写不出的时候不硬写。——鲁迅

环境

  • Nginx
  • Docker
  • 域名 [备案]
  • VS Code
    • Remote - SSH

流程

使用VS Code Remote - SSH连接服务器

进入服务器

image

如果连接不成功,也可能是服务器22端口未开放,去购买服务器的平台进行开发22端口即可。

image

image

我这里连接的是root文件夹

执行

由于我的*.linyisonger.cn已经配置过了,这里演示使用 *.frp.linyisonger.cm

docker run -it --rm --name certbot -v "/root/nginx/certbot/etc:/etc/letsencrypt" -v "/root/nginx/certbot/lib:/var/lib/letsencrypt" certbot/certbot certonly -d *.linyisonger.cn -d linyisonger.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

当出现以下内容时,不要着急回车。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.frp.linyisonger.cn and frp.linyisonger.cn

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.frp.linyisonger.cn.

with the following value:

lGqVq-2mBlBv_X1B8G95ejeW7WyvKJhmzkGfKbKHneY

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
进入域名服务商

我这里是阿里云,进控制台找到域名解析,增加记录

image

可以使用cmd验证一下是不是配置成功了,不一定可信,因为颁布证书给我们的服务商,那里获取的可能跟我们不一样。建议多等会儿,大概七八分钟左右。

验证
cmd
nslookup -type=txt _acme-challenge.linyisonger.cn 223.5.5.5

正确返回了配置的信息

服务器:  public1.alidns.com
Address:  223.5.5.5

非权威应答:
_acme-challenge.frp.linyisonger.cn      text =

        "lGqVq-2mBlBv_X1B8G95ejeW7WyvKJhmzkGfKbKHneY"
myssl

感觉这个更好一点

https://myssl.com/dns_check.html#ssl_verify

image

可以进入刚刚连接服务器的命令行界面,回车,当再次返回以下内容,OMG!😭那么你就需要重新再配置一遍啦。

Please deploy a DNS TXT record under the name:

_acme-challenge.frp.linyisonger.cn.

with the following value:

e02-takUtsaZXe5g-TPX-VeIVV9-vpbxbjT4a-cZf-c

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.frp.linyisonger.cn.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

成功啦🎉

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/frp.linyisonger.cn/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/frp.linyisonger.cn/privkey.pem
This certificate expires on 2022-06-26.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
配置Nginx

因为我这里使用的是docker-compose.yml文件建立的nginx。

version: '3'
services:
    nginx:
        container_name: docker_nginx
        image: nginx
        ports: 
            - 80:80
            - 443:443
        volumes:
            - ./log:/var/log/nginx
            - ./conf/nginx.conf:/etc/nginx/nginx.conf
            - ./conf.d:/etc/nginx/conf.d
            - ./html:/usr/share/nginx/html
            - ./certbot/etc:/etc/letsencrypt/ # 这里增加挂载证书文件夹即可
        restart: always

default.conf 增加443端口的配置

记住docker和服务器也要开启对443端口的监听哦~

server {
    listen       443;
    server_name  *.frp.linyisonger.cn; 
    ssl on;
    ssl_certificate    /etc/letsencrypt/live/frp.linyisonger.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/frp.linyisonger.cn/privkey.pem;

    location / {
      proxy_pass http://10.0.4.14:7001;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection keep-alive;
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

配置完毕后重启Nginx服务

docker-compose up --force-recreate --build -d

测试

image

image

# linux # docker # nginx
Logo
向您推荐>>Eolink开发者社区

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐

ELK实现containerd的容器日志采集展示【基于logging的全栈监测】

企业级ELK Stack构建介绍

avatar 云原生

深入理解 Mocha 测试框架:从零实现一个 Mocha

前言什么是自动化测试自动化测试在很多团队中都是Devops环节中很难执行起来的一个环节,主要原因在于测试代码的编写工作很难抽象,99%的场景都需要和业务强绑定,而且写测试代码的编写工作量往往比编写实际业务代码的工作量更多。在一些很多业务场景中投入产出比很低,适合写自动化测试的应该是那些中长期业务以及一些诸如组件一样的基础库。自动化测试是个比较大的概念,其中分类也比较多,比如单元测试,端对端测试,集

avatar 云原生

(20200916 Solved)docker-compose up创建容器自动退出

问题描述如题,创建容器后自动退出了。并且docker start container无效解决方案原因是缺失了控制终端的配置,需要在docker-compose.yml中增加tty:true ,有时候这样也不行,需要再增加一个command:/bin/bash,命令不一定是这个,需要是一个不会退出的命令,然后用-d后台启动容器。Referencesdocker-compose启动容器后自动退出...

avatar 云原生