在 GCE 上架 Nginx

Env: Ubuntu 16.04, Docker 1.13.1, Docker-compose 1.21.2

Step 1 安裝 Docker

1
2
3
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install docker.io

先到 Github 查看最新版本,並且輸入指令下載

1
2
curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose


Step 2 使用 Docker-compose 安裝 Ghost

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
version: '3'
services:
ghost:
image: ghost:latest
container_name: ghost
restart: always
depends_on:
- db
ports:
- 2368:2368
volumes:
- ./content:/var/lib/ghost/content
environment:
url: {YOU_DOMAIN_NAME}
database__client: mysql
database__connection__host: db
database__connection__user: root
database__connection__password: {YOU_PASSWORD}
database__connection__database: ghost
db:
image: mysql:5.7
restart: always
container_name: mysql
environment:
MYSQL_ROOT_PASSWORD: {YOU_PASSWORD}
volumes:
- ./data:/var/lib/mysql
nginx:
image: nginx:latest
container_name: nginx_web
restart: always
environment:
TZ: "Asia/Taipei"
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/
- /usr/share/nginx/html:/usr/share/nginx/html
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./nginx/log:/var/log/nginx
ports:
- "80:80"
- "443:443"
depends_on:
- ghost
command: bash -c "nginx -g 'daemon off;'"

Step3 設定 Nginx config

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
server {
listen 80;
listen [::]:80;
server_name {YOU_DOMAIN_NAME};
# Useful for Let's Encrypt
location /.well-known/acme-challenge/ { root /usr/share/nginx/html; allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {YOU_DOMAIN_NAME};
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/dainamlon.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dainamlon.com/privkey.pem;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://ghost:2368;
}
}

記得開 port 跟設定 GCE 防火牆


下一章節 -> Nginx使用Namecheap SSL

未經允許請勿轉載文章

評論

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×