如何在 Ubuntu 22.04 LTS 上安装 Drupal with Docker。

Linux命令 Edge插件网 2年前 (2023-03-11) 478次浏览 已收录 0个评论

Drupal是一个开源平台,用于构建令人惊叹的数字体验。它是由一个专门的社区制作的。Drupal使用模块化架构,允许开发人员通过安装和配置模块向核心系统添加功能。Drupal有数千个模块可用,它们提供了广泛的功能,例如电子商务,论坛和社交媒体集成。如何在 Ubuntu 22.04 LTS 上安装 Drupal with Docker。

在 Ubuntu 22.04 LTS Jammy Jellyfish 上安装 Drupal with Docker(Docker)

第 1 步。首先,通过在终端中运行以下命令,确保所有系统软件包都是最新的。apt

<span class="pln">sudo apt update
sudo apt upgrade</span>

第 2 步。安装 Docker。

默认情况下,Docker 在 Ubuntu 22.04 基础存储库上不可用。现在运行以下命令将 Docker 存储库添加到系统中:

<span class="pln">echo </span><span class="str">"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"</span> <span class="pun">|</span><span class="pln"> sudo tee </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">docker</span><span class="pun">.</span><span class="pln">list</span>

接下来,将 GPG 密钥导入您的系统:

<span class="pln">curl </span><span class="pun">-</span><span class="pln">fsSL https</span><span class="pun">:</span><span class="com">//download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg</span>

启用存储库后,现在使用以下命令安装最新版本的 Docker 包:

<span class="pln">sudo apt update
sudo apt install docker</span><span class="pun">-</span><span class="pln">ce docker</span><span class="pun">-</span><span class="pln">ce</span><span class="pun">-</span><span class="pln">cli containerd</span><span class="pun">.</span><span class="pln">io docker</span><span class="pun">-</span><span class="pln">compose</span><span class="pun">-</span><span class="pln">plugin</span>

您可以验证 Docker 是否已安装以及当前版本:

<span class="pln">docker </span><span class="pun">-</span><span class="pln">v</span>

成功安装后,启用 Docker(在系统启动时自动启动)、启动并使用以下命令验证状态:

<span class="pln">sudo systemctl enable docker
sudo systemctl start docker
sudo systemctl status docker</span>

默认情况下,Docker 需要根权限。如果要避免在每次运行命令时使用,请将用户名添加到组中:sudodockerdocker

<span class="pln">sudo usermod </span><span class="pun">-</span><span class="pln">aG docker $</span><span class="pun">(</span><span class="pln">whoami</span><span class="pun">)</span><span class="pln">
su </span><span class="pun">-</span><span class="pln"> $</span><span class="pun">{</span><span class="pln">USER</span><span class="pun">}</span>

确认您的用户已添加到 Docker 组:

<span class="pln">groups</span>

有关安装和管理 Docker 的其他资源,请阅读下面的帖子:

  • 如何在 Ubuntu Linux √ 上安装 Docker。

第 3 步。为 Drupal 创建 Docker Compose 文件。

首先,为 Drupal 配置创建一个目录:

<span class="pln">mkdir </span><span class="pun">~/</span><span class="pln">drupal
cd </span><span class="pun">~/</span><span class="pln">drupal</span>

现在我们使用您喜欢的文本编辑器创建并打开 Docker 撰写文件:

<span class="pln">nano docker</span><span class="pun">-</span><span class="pln">compose</span><span class="pun">.</span><span class="pln">yml</span>

添加以下文件:

<span class="pln">services</span><span class="pun">:</span><span class="pln">
  mysql</span><span class="pun">:</span><span class="pln">
    image</span><span class="pun">:</span><span class="pln"> mysql</span><span class="pun">:</span><span class="lit">8.0</span><span class="pln">
    container_name</span><span class="pun">:</span><span class="pln"> mysql
    restart</span><span class="pun">:</span> <span class="kwd">unless</span><span class="pun">-</span><span class="pln">stopped
    env_file</span><span class="pun">:</span> <span class="pun">.</span><span class="pln">env
    volumes</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> db</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">mysql
    networks</span><span class="pun">:</span>
      <span class="pun">-</span> <span class="kwd">internal</span><span class="pln">
  
  drupal</span><span class="pun">:</span><span class="pln">
    image</span><span class="pun">:</span><span class="pln"> drupal</span><span class="pun">:</span><span class="lit">10</span><span class="pun">-</span><span class="pln">fpm</span><span class="pun">-</span><span class="pln">alpine
    container_name</span><span class="pun">:</span><span class="pln"> drupal
    depends_on</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> mysql
    restart</span><span class="pun">:</span> <span class="kwd">unless</span><span class="pun">-</span><span class="pln">stopped
    networks</span><span class="pun">:</span>
      <span class="pun">-</span> <span class="kwd">internal</span>
      <span class="pun">-</span><span class="pln"> external
    volumes</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> drupal</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html
  
  webserver</span><span class="pun">:</span><span class="pln">
    image</span><span class="pun">:</span><span class="pln"> nginx</span><span class="pun">:</span><span class="lit">1.22</span><span class="pun">.</span><span class="lit">1</span><span class="pun">-</span><span class="pln">alpine
    container_name</span><span class="pun">:</span><span class="pln"> webserver
    depends_on</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> drupal
    restart</span><span class="pun">:</span> <span class="kwd">unless</span><span class="pun">-</span><span class="pln">stopped
    ports</span><span class="pun">:</span>
      <span class="pun">-</span> <span class="lit">80</span><span class="pun">:</span><span class="lit">80</span><span class="pln">
    volumes</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> drupal</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html
      </span><span class="pun">-</span> <span class="pun">./</span><span class="pln">nginx</span><span class="pun">-</span><span class="pln">conf</span><span class="pun">:</span><span class="str">/etc/</span><span class="pln">nginx</span><span class="pun">/</span><span class="pln">conf</span><span class="pun">.</span><span class="pln">d
      </span><span class="pun">-</span><span class="pln"> certbot</span><span class="pun">-</span><span class="pln">etc</span><span class="pun">:</span><span class="str">/etc/</span><span class="pln">letsencrypt
    networks</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> external
  
  certbot</span><span class="pun">:</span><span class="pln">
    depends_on</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> webserver
    image</span><span class="pun">:</span><span class="pln"> certbot</span><span class="pun">/</span><span class="pln">certbot
    container_name</span><span class="pun">:</span><span class="pln"> certbot
    volumes</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> certbot</span><span class="pun">-</span><span class="pln">etc</span><span class="pun">:</span><span class="str">/etc/</span><span class="pln">letsencrypt
      </span><span class="pun">-</span><span class="pln"> drupal</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html
    command</span><span class="pun">:</span><span class="pln"> certonly </span><span class="pun">--</span><span class="pln">webroot </span><span class="pun">--</span><span class="pln">webroot</span><span class="pun">-</span><span class="pln">path</span><span class="pun">=</span><span class="str">/var/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html </span><span class="pun">--</span><span class="pln">email admin@your</span><span class="pun">-</span><span class="pln">domain </span><span class="pun">--</span><span class="pln">agree</span><span class="pun">-</span><span class="pln">tos </span><span class="pun">--</span><span class="kwd">no</span><span class="pun">-</span><span class="pln">eff</span><span class="pun">-</span><span class="pln">email </span><span class="pun">--</span><span class="pln">staging </span><span class="pun">-</span><span class="pln">d your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com </span><span class="pun">-</span><span class="pln">d www</span><span class="pun">.</span><span class="pln">your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com

networks</span><span class="pun">:</span><span class="pln">
  external</span><span class="pun">:</span><span class="pln">
    driver</span><span class="pun">:</span><span class="pln"> bridge
  </span><span class="kwd">internal</span><span class="pun">:</span><span class="pln">
    driver</span><span class="pun">:</span><span class="pln"> bridge

volumes</span><span class="pun">:</span><span class="pln">
  drupal</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="pln">
  db</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="pln">
  certbot</span><span class="pun">-</span><span class="pln">etc</span><span class="pun">:</span>

保存并关闭文件。

第 4 步。为 nginx 配置 Docker Compose。

首先,我们为 Nginx 配置创建目录:

<span class="pln">mkdir nginx</span><span class="pun">-</span><span class="pln">conf</span>

接下来,使用您喜欢的文本编辑器创建并打开 Nginx 文件:

<span class="pln">nano nginx</span><span class="pun">-</span><span class="pln">conf</span><span class="pun">/</span><span class="pln">drupal</span><span class="pun">.</span><span class="pln">conf</span>

添加以下文件:

<span class="pln">server </span><span class="pun">{</span><span class="pln">
    listen </span><span class="lit">80</span><span class="pun">;</span><span class="pln">
    listen </span><span class="pun">[::]:</span><span class="lit">80</span><span class="pun">;</span><span class="pln">

    server_name your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com</span><span class="pun">;</span><span class="pln">

    index index</span><span class="pun">.</span><span class="pln">php index</span><span class="pun">.</span><span class="pln">html index</span><span class="pun">.</span><span class="pln">htm</span><span class="pun">;</span><span class="pln">

    root </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html</span><span class="pun">;</span><span class="pln">

    location </span><span class="pun">~</span> <span class="str">/.well-known/</span><span class="pln">acme</span><span class="pun">-</span><span class="pln">challenge </span><span class="pun">{</span><span class="pln">
        allow all</span><span class="pun">;</span><span class="pln">
        root </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    location </span><span class="pun">/</span> <span class="pun">{</span><span class="pln">
        try_files $uri $uri</span><span class="pun">/</span> <span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php$is_args$args</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    rewrite </span><span class="pun">^</span><span class="str">/core/</span><span class="pln">authorize</span><span class="pun">.</span><span class="pln">php</span><span class="pun">/</span><span class="pln">core</span><span class="pun">/</span><span class="pln">authorize</span><span class="pun">.</span><span class="pln">php</span><span class="pun">(.*)</span><span class="pln">$ </span><span class="pun">/</span><span class="pln">core</span><span class="pun">/</span><span class="pln">authorize</span><span class="pun">.</span><span class="pln">php$1</span><span class="pun">;</span><span class="pln">

    location </span><span class="pun">~</span><span class="pln"> \.php$ </span><span class="pun">{</span><span class="pln">
        try_files $uri </span><span class="pun">=</span><span class="lit">404</span><span class="pun">;</span><span class="pln">
        fastcgi_split_path_info </span><span class="pun">^(.+</span><span class="pln">\.php</span><span class="pun">)(/.+)</span><span class="pln">$</span><span class="pun">;</span><span class="pln">
        fastcgi_pass drupal</span><span class="pun">:</span><span class="lit">9000</span><span class="pun">;</span><span class="pln">
        fastcgi_index index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">;</span><span class="pln">
        include fastcgi_params</span><span class="pun">;</span><span class="pln">
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name</span><span class="pun">;</span><span class="pln">
        fastcgi_param PATH_INFO $fastcgi_path_info</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    location </span><span class="pun">~</span> <span class="pun">/</span><span class="pln">\.ht </span><span class="pun">{</span><span class="pln">
        deny all</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    location </span><span class="pun">=</span> <span class="pun">/</span><span class="pln">favicon</span><span class="pun">.</span><span class="pln">ico </span><span class="pun">{</span><span class="pln"> 
        log_not_found off</span><span class="pun">;</span><span class="pln"> access_log off</span><span class="pun">;</span> 
    <span class="pun">}</span><span class="pln">
    location </span><span class="pun">=</span> <span class="pun">/</span><span class="pln">robots</span><span class="pun">.</span><span class="pln">txt </span><span class="pun">{</span><span class="pln"> 
        log_not_found off</span><span class="pun">;</span><span class="pln"> access_log off</span><span class="pun">;</span><span class="pln"> allow all</span><span class="pun">;</span> 
    <span class="pun">}</span><span class="pln">
    location </span><span class="pun">~*</span><span class="pln"> \.</span><span class="pun">(</span><span class="pln">css</span><span class="pun">|</span><span class="pln">gif</span><span class="pun">|</span><span class="pln">ico</span><span class="pun">|</span><span class="pln">jpeg</span><span class="pun">|</span><span class="pln">jpg</span><span class="pun">|</span><span class="pln">js</span><span class="pun">|</span><span class="pln">png</span><span class="pun">)</span><span class="pln">$ </span><span class="pun">{</span><span class="pln">
        expires max</span><span class="pun">;</span><span class="pln">
        log_not_found off</span><span class="pun">;</span>
    <span class="pun">}</span>
<span class="pun">}</span>

完成后,保存并关闭文件。

第5步。配置 Docker for SSL。

在生成 SSL 证书之前,我们使用以下命令启动容器:

<span class="pln">docker compose up </span><span class="pun">-</span><span class="pln">d</span>

接下来,使用以下命令打开 docker 撰写文件:

<span class="pln">nano docker</span><span class="pun">-</span><span class="pln">compose</span><span class="pun">.</span><span class="pln">yml</span>

替换 Certbot 服务部分中的标志并将其替换为标志:--staging--force-renewal

<span class="pln">certbot</span><span class="pun">:</span><span class="pln">
    depends_on</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> webserver
    image</span><span class="pun">:</span><span class="pln"> certbot</span><span class="pun">/</span><span class="pln">certbot
    container_name</span><span class="pun">:</span><span class="pln"> certbot
    volumes</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> certbot</span><span class="pun">-</span><span class="pln">etc</span><span class="pun">:</span><span class="str">/etc/</span><span class="pln">letsencrypt
      </span><span class="pun">-</span><span class="pln"> drupal</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html
    command</span><span class="pun">:</span><span class="pln"> certonly </span><span class="pun">--</span><span class="pln">webroot </span><span class="pun">--</span><span class="pln">webroot</span><span class="pun">-</span><span class="pln">path</span><span class="pun">=</span><span class="str">/var/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html </span><span class="pun">--</span><span class="pln">email admin@your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com </span><span class="pun">--</span><span class="pln">agree</span><span class="pun">-</span><span class="pln">tos </span><span class="pun">--</span><span class="kwd">no</span><span class="pun">-</span><span class="pln">eff</span><span class="pun">-</span><span class="pln">email </span><span class="pun">--</span><span class="pln">staple</span><span class="pun">-</span><span class="pln">ocsp </span><span class="pun">--</span><span class="pln">force</span><span class="pun">-</span><span class="pln">renewal </span><span class="pun">-</span><span class="pln">d your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com</span>

保存并关闭文件,然后再次运行命令以重新创建 Certbot 容器:docker compose up

<span class="pln">docker compose up </span><span class="pun">--</span><span class="pln">force</span><span class="pun">-</span><span class="pln">recreate </span><span class="pun">--</span><span class="kwd">no</span><span class="pun">-</span><span class="pln">deps certbot</span>

第 6 步。为 SSL 配置 Nginx。

首先,我们使用以下命令停止 Nginx 服务器:

<span class="pln">docker stop webserver</span>

接下来,为 SSL 配置创建一个新的 Nginx 文件:

<span class="pln">nano nginx</span><span class="pun">-</span><span class="pln">conf</span><span class="pun">/</span><span class="pln">drupal</span><span class="pun">-</span><span class="pln">ssl</span><span class="pun">.</span><span class="pln">conf</span>

添加以下文件:

<span class="pln">server </span><span class="pun">{</span><span class="pln">
    listen </span><span class="lit">80</span><span class="pun">;</span><span class="pln">
    listen </span><span class="pun">[::]:</span><span class="lit">80</span><span class="pun">;</span><span class="pln">

    server_name your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com</span><span class="pun">;</span><span class="pln">

    location </span><span class="pun">~</span> <span class="str">/.well-known/</span><span class="pln">acme</span><span class="pun">-</span><span class="pln">challenge </span><span class="pun">{</span><span class="pln">
        allow all</span><span class="pun">;</span><span class="pln">
        root </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    location </span><span class="pun">/</span> <span class="pun">{</span><span class="pln">
        rewrite </span><span class="pun">^</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//$host$request_uri? permanent;</span>
    <span class="pun">}</span>
<span class="pun">}</span><span class="pln">
server </span><span class="pun">{</span><span class="pln">
    listen </span><span class="lit">443</span><span class="pln"> ssl http2</span><span class="pun">;</span><span class="pln">
    listen </span><span class="pun">[::]:</span><span class="lit">443</span><span class="pln"> ssl http2</span><span class="pun">;</span><span class="pln">
    server_name your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com</span><span class="pun">;</span><span class="pln">

    index index</span><span class="pun">.</span><span class="pln">php index</span><span class="pun">.</span><span class="pln">html index</span><span class="pun">.</span><span class="pln">htm</span><span class="pun">;</span><span class="pln">

    root </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html</span><span class="pun">;</span><span class="pln">

    server_tokens off</span><span class="pun">;</span><span class="pln">

    ssl_certificate </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">letsencrypt</span><span class="pun">/</span><span class="pln">live</span><span class="pun">/</span><span class="pln">your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com</span><span class="pun">/</span><span class="pln">fullchain</span><span class="pun">.</span><span class="pln">pem</span><span class="pun">;</span><span class="pln">
    ssl_certificate_key </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">letsencrypt</span><span class="pun">/</span><span class="pln">live</span><span class="pun">/</span><span class="pln">your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com</span><span class="pun">/</span><span class="pln">privkey</span><span class="pun">.</span><span class="pln">pem</span><span class="pun">;</span><span class="pln">
    ssl_trusted_certificate </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">letsencrypt</span><span class="pun">/</span><span class="pln">live</span><span class="pun">/</span><span class="pln">your</span><span class="pun">-</span><span class="pln">domain</span><span class="pun">.</span><span class="pln">com</span><span class="pun">/</span><span class="pln">chain</span><span class="pun">.</span><span class="pln">pem</span><span class="pun">;</span><span class="pln">
    ssl_session_timeout </span><span class="lit">1d</span><span class="pun">;</span><span class="pln">
    ssl_session_cache shared</span><span class="pun">:</span><span class="pln">SSL</span><span class="pun">:</span><span class="lit">10m</span><span class="pun">;</span><span class="pln">
    ssl_session_tickets off</span><span class="pun">;</span><span class="pln">
    ssl_protocols </span><span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">2</span> <span class="typ">TLSv1</span><span class="pun">.</span><span class="lit">3</span><span class="pun">;</span><span class="pln">
    ssl_ciphers ECDHE</span><span class="pun">-</span><span class="pln">ECDSA</span><span class="pun">-</span><span class="pln">AES128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256</span><span class="pun">:</span><span class="pln">ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256</span><span class="pun">:</span><span class="pln">ECDHE</span><span class="pun">-</span><span class="pln">ECDSA</span><span class="pun">-</span><span class="pln">AES256</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA384</span><span class="pun">:</span><span class="pln">ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES256</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA384</span><span class="pun">:</span><span class="pln">ECDHE</span><span class="pun">-</span><span class="pln">ECDSA</span><span class="pun">-</span><span class="pln">CHACHA20</span><span class="pun">-</span><span class="pln">POLY1305</span><span class="pun">:</span><span class="pln">ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">CHACHA20</span><span class="pun">-</span><span class="pln">POLY1305</span><span class="pun">:</span><span class="pln">DHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES128</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA256</span><span class="pun">:</span><span class="pln">DHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">AES256</span><span class="pun">-</span><span class="pln">GCM</span><span class="pun">-</span><span class="pln">SHA384</span><span class="pun">;</span><span class="pln">
    ssl_prefer_server_ciphers off</span><span class="pun">;</span><span class="pln">
    ssl_ecdh_curve secp384r1</span><span class="pun">;</span><span class="pln">
    ssl_dhparam </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ssl</span><span class="pun">/</span><span class="pln">certs</span><span class="pun">/</span><span class="pln">dhparam</span><span class="pun">.</span><span class="pln">pem</span><span class="pun">;</span>

    <span class="com"># OCSP stapling</span><span class="pln">
    ssl_stapling on</span><span class="pun">;</span><span class="pln">
    ssl_stapling_verify on</span><span class="pun">;</span><span class="pln">
    resolver </span><span class="lit">8.8</span><span class="pun">.</span><span class="lit">8.8</span> <span class="lit">8.8</span><span class="pun">.</span><span class="lit">4.4</span><span class="pln"> valid</span><span class="pun">=</span><span class="lit">300s</span><span class="pun">;</span><span class="pln">
    resolver_timeout </span><span class="lit">5s</span><span class="pun">;</span><span class="pln">

    add_header X</span><span class="pun">-</span><span class="typ">Frame</span><span class="pun">-</span><span class="typ">Options</span> <span class="str">"SAMEORIGIN"</span><span class="pln"> always</span><span class="pun">;</span><span class="pln">
    add_header X</span><span class="pun">-</span><span class="pln">XSS</span><span class="pun">-</span><span class="typ">Protection</span> <span class="str">"1; mode=block"</span><span class="pln"> always</span><span class="pun">;</span><span class="pln">
    add_header X</span><span class="pun">-</span><span class="typ">Content</span><span class="pun">-</span><span class="typ">Type</span><span class="pun">-</span><span class="typ">Options</span> <span class="str">"nosniff"</span><span class="pln"> always</span><span class="pun">;</span><span class="pln">
    add_header </span><span class="typ">Referrer</span><span class="pun">-</span><span class="typ">Policy</span> <span class="str">"no-referrer-when-downgrade"</span><span class="pln"> always</span><span class="pun">;</span><span class="pln">
    add_header </span><span class="typ">Content</span><span class="pun">-</span><span class="typ">Security</span><span class="pun">-</span><span class="typ">Policy</span> <span class="str">"default-src * data: 'unsafe-eval' 'unsafe-inline'"</span><span class="pln"> always</span><span class="pun">;</span><span class="pln">

    location </span><span class="pun">/</span> <span class="pun">{</span><span class="pln">
        try_files $uri $uri</span><span class="pun">/</span> <span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php$is_args$args</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    rewrite </span><span class="pun">^</span><span class="str">/core/</span><span class="pln">authorize</span><span class="pun">.</span><span class="pln">php</span><span class="pun">/</span><span class="pln">core</span><span class="pun">/</span><span class="pln">authorize</span><span class="pun">.</span><span class="pln">php</span><span class="pun">(.*)</span><span class="pln">$ </span><span class="pun">/</span><span class="pln">core</span><span class="pun">/</span><span class="pln">authorize</span><span class="pun">.</span><span class="pln">php$1</span><span class="pun">;</span><span class="pln">

    location </span><span class="pun">~</span><span class="pln"> \.php$ </span><span class="pun">{</span><span class="pln">
        try_files $uri </span><span class="pun">=</span><span class="lit">404</span><span class="pun">;</span><span class="pln">
        fastcgi_split_path_info </span><span class="pun">^(.+</span><span class="pln">\.php</span><span class="pun">)(/.+)</span><span class="pln">$</span><span class="pun">;</span><span class="pln">
        fastcgi_pass drupal</span><span class="pun">:</span><span class="lit">9000</span><span class="pun">;</span><span class="pln">
        fastcgi_index index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">;</span><span class="pln">
        include fastcgi_params</span><span class="pun">;</span><span class="pln">
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name</span><span class="pun">;</span><span class="pln">
        fastcgi_param PATH_INFO $fastcgi_path_info</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    location </span><span class="pun">~</span> <span class="pun">/</span><span class="pln">\.ht </span><span class="pun">{</span><span class="pln">
        deny all</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">

    location </span><span class="pun">=</span> <span class="pun">/</span><span class="pln">favicon</span><span class="pun">.</span><span class="pln">ico </span><span class="pun">{</span><span class="pln">
        log_not_found off</span><span class="pun">;</span><span class="pln"> access_log off</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">
    location </span><span class="pun">=</span> <span class="pun">/</span><span class="pln">robots</span><span class="pun">.</span><span class="pln">txt </span><span class="pun">{</span><span class="pln">
        log_not_found off</span><span class="pun">;</span><span class="pln"> access_log off</span><span class="pun">;</span><span class="pln"> allow all</span><span class="pun">;</span>
    <span class="pun">}</span><span class="pln">
    location </span><span class="pun">~*</span><span class="pln"> \.</span><span class="pun">(</span><span class="pln">css</span><span class="pun">|</span><span class="pln">gif</span><span class="pun">|</span><span class="pln">ico</span><span class="pun">|</span><span class="pln">jpeg</span><span class="pun">|</span><span class="pln">jpg</span><span class="pun">|</span><span class="pln">js</span><span class="pun">|</span><span class="pln">png</span><span class="pun">)</span><span class="pln">$ </span><span class="pun">{</span><span class="pln">
        expires max</span><span class="pun">;</span><span class="pln">
        log_not_found off</span><span class="pun">;</span>
    <span class="pun">}</span>
<span class="pun">}</span>

保存并关闭文件,然后确保 Nginx 容器侦听端口 443:

<span class="pln">nano docker</span><span class="pun">-</span><span class="pln">compose</span><span class="pun">.</span><span class="pln">yml</span>

按照配置:

<span class="pln">webserver</span><span class="pun">:</span><span class="pln">
    image</span><span class="pun">:</span><span class="pln"> nginx</span><span class="pun">:</span><span class="lit">1.22</span><span class="pun">.</span><span class="lit">1</span><span class="pun">-</span><span class="pln">alpine
    container_name</span><span class="pun">:</span><span class="pln"> webserver
    depends_on</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> drupal
    restart</span><span class="pun">:</span> <span class="kwd">unless</span><span class="pun">-</span><span class="pln">stopped
    ports</span><span class="pun">:</span>
      <span class="pun">-</span> <span class="lit">80</span><span class="pun">:</span><span class="lit">80</span>
      <span class="pun">-</span> <span class="lit">443</span><span class="pun">:</span><span class="lit">443</span><span class="pln">
    volumes</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> drupal</span><span class="pun">-</span><span class="pln">data</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">html
      </span><span class="pun">-</span> <span class="pun">./</span><span class="pln">nginx</span><span class="pun">-</span><span class="pln">conf</span><span class="pun">:</span><span class="str">/etc/</span><span class="pln">nginx</span><span class="pun">/</span><span class="pln">conf</span><span class="pun">.</span><span class="pln">d
      </span><span class="pun">-</span><span class="pln"> certbot</span><span class="pun">-</span><span class="pln">etc</span><span class="pun">:</span><span class="str">/etc/</span><span class="pln">letsencrypt
      </span><span class="pun">-</span> <span class="str">/etc/</span><span class="pln">ssl</span><span class="pun">/</span><span class="pln">certs</span><span class="pun">/</span><span class="pln">dhparam</span><span class="pun">.</span><span class="pln">pem</span><span class="pun">:</span><span class="str">/etc/</span><span class="pln">ssl</span><span class="pun">/</span><span class="pln">certs</span><span class="pun">/</span><span class="pln">dhparam</span><span class="pun">.</span><span class="pln">pem
    networks</span><span class="pun">:</span>
      <span class="pun">-</span><span class="pln"> external</span>

保存并关闭该文件,然后使用以下命令删除较旧的 HTTP 配置文件:

<span class="pln">rm nginx</span><span class="pun">-</span><span class="pln">conf</span><span class="pun">/</span><span class="pln">drupal</span><span class="pun">.</span><span class="pln">conf</span>

接下来,生成一个我们已经在上面配置的 Diffie-Hellman 组证书:

<span class="pln">sudo openssl dhparam </span><span class="pun">-</span><span class="pln">dsaparam </span><span class="pun">-</span><span class="kwd">out</span> <span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ssl</span><span class="pun">/</span><span class="pln">certs</span><span class="pun">/</span><span class="pln">dhparam</span><span class="pun">.</span><span class="pln">pem </span><span class="lit">4096</span>

最后,重新创建 Nginx 容器:

<span class="pln">docker compose up </span><span class="pun">-</span><span class="pln">d </span><span class="pun">--</span><span class="pln">force</span><span class="pun">-</span><span class="pln">recreate </span><span class="pun">--</span><span class="kwd">no</span><span class="pun">-</span><span class="pln">deps webserver</span>

步骤 7.配置防火墙。

现在我们使用Drupal设置了一个简单防火墙(UFW),以允许在默认Web端口80和443上进行公共访问:

<span class="pln">sudo ufw allow </span><span class="typ">OpenSSH</span><span class="pln">
sudo ufw allow http
sudo ufw allow https
sudo ufw enable</span>

第8步。访问Drupal Web界面。

现在打开您的Web浏览器并使用URL访问Drupal Web UI。您将被重定向到以下页面:https://your-domain.com

如何在 Ubuntu 22.04 LTS 上安装 Drupal with Docker。

感谢您使用本教程在 Ubuntu 系统上安装 Drupal with Docker。有关其他帮助或有用信息,我们建议您查看Drupal官方网站


Edge插件网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:如何在 Ubuntu 22.04 LTS 上安装 Drupal with Docker。
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址