{"id":377,"date":"2018-12-20T14:37:41","date_gmt":"2018-12-20T11:37:41","guid":{"rendered":"https:\/\/artem.services\/?p=377"},"modified":"2021-08-20T09:40:37","modified_gmt":"2021-08-20T06:40:37","slug":"docker-nginx-with-ssl","status":"publish","type":"post","link":"https:\/\/artem.services\/?p=377","title":{"rendered":"Docker &#8212; Nginx with SSL"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"alignnone size-full wp-image-27\" src=\"https:\/\/artem.services\/wp-content\/uploads\/2018\/10\/Docker-Logo.png\" alt=\"\" width=\"1800\" height=\"531\" srcset=\"https:\/\/artem.services\/wp-content\/uploads\/2018\/10\/Docker-Logo.png 1800w, https:\/\/artem.services\/wp-content\/uploads\/2018\/10\/Docker-Logo-300x89.png 300w, https:\/\/artem.services\/wp-content\/uploads\/2018\/10\/Docker-Logo-768x227.png 768w, https:\/\/artem.services\/wp-content\/uploads\/2018\/10\/Docker-Logo-1024x302.png 1024w, https:\/\/artem.services\/wp-content\/uploads\/2018\/10\/Docker-Logo-954x281.png 954w, https:\/\/artem.services\/wp-content\/uploads\/2018\/10\/Docker-Logo-1354x399.png 1354w\" sizes=\"(max-width: 1800px) 100vw, 1800px\" \/><\/p>\n<p><strong>\u0417\u0430\u0434\u0430\u0447\u0430<\/strong>: \u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438 <strong>SSL<\/strong> \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0434\u043b\u044f <strong>Nginx<\/strong>&#39;a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0436\u0438\u0432\u0435\u0442 \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435, \u043e\u0442 <strong>Let&#8217;s Encrypt<\/strong> \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0435\u0433\u043e \u043f\u0440\u043e\u0434\u043b\u0435\u0432\u0430\u0442\u044c<\/p>\n<p><strong>Nginx<\/strong> \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043f\u043e\u043a\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u0435 <strong>80<\/strong>-\u0433\u043e \u043f\u043e\u0440\u0442\u0430. \u0412 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u043f\u0440\u0438\u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044f \u0441 \u0445\u043e\u0441\u0442 \u043c\u0430\u0448\u0438\u043d\u044b, \u0434\u043b\u044f \u0432\u0435\u0440\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u0438 \u044d\u0442\u043e\u0442 \u043f\u0443\u0442\u044c \u043e\u043f\u0438\u0441\u0430\u043d \u0432 \u043b\u043e\u043a\u0435\u0439\u0448\u0435\u043d\u0435. \u0412 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f <strong>Docker-Compose<\/strong>, \u043d\u043e \u043e\u043d \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c.<\/p>\n<h3>app.conf<\/h3>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nserver {\r\n    listen 80;\r\n    server_name artem.services;\r\n\r\n    location ^~ \/.well-known\/acme-challenge\/ {\r\n        default_type &quot;text\/plain&quot;;\r\n        root \/var\/www\/certbot;\r\n    }\r\n}\r\n<\/pre>\n<h3>docker-compose.yaml<\/h3>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nversion: '3.1'\r\n\r\nservices:\r\n\r\n  backend:\r\n    image: nginx\/nginx:latest\r\n    ports:\r\n      - 80:80\r\n    volumes:\r\n      - .\/data\/nginx\/app.conf:\/etc\/nginx\/conf.d\/default.conf\r\n      - .\/data\/nginx\/nginx.conf:\/etc\/nginx\/nginx.conf\r\n      - \/var\/www\/certbot:\/var\/www\/certbot\r\n<\/pre>\n<p><!--more--><\/p>\n<p>\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\ncertbot certonly --webroot -w \/var\/www\/certbot\/ -d artem.services\r\n<\/pre>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f, \u043c\u043e\u043d\u0442\u0438\u0440\u0443\u0435\u043c \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c <strong>SSL<\/strong> \u043e\u043f\u0446\u0438\u0438 \u0432 <strong>Nginx<\/strong><\/p>\n<h3>docker-compose.yaml<\/h3>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nversion: '3.1'\r\n\r\nservices:\r\n\r\n  backend:\r\n    image: nginx\/nginx:latest\r\n    ports:\r\n      - 80:80\r\n      - 443:443\r\n    volumes:\r\n      - .\/data\/nginx\/app.conf:\/etc\/nginx\/conf.d\/default.conf\r\n      - .\/data\/nginx\/nginx.conf:\/etc\/nginx\/nginx.conf\r\n      - \/var\/www\/certbot:\/var\/www\/certbot\r\n      - \/etc\/letsencrypt:\/etc\/nginx\/letsencrypt\r\n<\/pre>\n<h3>app.conf<\/h3>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nserver {\r\n    listen 80;\r\n    server_name artem.services;\r\n\r\n    location \/ {\r\n        return 301 https:\/\/$host$request_uri;\r\n    }\r\n}\r\n\r\nserver {\r\n    listen 443 ssl;\r\n    server_name artem.services;\r\n\r\n    location \/ {\r\n        proxy_pass http:\/\/127.0.0.1:3000;\r\n        proxy_redirect off;\r\n        proxy_set_header X-Real-IP  $remote_addr;\r\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n        proxy_set_header Host $http_host;\r\n        proxy_set_header X-NginX-Proxy true;\r\n    }\r\n\r\n    location ^~ \/.well-known\/acme-challenge\/ {\r\n        default_type &quot;text\/plain&quot;;\r\n        root \/var\/www\/certbot;\r\n    }\r\n\r\n    ssl_certificate \/etc\/nginx\/letsencrypt\/live\/artem.services\/fullchain.pem;\r\n    ssl_certificate_key \/etc\/nginx\/letsencrypt\/live\/artem.services\/privkey.pem;\r\n\r\n}\r\n<\/pre>\n<p>\u041e\u0441\u0442\u0430\u043b\u043e\u0441\u044c \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0432 \u043a\u0440\u043e\u043d \u0437\u0430\u0434\u0430\u0447\u0443 \u043d\u0430 \u0445\u043e\u0441\u0442 \u043c\u0430\u0448\u0438\u043d\u0443, \u043d\u0430 \u043f\u0440\u043e\u0434\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0438 \u043f\u0435\u0440\u0435\u0447\u0438\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 <strong>Nginx<\/strong>&#39;\u0430. \u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0431\u0443\u0434\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0435\u0433\u043e \u0440\u0430\u0437 \u0432 \u043d\u0435\u0434\u0435\u043b\u044e \u043d\u043e\u0447\u044c\u044e:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\ncrontab -e\r\n<\/pre>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n30 2 * * 1 \/usr\/bin\/certbot renew --webroot -w \/var\/www\/certbot\/\r\n35 2 * * 1 docker exec -it $(docker ps | grep 'nginx' | awk '{print $1}') \/bin\/bash -l -c &quot;\/etc\/init.d\/nginx reload&quot;\r\n<\/pre>\n<blockquote><p>&quot;<strong>grep &#39;nginx&#39;<\/strong>&quot; &#8212; \u0438\u043c\u044f \u043c\u043e\u0435\u0433\u043e \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 &quot;<strong>nginx<\/strong>&quot;, \u043d\u0435 \u0437\u0430\u0431\u0443\u0434\u044c\u0442\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u043d\u0443\u0436\u043d\u043e\u0435 \u0438\u043c\u044f.<\/p><\/blockquote>\n<p>\u0422\u0430\u043a \u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u043b\u044f <strong>Certbot<\/strong>&#39;a &quot;<strong>options-ssl-nginx.conf<\/strong>&quot; \u0438 &quot;<strong>ssl-dhparams.pem<\/strong>&quot;<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\ncd \/etc\/letsencrypt\/\r\ncurl -s https:\/\/raw.githubusercontent.com\/certbot\/certbot\/master\/certbot-nginx\/certbot_nginx\/options-ssl-nginx.conf &amp;gt; options-ssl-nginx.conf&quot;\r\ncurl -s https:\/\/raw.githubusercontent.com\/certbot\/certbot\/master\/certbot\/ssl-dhparams.pem &amp;gt; ssl-dhparams.pem&quot;\r\n<\/pre>\n<p>\u0418 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 <strong>Nginx<\/strong>&#39;a:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n    include \/etc\/nginx\/letsencrypt\/options-ssl-nginx.conf;\r\n    ssl_dhparam \/etc\/nginx\/letsencrypt\/ssl-dhparams.pem;\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u0417\u0430\u0434\u0430\u0447\u0430: \u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438 SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0434\u043b\u044f Nginx&#39;a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0436\u0438\u0432\u0435\u0442 \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435, \u043e\u0442 Let&#8217;s Encrypt \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0435\u0433\u043e \u043f\u0440\u043e\u0434\u043b\u0435\u0432\u0430\u0442\u044c Nginx \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043f\u043e\u043a\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u0435 80-\u0433\u043e \u043f\u043e\u0440\u0442\u0430. \u0412 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u043f\u0440\u0438\u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044f \u0441 \u0445\u043e\u0441\u0442 \u043c\u0430\u0448\u0438\u043d\u044b, \u0434\u043b\u044f \u0432\u0435\u0440\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432, \u0438 \u044d\u0442\u043e\u0442 \u043f\u0443\u0442\u044c \u043e\u043f\u0438\u0441\u0430\u043d \u0432 \u043b\u043e\u043a\u0435\u0439\u0448\u0435\u043d\u0435. \u0412 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f Docker-Compose, \u043d\u043e \u043e\u043d \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c. app.conf docker-compose.yaml<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[97,4,84,10,86],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/377"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=377"}],"version-history":[{"count":14,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/377\/revisions"}],"predecessor-version":[{"id":2186,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/377\/revisions\/2186"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}