在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:SteveLTN/https-portal开源软件地址:https://github.com/SteveLTN/https-portal开源编程语言:Ruby 70.6%开源软件介绍:HTTPS-PORTALHTTPS-PORTAL is a fully automated HTTPS server powered by Nginx, Let's Encrypt and Docker. By using it, you can run any existing web application over HTTPS, with only one extra line of configuration. The SSL certificates are obtained, and renewed from Let's Encrypt automatically. Docker Hub page: https://hub.docker.com/r/steveltn/https-portal/ Table of Contents
PrerequisiteHTTPS-PORTAL is shipped as a Docker image. To use it, you need a Linux machine (either local or remote host) which:
Though it is good to have, knowledge about Docker is not required to use HTTPS-PORTAL. See It WorkCreate a version: '3'
services:
https-portal:
image: steveltn/https-portal:1
ports:
- '80:80'
- '443:443'
environment:
DOMAINS: 'example.com'
# STAGE: 'production' # Don't use production until staging works
volumes:
- https-portal-data:/var/lib/https-portal
volumes:
https-portal-data: # Recommended, to avoid re-signing when upgrading HTTPS-PORTAL Run the Quick StartHere is a more real-world example: Create the file version: '3'
https-portal:
image: steveltn/https-portal:1
ports:
- '80:80'
- '443:443'
links:
- wordpress
restart: always
environment:
DOMAINS: 'wordpress.example.com -> http://wordpress:80'
# STAGE: 'production' # Don't use production until staging works
# FORCE_RENEW: 'true'
volumes:
- https-portal-data:/var/lib/https-portal
wordpress:
image: wordpress
links:
- db:mysql
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: '<a secure password>'
volumes:
https-portal-data: Run the In the example above, only the environment variables under the Note:
FeaturesTest LocallyYou can test HTTPS-PORTAL with your application stack locally. https-portal:
# ...
environment:
STAGE: local
DOMAINS: 'example.com' By doing this, HTTPS-PORTAL will create a self-signed certificate. This certificate is not likely to be trusted by your browser, but you can use it to test your docker-compose file. Make sure it works with your application stack. Note that HTTPS-PORTAL only listens to
or
Once you are done testing, you can deploy your application stack to the server. RedirectionsHTTPS-PORTAL support quick setup for redirections. https-portal:
# ...
environment:
DOMAINS: 'example.com => https://target.example.com' # Notice it's "=>" instead of the normal "->" All paths will be redirected to the target. E.g. If you want a permanent redirection, set the environment variable A common use case is to redirect https-portal:
# ...
environment:
DOMAINS: 'www.example.com => https://example.com' # Notice it's "=>" instead of the normal "->" Automatic Container DiscoveryWARNING: WE STRONGLY RECOMMEND AGAINST USING THIS FEATURE UNLESS ABSOLUTELY NECESSARY as exposing Docker socket to a container (even with HTTPS-PORTAL is capable of discovering other Docker containers running on the same host, as long as the Docker API socket is accessible within the container. In order to make it so, launch HTTPS-PORTAL using the following version: '2'
services:
https-portal:
# ...
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # DANGEROUS, see the warning above and launch one or more web applications with: version: '2'
services:
a-web-application:
# ...
environment:
# tell HTTPS-PORTAL to set up "example.com"
VIRTUAL_HOST: example.com Caveat: Your web application must be created in the same network as HTTPS-PORTAL. Note that here is no need to link your web service to HTTPS-PORTAL, and you shouldn't put This feature allows you to deploy multiple web applications on the same host without restarting HTTPS-PORTAL itself or interrupting any other application while adding/removing web applications. If your web service has more than one port exposed (mind that ports can be exposed in your web service Dockerfile),
use the environment variable a-multi-port-web-application:
# ...
expose:
- '80'
- '8080'
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PORT: '8080' Of course container discovery works in combination with ENV specified domains: https-portal:
# ...
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # DANGEROUS, see the warning above
environment:
DOMAINS: 'example.com -> http://upstream' Hybrid Setup with Non-Dockerized AppsWeb applications that run directly on the host machine instead of in Docker
containers are available at For instance, if an application accepts HTTP requests on port 8080 of the host machine, you can start HTTPS-PORTAL by: https-portal:
# ...
environment:
DOMAINS: 'example.com -> http://host.docker.internal:8080' Firewall settingsIf you use a firewall like ufw, you
might need to allow communication from the container to your docker host machine.
You can check if ufw is active by executing If the command returns
Multiple DomainsYou can specify multiple domains by splitting them with commas: https-portal:
# ...
environment:
DOMAINS: 'wordpress.example.com -> http://wordpress:80, gitlab.example.com -> http://gitlab' You can also specify the stage ( DOMAINS: 'wordpress.example.com -> http://wordpress #local, gitlab.example.com #staging' Multiple UpstreamsIt's possible to define multiple upstreams for a domain for the purpose of load-balancing and/or HA. Just add additional upstreams separated by a pipe separator. Each upstream can have custom parameters. https-portal:
# ...
environment:
DOMAINS: 'wordpress.example.com -> http://wordpress1:80|wordpress2:80[weight=2 max_conns=100] See Nginx Upstream-Module for possible parameters. Serving Static SitesInstead of forwarding requests to web applications, HTTPS-PORTAL can also serve (multiple) static sites directly: https-portal:
# ...
environment:
DOMAINS: 'hexo.example.com, octopress.example.com'
volumes:
- https-portal-data:/var/lib/https-portal
- /data/https-portal/vhosts:/var/www/vhosts After HTTPS-PORTAL is started, it will create corresponding sub-directories for
each virtual host in the /data/https-portal/vhosts
├── hexo.example.com
│ └── index.html
└── octopress.example.com
└── index.html You can place your own static files in this directory hierarchy, they will not
be overwritten. You need an Share Certificates with Other AppsYou can mount an arbitrary host directory to For instance: https-portal:
# ...
volumes:
- /data/ssl_certs:/var/lib/https-portal Now your certificates are available in HTTP Basic AuthYou can set up an HTTP Basic Auth easily. It is useful when you put the website online but don't want to open it to public until ready. In your docker-compose file: https-portal:
# ...
environment:
DOMAINS: 'username:[email protected] -> <upstream>' Access RestrictionNotice: Access Restriction might not work as intended with Docker for Mac and Docker for Windows. In those systems, Docker essentially runs in VMs, so the requesting IP would be the IP of the proxy service. You can enable IP access restrictions to protect your website. Specify global restrictions with the environment variable Example with global restriction: https-portal:
# ...
environment:
ACCESS_RESTRICTION: "1.2.3.4/24 4.3.2.1" Example with individual restrictions: https-portal:
# ...
environment:
DOMAINS: "[1.2.3.4/24] a.example.com -> <upstream> , [1.2.3.4/24 4.3.2.1] b.example.com" Example for auto discovery: https-portal:
# ...
my_app:
image: ...
environment:
VIRTUAL_HOST: "[1.2.3.4] example.com" For valid IP values see Nginx allow Logging configurationBy default no Nginx access logs are written, and error logs are written to stdout, which will be captured by Docker. There are few options to configure them:
DebuggingWith the environment variable
Other ConfigurationsBy default, HTTPS-PORTAL renews the certificate about 30 days before the expiry. You can customize it by:
Internationalized Domain Names (IDN)If you have non-ASCII characters in your domain, convert it to an ASCII-Compatible Encoding (ACE) form before using HTTPS-PORTAL. Advanced UsageConfigure Nginx through Environment VariablesIn case you need to change Nginx's default parameters,
there are several additional environment variables that you can use to config Nginx.
They correspond to the configuration options that you would normally put in
WebsocketYou can add
to make HTTPS-PORTAL proxy WEBSOCKET connections. DNS cachingTo avoid nginx DNS caching, activate dynamic upstream
HSTS HeaderYou can use the follow environment variable to set HSTS header. WARNING: Please test with a low value before you set it to a desired high max_age value. Once you send the header out, all visited clients would refuse to downgrade to HTTP. It would then be impossible to fallback your website to HTTP.
IPv6 connectivityNotice: IPv6 is only supported on Linux hosts. You can enable IPv6 connection using the following variable:
Other server block level configurationsYou can add additional environment:
...
CUSTOM_NGINX_SERVER_CONFIG_BLOCK: add_header Strict-Transport-Security "max-age=60" always; You can also make it multi-line: environment:
...
CUSTOM_NGINX_SERVER_CONFIG_BLOCK: |
add_header Strict-Transport-Security "max-age=60" always;
auth_basic "Password"; When using variables, you need to escape them with $: environment:
...
CUSTOM_NGINX_GLOBAL_HTTP_CONFIG_BLOCK: |
limit_req_zone $$binary_remote_addr zone=one:10m rate=1000r/m; The In addition to the global
The variables In the rare case that you want to change the handling of Change Configuration DynamicallyEnvironment variables may be dynamically overridden by modifying files
Override Nginx Configuration FilesYou can override default nginx settings by providing a config segment of
nginx.conf containing a valid You can either just override one single site's config or all sites' configs. Override just one single site's configIn this case, you provide For instance, to override both HTTPS and HTTP settings for https-portal:
# ...
volumes:
- https-portal-data:/var/lib/https-portal
- /path/to/http_config:/var/lib/nginx-conf/my.example.com.conf.erb:ro
- /path/to/https_config:/var/lib/nginx-conf/my.example.com.ssl.conf.erb:ro This file and this file are the default configuration files used by HTTPS-PORTAL. You can probably start by copying these files. You can either keep the variables or just hard-code the domain and upstream, etc. Another example can be found here. Override All sites' default configIf you want to make an Nginx configuration that will be used by all sites, you can overwrite |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论