Shulou(Shulou.com)06/02 Report--

Background

A Tencent Linux CVM deploys a docker (called ServiceDocker, named sign, the same below) on the server. Ports 80,443,3306 are used inside the ServiceDocker, which are mapped to the same ports of the host (CVM) (i.e. 80,443,3306).

XAMPP is installed in ServiceDocker, and on this basis, the server that scans the code to check into Mini Program is deployed. Ports 80 and 443 of ServiceDocker provide http and https services respectively, and 3306 is the port for MySQL database.

ServiceDocker is bound to the domain name sign.famend.cn.

target

A ServiceDocker in the CVM occupies ports 80,443. If you want to deploy another server for external services in the host, you cannot use ports 80,443.

Our goal is to deploy multiple ServiceDocker in the host, and each ServiceDocker is bound to its own domain name to provide services to ensure the availability of ports 80 and 443.

Train of thought

Modify the port mapping of ServiceDocker to map ServiceDocker port 80,443 to the host port 89,449 respectively, so that the host port 80,443 is released.

The released ports 80 and 443 are used by Nginx. Install docker with Nginx (called NginxDocker and named mynginx, the same below). NginxDocker internally uses ports 80,443, which are mapped to ports 80 and 443 of the host, respectively.

NginxDocker is used as a reverse proxy. When there is an access request, after reading the Nginx configuration, different URL are directed to their corresponding Docker. For example, if you access http://sign.famend.cn:80, you will automatically map to http://sign.famend.cn:89.

Implementation steps

1. Modify the port mapping of ServiceDocker to release ports 80 and 443.

Docker does not provide commands to modify the port, from the Internet I found two ways.

Method 1: first stop the container, then package the container into an image, and then run the new image. Specify a new port when running a new mirror. The commands used are as follows:

# stop container docker stop containerA # turn container commit into a mirror docker commit containerA newImageB # run container docker run-p 8080 docker commit containerA newImageB 8080-p 8081 docker commit containerA newImageB 8081-v / home/data/:/home/data/-dt newImageB

Method 2: first stop the container, then stop the container service, then modify the container configuration file, and finally start the container service and start the container. The steps are as follows:

① stops ServiceDocker (the name of ServiceDocker is sign) and stops the docker service.

Sudo docker stop sign sudo service docker stop

② uses the docker ps-a command to find the CONTAINER ID for which you want to modify the container.

③ runs the docker inspect [CONTAINER ID] | grep Id command.

④ executes the cd / var/lib/docker/containers command to enter and find the same directory as Id.

If you prompt permission denied when executing the cd command, you can execute sudo-s first.

After entering the directory corresponding to id, open the file hostconfig.json.

Find the mapping for port 80, as follows:

"80/tcp": [{"HostIp": "0.0.0.0", "HostPort": "80"}] modify "HostPort": "80" to "HostPort": "89", as follows: "80/tcp": [{"HostIp": "0.0.0.0", "HostPort": "89"}]

Before modification, port 80 inside ServiceDocker is mapped to port 80 of the host; after modification, port 80 inside ServiceDocker is mapped to port 89 of the host.

To explain a little bit, some articles (2 and 3 in Resources) mentioned that config.v2.json still needs to be modified, but not for personal testing. This file is automatically modified when you start ServiceDocker.

⑤ starts the docker service, and then starts ServiceDocker (named sign).

Sudo service docker start sudo docker start sign

Both method (1) and method (2) are fine. I chose method (2).

After executing the method (2), open the browser to verify and prompt "the website cannot be accessed".

It is initially estimated that the server in docker is not started, run the command:

Sudo / opt/lampp/lampp stop sudo / opt/lampp/lampp start

When running stop, it was found that apache did not start, which may be due to the modification of port 80.

After executing the start, open a browser to verify http://sign.famend.cn:89 and https://sign.famend.cn:449, and access it successfully.

The method of modifying the Docker port is not complicated, and it will be much more convenient if future versions of docker can provide the corresponding commands.

By the way, run crontab-l to see if the scheduled task in ServiceDocker starts, and if not, run service cron start to start the scheduled task.

Next, configure the NginxDocker reverse proxy so that http://sign.famend.cn:80 and https://sign.famend.cn:443 can also be accessed successfully.

two。 Configure the NginxDocker reverse proxy.

① downloads nginx and runs it.

Docker container run\-d\-p 80:80\-p 443 docker container run\-rm\-- name mynginx\ nginx

The configuration file for the ② configuration nginx.

Mkdir nginx-files docker container cp mynginx:/etc/nginx. Mv nginx conf vi conf/nginx.conf

In nginx.conf, add the following reverse proxy information.

Server {listen 443 ssl; server_name sign.famend.cn; ssl_certificate / etc/nginx/ssl/sign.famend.cn/1_sign.famend.cn_bundle.crt; ssl_certificate_key / etc/nginx/ssl/sign.famend.cn/2_sign.famend.cn.key; location / {proxy_set_header HOST $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for Proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://sign.famend.cn:89/;}} server {listen 80; server_name famend.cn sign.famend.cn; location / {proxy_set_header HOST $host; proxy_set_header X-Real-IP $remote_addr:89; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme Proxy_pass http://sign.famend.cn:89/;}}

For port 443, ssl_certificate and ssl_certificate_key are required. The LetsEncrypt SSL certificate used by the certificate in ServiceDocker is updated every 90 days.

Source of SSL certificates: a way for them to share LetsEncrypt's SSL certificates. In addition, for domain names registered with Tencent, Tencent provides SSL certificates free of charge, valid for one year.

For simplicity, I used Tencent's SSL certificate directly. Of course, within a year, the certificate must be renewed before it expires.

③ stops mynginx and then restarts it.

Docker container run\-- name mynginx\-- volume "$PWD/conf": / etc/nginx\-p 80:80\-p 443\-d\ nginx

This time, remove the-- rm parameter so that the container is preserved when you stop running.

At this point, the configuration is complete.

Verification

Open separately in the browser

Sign.famend.cn:80 sign.famend.cn:89 sign.famend.cn:449 sign.famend.cn:443

Can be accessed normally. Of course, when you open 449 and 443, you can see that the certificates used by the two URL are different. 449 is provided by LetsEncrypt and valid for 90 days; 443 from Tencent (TrustAsia), valid for 1 year.

Of course, another website in ServiceDocker, famend.cn, can also be visited:

Famend.cn:80

Famend.cn:89

Summary

The above is the method of using Nginx to achieve the coexistence of multiple containers in the server. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply you in time. Thank you very much for your support to the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.