英文:
Frontend and Backend with HTTPS and one IP nginx
问题
I have a pretty simple project, with a backend in Django and a frontend in React. The front end is hosted on Netlify with a custom-bought domain and has an HTTPS security layer. The Django app is hosted on a DIgitalOcean Droplet and uses docker-compose. Initially, it used to use HTTP, but there were problems with the browser that did not allow that.
So, I am trying to put HTTPS also in the backend. I am trying to add nginx as a proxy to my docker-compose, and that looks fine, the problem seems to be that I cannot use the same domain to use let's encrypt to secure my connection.
I mean, let's say my domain is exaple.com, I try to use api.exaple.com, as suggested in other StackOverflow questions, but this seems not to be working. I tried to add the domain to digital ocean, and modify the settings on GoDaddy DNS (but it keeps not allowing them ).
For reference, here is the docker-compose file:
version: "3.9"
services:
db:
...
redis:
...
my_table:
container_name: my_table
build: .
command: ["python", "-m", "gunicorn", "--bind", "0.0.0.0:5000", "-c", "gunicorn.conf.py", "mytable.wsgi"]
volumes:
- .:/api
ports:
- "5000:5000"
depends_on:
- db
- redis
celery:
...
nginx:
build: ./nginx
ports:
- 80:80
- 443:443
restart: always
volumes:
- ./nginx/conf/:/etc/nginx/conf.d/:ro
- ./certbot/www:/var/www/certbot/:ro
depends_on:
- my_table
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/www/:/var/www/certbot/:rw
volumes:
my_table_postgres_db:
redis_data:
And the default.conf:
server {
listen 80;
listen [::]:80;
server_name api.my-table.it www.api.my-table.it;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://api.my-table.it$request_uri;
}
}
server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;
server_name api.my-table.it;
ssl_certificate /etc/nginx/ssl/live/api.my-table.it/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/api.my-table.it/privkey.pem;
location / {
# ...
}
}
Please help me.
英文:
I have a pretty simple project, with a backend in Django and a frontend in React. The front end is hosted on Netlify with a custom-bought domain and has an HTTPS security layer. The Django app is hosted on a DIgitalOcean Droplet and uses docker-compose. Initially, it used to use HTTP, but there were problems with the browser that did not allow that.
So, I am trying to put HTTPS also in the backend. I am trying to add nginx as a proxy to my docker-compose, and that looks fine, the problem seems to be that I cannot use the same domain to use let's encrypt to secure my connection.
I mean, let's say my domain is exaple.com, I try to use api.exaple.com, as suggested in other StackOverflow questions, but this seems not to be working. I tried to add the domain to digital ocean, and modify the settings on GoDaddy DNS (but it keeps not allowing them ).
For reference, here is the docker-compose file:
version: "3.9"
services:
db:
...
redis:
...
my_table:
container_name: my_table
build: .
command: ["python", "-m", "gunicorn", "--bind", "0.0.0.0:5000", "-c", "gunicorn.conf.py", "mytable.wsgi"]
volumes:
- .:/api
ports:
- "5000:5000"
depends_on:
- db
- redis
celery:
...
nginx:
build: ./nginx
ports:
- 80:80
- 443:443
restart: always
volumes:
- ./nginx/conf/:/etc/nginx/conf.d/:ro
- ./certbot/www:/var/www/certbot/:ro
depends_on:
- my_table
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/www/:/var/www/certbot/:rw
volumes:
my_table_postgres_db:
redis_data:
And the default.conf:
listen 80;
listen [::]:80;
server_name api.my-table.it www.api.my-table.it;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://api.my-table.it$request_uri;
}
}
server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;
server_name api.my-table.it;
ssl_certificate /etc/nginx/ssl/live/api.my-table.it/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/api.my-table.it/privkey.pem;
location / {
# ...
}
}
Please help me
答案1
得分: 1
你可以按照我的步骤自动更新CA密钥(Https)
## 步骤1:配置你的nginx.conf文件,填入你的电子邮件和域名,然后运行以下命令
docker run -itd --name test --network=host \
-v "${PWD}"/nginx.conf:/etc/nginx/conf.d/nginx.conf \
-v "${PWD}"/nginx.sh:/etc/nginx/nginx.sh -v "${PWD}"/cronjob:/etc/cron.d/cronjob \
-v "${PWD}"/:/etc/letsencrypt/ \
williehao:nginx-cert:V20.04
## 步骤2:从你的主机上获取CA密钥
ls ***(你的域名)
## 如果你没有看到CA密钥,请使用以下命令查找CA密钥的位置
sudo find / -name fullchain.pem
## 步骤3:将CA密钥合并到另一个容器(例如Ant-Media-Server)中,该容器希望使用CA密钥:
Docker run -v "${PWD}"/:/etc/letsencrypt/ ***
PS:更多详细信息参考
英文:
you can follow my step to automatically update CA key(Https)
## Step:1. Config your nginx.conf with your Email and Domain name and then Running 'docker run"
docker run -itd --name test --network=host \
-v "${PWD}"/nginx.conf:/etc/nginx/conf.d/nginx.conf \
-v "${PWD}"/nginx.sh:/etc/nginx/nginx.sh -v "${PWD}"/cronjob:/etc/cron.d/cronjob \
-v"${PWD}"/:/etc/letsencrypt/ \
williehao:nginx-cert:V20.04
## Step:2. Get a CA Key from your host's direction
ls *** (your domain name)
## if you didn't see CA key please use "find" command line to find CA key location
sudo find / -name fullchain.pem
## Step3: Combine CA key to another container(APP) which wants to use CA Key: (For example Ant-Media-Server)
Docker run -v "${PWD}"/:/etc/letsencrypt/ ***
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论