写不出的时候不硬写。——鲁迅

环境

  • Nginx
  • Docker
  • 域名 [备案]
  • VS Code
    • Remote - SSH

流程

使用VS Code Remote - SSH连接服务器

进入服务器

image

如果连接不成功,也可能是服务器22端口未开放,去购买服务器的平台进行开发22端口即可。

image

image

我这里连接的是root文件夹

执行

由于我的*.linyisonger.cn已经配置过了,这里演示使用 *.frp.linyisonger.cm

docker run -it --rm --name certbot -v "/root/nginx/certbot/etc:/etc/letsencrypt" -v "/root/nginx/certbot/lib:/var/lib/letsencrypt" certbot/certbot certonly -d *.linyisonger.cn -d linyisonger.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

当出现以下内容时,不要着急回车。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.frp.linyisonger.cn and frp.linyisonger.cn

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.frp.linyisonger.cn.

with the following value:

lGqVq-2mBlBv_X1B8G95ejeW7WyvKJhmzkGfKbKHneY

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
进入域名服务商

我这里是阿里云,进控制台找到域名解析,增加记录

image

可以使用cmd验证一下是不是配置成功了,不一定可信,因为颁布证书给我们的服务商,那里获取的可能跟我们不一样。建议多等会儿,大概七八分钟左右。

验证
cmd
nslookup -type=txt _acme-challenge.linyisonger.cn 223.5.5.5

正确返回了配置的信息

服务器:  public1.alidns.com
Address:  223.5.5.5

非权威应答:
_acme-challenge.frp.linyisonger.cn      text =

        "lGqVq-2mBlBv_X1B8G95ejeW7WyvKJhmzkGfKbKHneY"
myssl

感觉这个更好一点

https://myssl.com/dns_check.html#ssl_verify

image

可以进入刚刚连接服务器的命令行界面,回车,当再次返回以下内容,OMG!😭那么你就需要重新再配置一遍啦。

Please deploy a DNS TXT record under the name:

_acme-challenge.frp.linyisonger.cn.

with the following value:

e02-takUtsaZXe5g-TPX-VeIVV9-vpbxbjT4a-cZf-c

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.frp.linyisonger.cn.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

成功啦🎉

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/frp.linyisonger.cn/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/frp.linyisonger.cn/privkey.pem
This certificate expires on 2022-06-26.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
配置Nginx

因为我这里使用的是docker-compose.yml文件建立的nginx。

version: '3'
services:
    nginx:
        container_name: docker_nginx
        image: nginx
        ports: 
            - 80:80
            - 443:443
        volumes:
            - ./log:/var/log/nginx
            - ./conf/nginx.conf:/etc/nginx/nginx.conf
            - ./conf.d:/etc/nginx/conf.d
            - ./html:/usr/share/nginx/html
            - ./certbot/etc:/etc/letsencrypt/ # 这里增加挂载证书文件夹即可
        restart: always

default.conf 增加443端口的配置

记住docker和服务器也要开启对443端口的监听哦~

server {
    listen       443;
    server_name  *.frp.linyisonger.cn; 
    ssl on;
    ssl_certificate    /etc/letsencrypt/live/frp.linyisonger.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/frp.linyisonger.cn/privkey.pem;

    location / {
      proxy_pass http://10.0.4.14:7001;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection keep-alive;
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

配置完毕后重启Nginx服务

docker-compose up --force-recreate --build -d

测试

image

image

# linux # docker # nginx
Logo
向您推荐>>Eolink开发者社区

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐

沃云统一开发平台介绍

沃云集成平台研发平台介绍1.平台优势2.平台原理3.研发平台使用方法4.遇到的问题5.现阶段实现的功能6.后续需要补充的功能和优化内容研发平台介绍1.平台优势解决孤岛式应用,实现能力共享;现有系统框架过于复杂,跨系统业务处理成本居高不下,协同服务共享,降低运维成本;提高项目应用资源监控能力,改善资源利用率;业务微服务化,快速发布、快速部署,快速响应业务需求变化;沃云平台不仅提供了自动化的、可快速部

avatar 云原生

(20200916 Solved)docker-compose up创建容器自动退出

问题描述如题,创建容器后自动退出了。并且docker start container无效解决方案原因是缺失了控制终端的配置,需要在docker-compose.yml中增加tty:true ,有时候这样也不行,需要再增加一个command:/bin/bash,命令不一定是这个,需要是一个不会退出的命令,然后用-d后台启动容器。Referencesdocker-compose启动容器后自动退出...

avatar 云原生

基于docker的test-containers环境百宝箱

笔者语录: 我开了个公众号【Java你我他】,欢迎大家关注。  在很多时候,程序猿们更关注代码本身,而不愿意把时间花费在环境搭建上,这也是Docker变得越来越受欢迎的原因之一。test-containe是Docker生态圈中的一颗新星,其 主要针对测试领域、背靠Docker实现环境百宝箱功能。  test-containers: 你要的环境,我都有~  假设我们现在需要一个redis-clust

avatar 云原生