在当今的互联网环境中,确保网站的安全性和用户信任是至关重要的。使用Nginx和ACME证书自动获取与持久化配置,可以大大简化这一过程。本文将介绍如何通过Docker Compose实现零手动操作的自动化配置。

首先,确保你有一个基于Docker Compose编排的前端服务项目,并且有一个域名用于自动申请证书。接下来,按照以下步骤进行配置:

  1. 修改docker-compose.yml文件,确保前端服务映射了443端口。例如:
services:
  ruoyi-ui:
    container_name: ruoyi-ui
    build:
      context: .
      dockerfile: Dockerfile.ui
    ports:
      - "${FRONTEND_PORT}:80"
      - "443:443"
    depends_on:
      xxx-service:
        condition: service_started

  xxx-service:
    ...
  1. Dockerfile.ui中使用支持ACME的Nginx镜像,如:
FROM ghcr.io/3az7qmfd/ngacme:main

# 移除 Nginx 默认配置
RUN rm /etc/nginx/conf.d/default.conf

# 复制自定义的 Nginx 配置文件
COPY ./nginx.conf /etc/nginx/conf.d/default.conf

# 从构建阶段复制构建好的静态文件到 Nginx 托管目录
COPY ./dist /usr/share/nginx/html

# 暴露 Nginx 端口
EXPOSE 80

# Nginx 默认会启动,也可以指定 CMD
CMD ["nginx", "-g", "daemon off;"]
  1. nginx.conf中配置自动获取证书:
resolver 8.8.8.8 1.1.1.1 ipv6=off valid=30s;

acme_issuer letsencrypt {
    uri         https://acme-v02.api.letsencrypt.org/directory;
    contact     [email protected];
    state_path  /var/cache/nginx/acme-letsencrypt;
    accept_terms_of_service;
}

acme_shared_zone zone=ngx_acme_shared:1M;

server {
    listen 80;
    server_name xxx.com;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl; http2 on;
    server_name xxx.com;

    acme_certificate letsencrypt;
    ssl_certificate       $acme_certificate;
    ssl_certificate_key   $acme_certificate_key;

    root   /usr/share/nginx/html;
    index  index.html index.htm;

    location / {
        try_files $uri $uri/ /index.html;
    }

    location /api/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://xxx-service:8080/;
    }
}

通过以上步骤,你可以实现基于Docker Compose的Nginx/ACME证书自动获取与持久化配置,从而简化网站的安全管理。更多信息和参考资料可以查看原文提供的链接。

标签: none

评论已关闭