我有一个 Golang 项目和两个 but 项目。我想从同一个 EC2 提供服务,该 EC2 指向 3 个不同的域(stage.mysite.com、stage.admin.mysite.com 和 stage.user.mysite.com)。
我想用 docker 为他们服务。这是我的 docker-compose 文件:
./deploy/compose/docker-compose.ymlversion: '3.8'
services:
postgresd:
# code for postgres docker
api:
container_name: api
depends_on:
- postgresd
build:
context: ../..
dockerfile: deploy/compose/Dockerfile
env_file:
- ../../.env
labels:
logging: "promtail"
ports:
- "${WEB_APP_PORT}:4000"
restart: on-failure
networks:
main:
nginx:
container_name: app-nginx
image: nginx:alpine
env_file:
- ../../.env
ports:
- "${NGINX_PORT}:80"
- "${NGINX_SSL_PORT}:443"
restart: on-failure
networks:
main:
depends_on:
- asuntogo-api
volumes:
- ./nginx/:/etc/nginx/conf.d/
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
- ./admin-fe/:/var/www/admin-fe
- ./user-fe/:/var/www/user-fe
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
volumes:
pgdata:
networks:
main:
这是我的部署文件树:
deploy
└── compose
├── Dockerfile # docker file for golang app
├── admin-fe # admin frontend build files
├── docker-compose.yml
├── nginx
│ └── app.conf
└── user-fe # user frontend build files
app.confserver {
listen 80;
server_name stage.mysite.com www.stage.mysite.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name stage.mysite.com www.stage.mysite.com;
ssl_certificate /etc/letsencrypt/live/stage.mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stage.mysite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://api:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/health {
access_log off;
add_header 'Content-Type' 'application/json';
return 200 '{"status":"UP"}';
}
}
server {
listen 80;
server_name stage.admin.mysite.com www.stage.admin.mysite.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name stage.admin.mysite.com stage.admin.mysite.com;
ssl_certificate /etc/letsencrypt/live/stage.admin.mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stage.admin.mysite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
charset utf-8;
root /var/www/admin-fe;
index index.html;
location / {
root /var/www/admin-fe;
try_files $uri /index.html;
}
error_log /var/log/nginx/admin-fe-error.log;
access_log /var/log/nginx/admin-fe-access.log;
}
server {
listen 80;
server_name stage.user.mysite.com www.stage.user.mysite.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name stage.user.mysite.com www.stage.user.mysite.com;
ssl_certificate /etc/letsencrypt/live/stage.user.mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stage.user.mysite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
charset utf-8;
root /var/www/user-fe;
index index.html;
location / {
root /var/www/user-fe;
try_files $uri /index.html;
}
error_log /var/log/nginx/user-fe-error.log;
access_log /var/log/nginx/user-fe-access.log;
}
我使用以下命令为我的所有域创建了证书:
sudo certbot certonly --standalone --preferred-challenges http -d example.com
创建证书后,我将其移至
deploy/compose/certbot/deploy/compose/certbot/conf/live/当我尝试运行
docker compose up --buildapp_nginx | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/stage.admin.mysite.come/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/stage.admin.mysite.come/fullchain.pem, r) error:10000080:BIO routines::no such file)
如何解决这个问题?我对 nginx 很陌生。预先感谢。
经过几次尝试,我已经成功部署了每个应用程序。
这是我遵循的方法。
错误信息显示Nginx在上述路径中找不到创建的证书。因此,我尝试使用我的 docker 容器
certbotcertbot这是我在 docker 构建之前在 EC2 中运行的命令。
sudo docker-compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
--email [email protected] \
-d your-domain.com \
--rsa-key-size 4096 \
--agree-tos \
--force-renewal" certbot
此命令在
deploy/compose/certbot/conf/live我对我的所有域都这样做。然后我运行
sudo docker compose up --build注意:还要清理我的 nginx 的 docker 卷。