我在使用docker-compose时遇到了困难,它使Apache能够使用SSL,PHP,Mysql。在我的尝试中,PHP甚至可以运行,但Apache无法获得识别的安全证书。Dockerfile中是否存在错误,这就是SSL无法正常工作的原因?
PS:我在macOS索诺马上。
docker-compose.yml
version: '3.8'
services:
web:
image: php:7.4-apache
build:
context: .
dockerfile: ./Dockerfile
ports:
- "8080:80"
- "8443:443"
volumes:
- ./../:/var/www/html/
- ./ssl/localhost.crt:/etc/apache2/ssl/localhost.crt
- ./ssl/localhost.key:/etc/apache2/ssl/localhost.key
- ./servername.conf:/etc/apache2/sites-enabled/servername.conf
command: ["apache2-foreground"]
depends_on:
- mysql
# MySQL 8.0
mysql:
image: mysql:8.0
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: teste_clayton
MYSQL_ROOT_PASSWORD: root
MYSQL_ROOT_HOST: "%"
command: mysqld --sql_mode="NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"
volumes:
- ./../docker-mysql:/var/lib/mysql
# Redis
redis:
image: redis
ports:
- "6379:6379"
# MongoDB
mongodb:
image: mongo
ports:
- "27017:27017"
# OpenSearch (Elasticsearch)
opensearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.0
platform: linux/arm64/v8
ports:
- "9200:9200"
- "9300:9300"
environment:
discovery.type: single-node
volumes:
- ./../docker-elastic:/usr/share/elasticsearch/data
mem_limit: 2g
volumes:
mysql_data:字符串
Dockerfile
FROM php:7.4-apache
RUN cp /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime
RUN docker-php-ext-install pdo pdo_mysql bcmath
RUN apt-get update && apt-get install -y \
libmagickwand-dev \
&& rm -rf /var/lib/apt/lists/*
RUN pecl install imagick
RUN docker-php-ext-enable imagick
RUN pecl install redis
RUN docker-php-ext-enable redis
RUN echo "session.save_handler = redis" >> /usr/local/etc/php/php.ini
RUN echo "session.save_path = tcp://localhost:6379" >> /usr/local/etc/php/php.ini
# RUN echo "upload_max_filesize = 500M;" >> /usr/local/etc/php/conf.d/upload.ini;
# RUN echo "post_max_size = 520M;" >> /usr/local/etc/php/conf.d/upload.ini;
# RUN echo "memory_limit = -1;" >> /usr/local/etc/php/conf.d/memory_limit.ini
COPY ./custom_hosts /etc/hosts
RUN mkdir -p /etc/apache2/ssl
COPY ./ssl/localhost.crt /etc/apache2/ssl/localhost.crt
COPY ./ssl/localhost.key /etc/apache2/ssl/localhost.key
RUN a2enmod rewrite && a2enmod ssl
RUN service apache2 restart
EXPOSE 80
WORKDIR /var/www/html型
servername.conf
ServerName localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks Multiviews
AllowOverride All
Require all granted
</Directory>
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
ServerName localhost
DocumentRoot "/var/www/html"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/localhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>mkdir -p ~/Sites/docker-compose/ssl;
cd ~/Sites/docker-compose/ssl;
openssl genrsa -out localhost.key 2048;
openssl req -new -x509 -key localhost.key -out localhost.crt -days 3650 -subj /CN=localhost;
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain localhost.crt;的字符串
1条答案
按热度按时间xoshrz7s1#
你可以使用已经创建的docker镜像,比如webdevops/php-apache。我可以确认它可以使用SSL。
在部分Apache布局下,您可以看到需要使用卷添加证书文件的目录和路径