英文:
Frontend and Backend with HTTPS and one IP nginx
问题
I have a pretty simple project, with a backend in Django and a frontend in React. The front end is hosted on Netlify with a custom-bought domain and has an HTTPS security layer. The Django app is hosted on a DIgitalOcean Droplet and uses docker-compose. Initially, it used to use HTTP, but there were problems with the browser that did not allow that.
So, I am trying to put HTTPS also in the backend. I am trying to add nginx as a proxy to my docker-compose, and that looks fine, the problem seems to be that I cannot use the same domain to use let's encrypt to secure my connection.
I mean, let's say my domain is exaple.com, I try to use api.exaple.com, as suggested in other StackOverflow questions, but this seems not to be working. I tried to add the domain to digital ocean, and modify the settings on GoDaddy DNS (but it keeps not allowing them ).
For reference, here is the docker-compose file:
version: "3.9"services:db:...redis:...my_table:container_name: my_tablebuild: .command: ["python", "-m", "gunicorn", "--bind", "0.0.0.0:5000", "-c", "gunicorn.conf.py", "mytable.wsgi"]volumes:- .:/apiports:- "5000:5000"depends_on:- db- rediscelery:...nginx:build: ./nginxports:- 80:80- 443:443restart: alwaysvolumes:- ./nginx/conf/:/etc/nginx/conf.d/:ro- ./certbot/www:/var/www/certbot/:rodepends_on:- my_tablecertbot:image: certbot/certbot:latestvolumes:- ./certbot/www/:/var/www/certbot/:rwvolumes:my_table_postgres_db:redis_data:
And the default.conf:
server {listen 80;listen [::]:80;server_name api.my-table.it www.api.my-table.it;server_tokens off;location /.well-known/acme-challenge/ {root /var/www/certbot;}location / {return 301 https://api.my-table.it$request_uri;}}server {listen 443 default_server ssl http2;listen [::]:443 ssl http2;server_name api.my-table.it;ssl_certificate /etc/nginx/ssl/live/api.my-table.it/fullchain.pem;ssl_certificate_key /etc/nginx/ssl/live/api.my-table.it/privkey.pem;location / {# ...}}
Please help me.
英文:
I have a pretty simple project, with a backend in Django and a frontend in React. The front end is hosted on Netlify with a custom-bought domain and has an HTTPS security layer. The Django app is hosted on a DIgitalOcean Droplet and uses docker-compose. Initially, it used to use HTTP, but there were problems with the browser that did not allow that.
So, I am trying to put HTTPS also in the backend. I am trying to add nginx as a proxy to my docker-compose, and that looks fine, the problem seems to be that I cannot use the same domain to use let's encrypt to secure my connection.
I mean, let's say my domain is exaple.com, I try to use api.exaple.com, as suggested in other StackOverflow questions, but this seems not to be working. I tried to add the domain to digital ocean, and modify the settings on GoDaddy DNS (but it keeps not allowing them ).
For reference, here is the docker-compose file:
version: "3.9"services:db:...redis:...my_table:container_name: my_tablebuild: .command: ["python", "-m", "gunicorn", "--bind", "0.0.0.0:5000", "-c", "gunicorn.conf.py", "mytable.wsgi"]volumes:- .:/apiports:- "5000:5000"depends_on:- db- rediscelery:...nginx:build: ./nginxports:- 80:80- 443:443restart: alwaysvolumes:- ./nginx/conf/:/etc/nginx/conf.d/:ro- ./certbot/www:/var/www/certbot/:rodepends_on:- my_tablecertbot:image: certbot/certbot:latestvolumes:- ./certbot/www/:/var/www/certbot/:rwvolumes:my_table_postgres_db:redis_data:
And the default.conf:
listen 80;listen [::]:80;server_name api.my-table.it www.api.my-table.it;server_tokens off;location /.well-known/acme-challenge/ {root /var/www/certbot;}location / {return 301 https://api.my-table.it$request_uri;}}server {listen 443 default_server ssl http2;listen [::]:443 ssl http2;server_name api.my-table.it;ssl_certificate /etc/nginx/ssl/live/api.my-table.it/fullchain.pem;ssl_certificate_key /etc/nginx/ssl/live/api.my-table.it/privkey.pem;location / {# ...}}
Please help me
答案1
得分: 1
你可以按照我的步骤自动更新CA密钥(Https)
## 步骤1:配置你的nginx.conf文件,填入你的电子邮件和域名,然后运行以下命令docker run -itd --name test --network=host \-v "${PWD}"/nginx.conf:/etc/nginx/conf.d/nginx.conf \-v "${PWD}"/nginx.sh:/etc/nginx/nginx.sh -v "${PWD}"/cronjob:/etc/cron.d/cronjob \-v "${PWD}"/:/etc/letsencrypt/ \williehao:nginx-cert:V20.04## 步骤2:从你的主机上获取CA密钥ls ***(你的域名)## 如果你没有看到CA密钥,请使用以下命令查找CA密钥的位置sudo find / -name fullchain.pem## 步骤3:将CA密钥合并到另一个容器(例如Ant-Media-Server)中,该容器希望使用CA密钥:Docker run -v "${PWD}"/:/etc/letsencrypt/ ***
PS:更多详细信息参考
英文:
you can follow my step to automatically update CA key(Https)
## Step:1. Config your nginx.conf with your Email and Domain name and then Running 'docker run"docker run -itd --name test --network=host \-v "${PWD}"/nginx.conf:/etc/nginx/conf.d/nginx.conf \-v "${PWD}"/nginx.sh:/etc/nginx/nginx.sh -v "${PWD}"/cronjob:/etc/cron.d/cronjob \-v"${PWD}"/:/etc/letsencrypt/ \williehao:nginx-cert:V20.04## Step:2. Get a CA Key from your host's directionls *** (your domain name)## if you didn't see CA key please use "find" command line to find CA key locationsudo find / -name fullchain.pem## Step3: Combine CA key to another container(APP) which wants to use CA Key: (For example Ant-Media-Server)Docker run -v "${PWD}"/:/etc/letsencrypt/ ***
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论