因此,我正在尝试使用 bento/ubuntu-20.04 在 vagrant VM 中使用 docker 建立一个 drupal 站点。
我完成了本教程:https://www.digitalocean.com/community/tutorials/how-to-install-drupal-with-docker-compose。它似乎可以工作(在尝试设置 https 之前,我可以导航到我使用 http 80 的 URL),但尝试实施 certbot 设置时它不起作用。我不认为它直接是 certbot,因为当我这样做时:docker-compose exec webserver ls -lsh /etc/letsencrypt/live/server.otherrealm.org似乎有一个有效的证书。但是,当我尝试使用 https/443 查看站点时,它不起作用(给出“ The connection has timed out”)。我看不出我的配置有什么问题,但我过去一天一直在盯着它看,我需要别人重新审视它。谢谢!!如果有任何不清楚的地方请告诉我。
nginx-conf/nginx.conf
server {
listen 80;
listen [::]:80;
server_name server.otherrealm.org;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name server.otherrealm.org;
index index.php index.html index.htm;
root /var/www/html;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/server.otherrealm.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server.otherrealm.org/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass drupal:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
docker-compose.yml
version: '3.8'
services:
mysql:
image: mysql:latest
container_name: mysql
restart: unless-stopped
env_file: .env
volumes:
- db-data:/var/lib/mysql
networks:
- internal
drupal:
image: drupal:fpm-alpine
container_name: drupal
depends_on:
- mysql
restart: unless-stopped
networks:
- internal
- external
volumes:
- drupal-data:/var/www/html
webserver:
image: nginx:latest
container_name: webserver
depends_on:
- drupal
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- drupal-data:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt
networks:
- external
certbot:
depends_on:
- webserver
image: certbot/dns-google
container_name: certbot
volumes:
- certbot-etc:/etc/letsencrypt
- drupal-data:/var/www/html
command: certonly -d [sub.example.com] --webroot --webroot-path=/var/www/html --email [[email protected]] --agree-tos --no-eff-email --force-renewal
networks:
external:
driver: bridge
internal:
driver: bridge
volumes:
drupal-data:
db-data:
certbot-etc:
vagrant@manager:/vagrant$ docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------
certbot certbot certonly --webroot ... Exit 0
drupal docker-php-entrypoint php-fpm Up 9000/tcp
mysql docker-entrypoint.sh mysqld Up 3306/tcp, 33060/tcp
webserver /docker-entrypoint.sh ngin ... Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
vagrant@manager:/vagrant$ docker-compose 日志 certbot
(当然,现在它说的是...too many certificates already issued for exact set of domains...,但那是因为我试了太多次