\site-confs\default:
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domain.com;
include /config/nginx/ssl.conf;
location / {
include /config/nginx/proxy.conf;
proxy_pass http://webserver:5000/;
}
location /socket.io {
include /config/nginx/proxy.conf;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://webserver:5000/socket.io;
}
}
将 letsencrypt 服务添加到 cocoannotator 网络可以让您使用“webserver”作为主机名,因为从技术上讲它不是“localhost”。
关于amazon-web-services - AWS EC2 : Cannot reach port 80 or 443 (https) using letsencrypt and nginx via docker,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62194525/
30
4
0
我是一名优秀的程序员,十分优秀!