• 时间:
  • 分类:

玩具机器一直没有证书,本文添加与记录一下。

nginx + acme 的docker-compose文件

version: '2.1'
services:
  nginxi-certs:
    image: nginxproxy/acme-companion
    container_name: 'nginx-certs'
    volumes_from:
      - 'nginx'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
    environment:
      DEFAULT_EMAIL: 'me@bigbrotherlee.com'
  nginx:
    image: nginxproxy/nginx-proxy
    container_name: 'nginx'
    volumes:
      - 'certs:/etc/nginx/certs'
      - 'vhost:/etc/nginx/vhost.d'
      -  'html:/usr/share/nginx/html'
      - 'nginx_data:/etc/nginx/'
      - '/var/run/docker.sock:/tmp/docker.sock:ro'
    ports:
      - '80:80'
      - '443:443'
      - '3306:3306'
      - '6379:6379'
    networks:
      public :
networks:
  public:
    external: true
volumes:
  certs:
    external: true
  html:
    external: true
  vhost:
    external: true
  nginx_data:
    external: true

服务

  • portainer:

    version: '2.1'
services:
portainer:
  image: portainer/portainer-ce
  container_name: 'portainer'
  environment:
    VIRTUAL_HOST: 'server.bigbrotherlee.com'
    LETSENCRYPT_HOST: 'server.bigbrotherlee.com'
    VIRTUAL_PORT: 9000
  volumes:
    - '/var/run/docker.sock:/var/run/docker.sock'
    - 'portainer_data:/data'
  networks:
    public :
networks:
public:
  external: true
volumes:
portainer_data:
  external: true

  • showdoc

    version: '2.1'
services:
showdoc:
  image: star7th/showdoc
  mem_limit: 2048m
  container_name: 'showdoc'
  environment:
    VIRTUAL_HOST: 'doc.bigbrotherlee.com'
    LETSENCRYPT_HOST: 'doc.bigbrotherlee.com'
    VIRTUAL_PORT: 80
  networks:
    public :
networks:
public:
  external: true

  • tasks

    version: '2.1'
services:
task:
  image: whyour/qinglong:latest
  container_name: 'qinglong'
  environment:
    VIRTUAL_HOST: 'task.bigbrotherlee.com'
    LETSENCRYPT_HOST: 'task.bigbrotherlee.com'
    VIRTUAL_PORT: 5700
  networks:
    public :
networks:
public:
  external: true

  • drive

    version: '2.1'
services:
alist:
  image: xhofe/alist:latest
  container_name: 'alist'
  volumes:
    - 'alist_data:/opt/alist/data'
  environment:
    VIRTUAL_HOST: 'drive.liganma.com,drive.bigbrotherlee.com'
    LETSENCRYPT_HOST: 'drive.liganma.com,drive.bigbrotherlee.com'
    VIRTUAL_PORT: 5244
  networks:
    public :
volumes:
alist_data:
  external: true
networks:
public:
  external: true

另外

mysql与redis也走代理,在nginx.conf添加

stream {
  server {
    listen 6379;
    proxy_pass redis:6379;
  }
  server {
    listen 3306;
    proxy_pass mysql:3306;
  }
}

总结

核心是这个监听了docker状态,使得nginx可以与容器交互,这样就使得nginx可以自动代理添加了特定环境变量的容器。
另外,整个服务就只有nginx对外暴露了端口,使得整个服务都在nginx代理的控制之下。可惜了我在showdoc保存的文档了,全没了,建volume真的是一个很好的习惯。

标签: docker

添加新评论