docker的WordPress启用https

Terwer 技术分享评论207字数 3550阅读11分50秒阅读模式

docker 的 http 部署配置

  • 集成 MySQL 的版本
    version: '3.3'
    services:
     db:
       image: mysql:5.7.38
       volumes:
        - ./data:/var/lib/mysql
       ports:
        - "3307:3306"
       restart: "no"
       environment:
         MYSQL_ROOT_PASSWORD: wordpress
         MYSQL_DATABASE: wordpress
         MYSQL_USER: wordpress
         MYSQL_PASSWORD: wordpress
    
     wordpress:
       depends_on:
         - db
       image: wordpress:6.0.2
       ports:
         - "8000:80"
       restart: "no"
       environment:
         WORDPRESS_DB_HOST: "db:3306"
         WORDPRESS_DB_USER: "wordpress"
         WORDPRESS_DB_PASSWORD: "wordpress"
         WORDPRESS_DEBUG: 1
       volumes:
        - ./wordpress:/var/www/html
        - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
    
  • 使用 rds 版本的 mysql
    version: '3.3'
    services:
     wordpress:
       image: wordpress:6.0.2
       ports:
         - "80:80"
       restart: "no"
       environment:
         WORDPRESS_DB_HOST: "${MYSQL_HOST}:${MYSQL_PORT}"
         WORDPRESS_DB_NAME: "${MYSQL_DB_NAME}"
         WORDPRESS_DB_USER: "${MYSQL_USERNAME}"
         WORDPRESS_DB_PASSWORD: "${MYSQL_PASSWORD}"
         # WORDPRESS_DEBUG: 1
       volumes:
        - ./wordpress:/var/www/html
        - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
    

启用 https

先增加端口和 ssl 证书映射文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

version: '3.3'
services:
   wordpress:
     image: wordpress:6.0.2
     ports:
       - "80:80"
       - "443:443"
     restart: "no"
     environment:
       WORDPRESS_DB_HOST: "${MYSQL_HOST}:${MYSQL_PORT}"
       WORDPRESS_DB_NAME: "${MYSQL_DB_NAME}"
       WORDPRESS_DB_USER: "${MYSQL_USERNAME}"
       WORDPRESS_DB_PASSWORD: "${MYSQL_PASSWORD}"
       # WORDPRESS_DEBUG: 1
     volumes:
      - ./wordpress:/var/www/html
      - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
      - ./ssl:/ssl

进入 wordpress 容器,加载 apache 的 ssl 模块。文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

[root@instance]# docker exec -it wordpress bash
root@0f05292f2238:/var/www/html# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart

编辑容器中的 ssl 文件

root@0f05292f2238:/var/www/html# vim /etc/apache2/sites-available/default-ssl.conf

容器中没有 vim,我们先把文件拷贝出来,然后在映射进去文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

root@0f05292f2238:/var/www/html# cp /etc/apache2/sites-available/default-ssl.conf /ssl/default-ssl.conf

ssl 证书和私钥文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

找到 SSLCertificateFile 和 SSLCertificateKeyFile 这两个配置项,改成把私钥和证书文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

#   A self-signed (snakeoil) certificate can be created by installing
#   the ssl-cert package. See
#   /usr/share/doc/apache2/README.Debian.gz for more info.
#   If both key and certificate are stored in the same file, only the
#   SSLCertificateFile directive is needed.
# SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile  /ssl/certs/blog.terwergreen.com.pem
SSLCertificateKeyFile /ssl/certs/blog.terwergreen.com.key

强制 http 请求转到 https

编辑 /etc/apache2/sites-available/000-default.conf ,找到 标签中增加下面的配置:文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

<Directory "/var/www/html"> 
    RewriteEngine   on
    RewriteBase /
    # FORCE HTTPS
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</Directory>

这里要注意修改文件的位置文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

docker的WordPress启用https文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

踩坑

如果发现没有生效看这里文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

1、重建容器需要重新启用 ssl文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

a2enmod ssl

2、从 apache 的配置文件 apache2.conf 可以看到,apache 只会读取 /etc/apache2/sites-enabled 目录的配置文件,所以需要把 /etc/apache2/sites-available 下的 default-ssl.conf 文件链接到 /etc/apache2/sites-enabled 目录下。文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html

ln -s /etc/apache2/sites-available/default-ssl.conf \
/etc/apache2/sites-enabled/default-ssl.conf

最终完整版的配置

version: '3.3'
services:
   wordpress:
     image: wordpress:6.0.2
     ports:
       - "80:80"
       - "443:443"
     restart: "no"
     environment:
       WORDPRESS_DB_HOST: "${MYSQL_HOST}:${MYSQL_PORT}"
       WORDPRESS_DB_NAME: "${MYSQL_DB_NAME}"
       WORDPRESS_DB_USER: "${MYSQL_USERNAME}"
       WORDPRESS_DB_PASSWORD: "${MYSQL_PASSWORD}"
       # WORDPRESS_DEBUG: 1
     volumes:
      - ./wordpress:/var/www/html
      - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
      - ./ssl:/ssl
      - ./ssl-conf/default-ssl.conf:/etc/apache2/sites-available/default-ssl.conf
      - ./ssl-conf/000-default.conf:/etc/apache2/sites-available/000-default.conf
文章源自浅海拾贝-https://blog.terwergreen.com/docker-s-wordpress-enables-https-jv469.html
相关文章
  • 扫码加我微信
  • 验证消息请输入:来自你的博客
  • weinxin
  • 我的微信公众号
  • 微信扫一扫与我交流吧
  • weinxin
Terwer
匿名

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: