默认使用docker-compose安装wordpress后,就算开启了443端口,还是无法使用https的。为了解决这个问题,有了这个教程。
本教程参考了互联网的各种教程,再次表示感谢。
version: '3' services: db: image: mysql:8.0 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db image: wordpress:latest ports: - "80:80" - "443:443" volumes: - /etc/wordpress/ssl:/etc/apache2/cetrts restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress volumes: db_data: {}该文件内容与官方指导文件相比,新增了443端口,和挂载了ssl证书的目录,在/etc/wordpress/ssl 放进申请到的证书文件,包括pem和key。
启动安装
docker-compose up -d
二、在docker中安装vim
官方的docker版wordpress默认是ubuntu的,所以就算你虚拟机是centos,也无法在容器中使用yum来安装,只能使用apt-get 来安装。
进入容量docker 的命令:
docker exec -it container-name /bin/bash
进入容器后输入以下代码:
apt-get update apt-get install vim进入 wordpress 容器,输入 openssl ,查看是否安装 ssl ,如果出现下面图情况说明已经安装过了
[root@test home]# docker exec -it blog bash root@d38c40e54806:/var/www/html# openssl OpenSSL> # 输入 exit 退出 OpenSSL输入 a2enmod ssl,第一次加载,会提示重启 Apache,简单粗暴直接重启 wordpress 容器
root@d38c40e54806:/var/www/html# a2enmod ssl Considering dependency setenvif for ssl: Module setenvif already enabled Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Enabling module socache_shmcb. Enabling module ssl. See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates. To activate the new configuration, you need to run: service apache2 restart root@d38c40e54806:/var/www/html# 三、备份一下容器中 /etc/apache2/sites-available/ 的default-ssl.conf文件
cd /etc/apache2/sites-available/ cp default-ssl.conf default-ssl.conf.bak编辑default-ssl.conf文件,修改证书指向正确的文件目录
vi default-ssl.confApache 加载 SSL 模块后,会在 /etc/apache2/sites-available 下生成 default-ssl.conf 文件,编辑该文件
SSLCertificateFile /etc/apache2/certs/example.com.pem SSLCertificateKeyFile /etc/apache2/certs/example.com.key 上述两行配置就是证书的存放位置,我们只需要把第三方第三方可信CA签发的证书相应的文件进行替换
从 apache 的配置文件 apache2.conf 可以看到,apache 只会读取 /etc/apache2/sites-enabled 目录的配置文件,所以需要把 /etc/apache2/sites-available 下的 default-ssl.conf 文件复制到 /etc/apache2/sites-enabled 目录下。
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ss.conf四、http 请求强制跳转到 https
编辑 /etc/apache2/sites-available/000-default.conf
在 <VirtualHost *:80> </VirtualHost> 标签中增加下面的配置
<Directory "/var/www/html"> RewriteEngine on RewriteBase / # FORCE HTTPS RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] </Directory> 效果如下
<VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory "/var/www/html"> RewriteEngine on RewriteCond %{HTTP_HOST} ^http3w.com [NC] #改成自己域名,实现去www访问 RewriteRule ^(.*)$ https://www.http3w.com/$1 [L,R=301] RewriteBase / # FORCE HTTPS RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] </Directory> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 修改完之后,重启 wordpress 容器,一切都变成了 https
docker-compose restart大功告成!
1、原创文章,作者:诺米,如若转载,请注明出处:https://www.http3w.com/archives/69
2、本站内容若有雷同从属巧合,若侵犯了您的权益,请联系本站删除,E-mail: wtao219@qq.com
原文链接:https://www.http3w.com/archives/69
