我有一个docker-compose.yml,如下所示,在我的根目录下进行设置。就上下文而言,我在Digital Ocean Droplet上托管了一个Ghost CMS博客。我想使用Docker(开放源代码评论解决方案)安装Commento,但是当我通过Cloudflare DNS路由流量时,我在服务器端和前端端均require SSL。
但是,我通过Digital Ocean的一键式Ghost设置安装了Ghost,该设置将nginx配置为我的站点的反向代理。 Nginx不在容器中(安装在服务器上)。 Nginx监听端口80和443。当我尝试docker-compose up时,它显示以下错误:
Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use
Traefik无法在nginx上侦听相同的端口(该端口不在容器内,而是安装在服务器本身上)。如何解决此问题,并通过SSL反向代理我的Commento服务器?我的docker-compose如下:
version: '3.7'
services:
proxy:
restart: always
image: traefik
command:
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=/etc/traefik/acme/acme.json"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.onHostRule=true"
- "--acme.onDemand=false"
- "[email protected]" # TODO: Replace with your email address
- "--docker"
- "--docker.watch"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/acme:/etc/traefik/acme
networks:
- web
ports:
- "80:80"
- "443:443"
labels:
- "traefik.enable=false"
server:
image: registry.gitlab.com/commento/commento:latest
ports:
- 8080:8080
environment:
COMMENTO_ORIGIN: https://commento.example.com # TODO: Replace commento.example.com with your domami$ COMMENTO_PORT: 8080
COMMENTO_POSTGRES: postgres://postgres:passwordexample@db:5432/commento?s$
#COMMENTO_FORBID_NEW_OWNERS: true
#COMMENTO_SMTP_HOST: smtp.mailgun.org
#COMMENTO_SMTP_PORT: 587
#COMMENTO_SMTP_USERNAME: [email protected]
#COMMENTO_SMTP_PASSWORD: passwordsmtp
#COMMENTO_SMTP_FROM_ADDRESS: [email protected]
#COMMENTO_AKISMET_KEY:
#COMMENTO_GOOGLE_KEY:
#COMMENTO_GOOGLE_SECRET:
#COMMENTO_TWITTER_KEY:
#COMMENTO_TWITTER_SECRET:
depends_on:
- db
networks:
- db_network
- web
db:
image: postgres
environment:
POSTGRES_DB: commento
POSTGRES_USER: postgres
POSTGRES_PASSWORD: examplepassword #TODO: Replace STRONG_PASSWORD with th$ networks:
- db_network
volumes:
- postgres_data_volume:/var/lib/postgresql/data
volumes:
postgres_data_volume:
networks:
web:
external
db_network:
这是我的Nginx服务器配置在可用站点下:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
[抱歉,这是新事物。谢谢!
docker-compose.yml
...
ports:
- "80:80"
- "443:443"
...
nginx / conf
...
listen 443 ssl http2;
listen [::]:443 ssl http2;
...
Nginx使用了HOST端口443,因此您不能在docker-compose上重用它,您必须使用另一个免费的端口。