docker-compose安装wordpress开启https

默认使用docker-compose安装wordpress后,就算开启了443端口,还是无法使用https的。为了解决这个问题,有了这个教程。

本教程参考了互联网的各种教程,再次表示感谢。

一、创建wordpress文件夹,例如:/etc/wordpress使用以下文件内容创建docker-compose.yml

version: '3'

services:
   db:
     image: mysql:8.0
     volumes:
       - db_data:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: somewordpress
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress

   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     ports:
       - "80:80"
       - "443:443"
     volumes:
       - /etc/wordpress/ssl:/etc/apache2/cetrts
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress
       WORDPRESS_DB_NAME: wordpress
volumes:
    db_data: {}

该文件内容与官方指导文件相比,新增了443端口,和挂载了ssl证书的目录,在/etc/wordpress/ssl 放进申请到的证书文件,包括pem和key。

启动安装

docker-compose up -d

二、在docker中安装vim

官方的docker版wordpress默认是ubuntu的,所以就算你虚拟机是centos,也无法在容器中使用yum来安装,只能使用apt-get 来安装。

进入容量docker 的命令:

docker exec -it container-name /bin/bash

进入容器后输入以下代码:

apt-get update
apt-get install vim

加载 OpenSSL 模块

进入 wordpress 容器,输入 openssl ,查看是否安装 ssl ,如果出现下面图情况说明已经安装过了

[root@test home]# docker exec -it blog bash
root@d38c40e54806:/var/www/html# openssl
OpenSSL> 
# 输入 exit 退出 OpenSSL

加载 Apache SSL 模块

输入 a2enmod ssl,第一次加载,会提示重启 Apache,简单粗暴直接重启 wordpress 容器

root@d38c40e54806:/var/www/html# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
root@d38c40e54806:/var/www/html# 

三、备份一下容器中 /etc/apache2/sites-available/default-ssl.conf文件

cd /etc/apache2/sites-available/
cp default-ssl.conf default-ssl.conf.bak

编辑default-ssl.conf文件,修改证书指向正确的文件目录

vi default-ssl.conf

Apache 加载 SSL 模块后,会在 /etc/apache2/sites-available 下生成 default-ssl.conf 文件,编辑该文件

SSLCertificateFile	/etc/apache2/certs/example.com.pem
SSLCertificateKeyFile /etc/apache2/certs/example.com.key

上述两行配置就是证书的存放位置,我们只需要把第三方第三方可信CA签发的证书相应的文件进行替换

从 apache 的配置文件 apache2.conf 可以看到,apache 只会读取 /etc/apache2/sites-enabled 目录的配置文件,所以需要把 /etc/apache2/sites-available 下的 default-ssl.conf 文件复制到 /etc/apache2/sites-enabled 目录下。

cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ss.conf

四、http 请求强制跳转到 https

编辑 /etc/apache2/sites-available/000-default.conf

在 <VirtualHost *:80> </VirtualHost> 标签中增加下面的配置

<Directory "/var/www/html"> 
    RewriteEngine   on
    RewriteBase /
    # FORCE HTTPS
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</Directory>

效果如下

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

    <Directory "/var/www/html"> 
        RewriteEngine   on
        RewriteBase /
        # FORCE HTTPS
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    </Directory>

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

修改完之后,重启 wordpress 容器,一切都变成了 https

docker-compose restart

大功告成!

本文参考了以下文章,深表感谢!

1.Docker 安装 WordPress 并开启 HTTPS

2.『中级篇』docker之wordpress容器SSL(番外篇)(78)