前端和后端使用HTTPS和一个IP的Nginx。

huangapple go评论67阅读模式
英文:

Frontend and Backend with HTTPS and one IP nginx

问题

I have a pretty simple project, with a backend in Django and a frontend in React. The front end is hosted on Netlify with a custom-bought domain and has an HTTPS security layer. The Django app is hosted on a DIgitalOcean Droplet and uses docker-compose. Initially, it used to use HTTP, but there were problems with the browser that did not allow that.

So, I am trying to put HTTPS also in the backend. I am trying to add nginx as a proxy to my docker-compose, and that looks fine, the problem seems to be that I cannot use the same domain to use let's encrypt to secure my connection.

I mean, let's say my domain is exaple.com, I try to use api.exaple.com, as suggested in other StackOverflow questions, but this seems not to be working. I tried to add the domain to digital ocean, and modify the settings on GoDaddy DNS (but it keeps not allowing them ).

For reference, here is the docker-compose file:

version: "3.9"

services:
  db: 
    ...

  redis: 
    ...

  my_table:
    container_name: my_table
    build: .
    command: ["python", "-m", "gunicorn", "--bind", "0.0.0.0:5000", "-c", "gunicorn.conf.py", "mytable.wsgi"]
    volumes:
      - .:/api
    ports:
      - "5000:5000"
    depends_on:
      - db
      - redis

  celery:
    ...

  nginx: 
    build: ./nginx
    ports: 
      - 80:80
      - 443:443
    restart: always
    volumes:
      - ./nginx/conf/:/etc/nginx/conf.d/:ro
      - ./certbot/www:/var/www/certbot/:ro
    depends_on:
      - my_table

  certbot:
    image: certbot/certbot:latest
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw

volumes:
  my_table_postgres_db:
  redis_data:

And the default.conf:

server {
    listen 80;
    listen [::]:80;

    server_name api.my-table.it www.api.my-table.it;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://api.my-table.it$request_uri;
    }
}

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;

    server_name api.my-table.it;

    ssl_certificate /etc/nginx/ssl/live/api.my-table.it/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/api.my-table.it/privkey.pem;
    
    location / {
        # ...
    }
}

Please help me.

英文:

I have a pretty simple project, with a backend in Django and a frontend in React. The front end is hosted on Netlify with a custom-bought domain and has an HTTPS security layer. The Django app is hosted on a DIgitalOcean Droplet and uses docker-compose. Initially, it used to use HTTP, but there were problems with the browser that did not allow that.

So, I am trying to put HTTPS also in the backend. I am trying to add nginx as a proxy to my docker-compose, and that looks fine, the problem seems to be that I cannot use the same domain to use let's encrypt to secure my connection.

I mean, let's say my domain is exaple.com, I try to use api.exaple.com, as suggested in other StackOverflow questions, but this seems not to be working. I tried to add the domain to digital ocean, and modify the settings on GoDaddy DNS (but it keeps not allowing them ).

For reference, here is the docker-compose file:

version: "3.9"

services:
  db: 
    ...

  redis: 
    ...

  my_table:
    container_name: my_table
    build: .
    command: ["python", "-m", "gunicorn", "--bind", "0.0.0.0:5000", "-c", "gunicorn.conf.py", "mytable.wsgi"]
    volumes:
      - .:/api
    ports:
      - "5000:5000"
    depends_on:
      - db
      - redis

  celery:
    ...

  nginx: 
    build: ./nginx
    ports: 
      - 80:80
      - 443:443
    restart: always
    volumes:
      - ./nginx/conf/:/etc/nginx/conf.d/:ro
      - ./certbot/www:/var/www/certbot/:ro
    depends_on:
      - my_table

  certbot:
    image: certbot/certbot:latest
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw

volumes:
  my_table_postgres_db:
  redis_data:

And the default.conf:

    listen 80;
    listen [::]:80;

    server_name api.my-table.it www.api.my-table.it;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://api.my-table.it$request_uri;
    }
}

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;

    server_name api.my-table.it;

    ssl_certificate /etc/nginx/ssl/live/api.my-table.it/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/api.my-table.it/privkey.pem;
    
    location / {
    	# ...
    }
}

Please help me

答案1

得分: 1

你可以按照我的步骤自动更新CA密钥(Https)

## 步骤1:配置你的nginx.conf文件,填入你的电子邮件和域名,然后运行以下命令
docker run -itd --name test --network=host \
-v "${PWD}"/nginx.conf:/etc/nginx/conf.d/nginx.conf \
-v "${PWD}"/nginx.sh:/etc/nginx/nginx.sh -v "${PWD}"/cronjob:/etc/cron.d/cronjob \
-v "${PWD}"/:/etc/letsencrypt/ \
williehao:nginx-cert:V20.04

## 步骤2:从你的主机上获取CA密钥
ls ***(你的域名)

## 如果你没有看到CA密钥,请使用以下命令查找CA密钥的位置
sudo find / -name fullchain.pem

## 步骤3:将CA密钥合并到另一个容器(例如Ant-Media-Server)中,该容器希望使用CA密钥:
Docker run -v "${PWD}"/:/etc/letsencrypt/ ***

PS:更多详细信息参考

英文:

you can follow my step to automatically update CA key(Https)

## Step:1. Config your nginx.conf with your Email and Domain name and then Running 'docker run"
docker run -itd --name test  --network=host  \
-v "${PWD}"/nginx.conf:/etc/nginx/conf.d/nginx.conf \
-v "${PWD}"/nginx.sh:/etc/nginx/nginx.sh -v "${PWD}"/cronjob:/etc/cron.d/cronjob \
-v"${PWD}"/:/etc/letsencrypt/ \
williehao:nginx-cert:V20.04

## Step:2. Get a CA Key from your host's direction
ls *** (your domain name)

## if you didn't see CA key please use "find" command line to find CA key location
sudo find / -name fullchain.pem 

## Step3: Combine CA key to another container(APP) which wants to use CA Key: (For example Ant-Media-Server)
Docker run  -v "${PWD}"/:/etc/letsencrypt/  *** 

PS: More detail reference

huangapple
  • 本文由 发表于 2023年2月27日 18:28:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/75579286.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定