Dockerで全文検索システム構築(httpd+SSL+FESS)


内容

下記設定の備忘録です。

  • DockerでFESS/httpdを構築
  • httpdのimage修正(リバースプロキシ・SSL化)
  • Docker composeで起動設定

環境

  • AlmaLinux release 8.4
  • Docker 20.10.14
  • FESS 14.0.1
  • Apache 2.4.53

手順

dockerインストール

yum -y install yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum erase podman buildah
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker
docker info

compose v2インストール

DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose
chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose
docker compose version

カーネルパラメータ設定

  • FESSの起動に必要です
/etc/sysctl.conf
vim 
vm.max_map_count=262144
sysctl -p

イメージダウンロード

  • FESSイメージダウンロード
yum -y install git
cd ~
git clone https://github.com/codelibs/docker-fess.git
cd docker-fess/compose
  • httpdイメージダウンロード
docker pull httpd

自己証明書作成

  • host側で作成します
cd /root/fess_image2
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp -p server.key server.key.org
openssl rsa -in server.key -out server.key
cp /etc/pki/tls/openssl.cnf openssl_san.cnf
openssl_san.cnf
[ req ]
req_extensions = v3_req #コメント解除
[ usr_cert ]
authorityKeyIdentifier=keyid,issuer:always #:alwaysを追加
[ v3_req ]
subjectAltName=IP:xx.xx.xx.xx #追加
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -sha256 -extensions v3_req -extfile openssl_san.cnf

httpdコンテナimage修正

docker build -f ./Dockerfile -t localhost/httpd:1.0.0 .
Dockerfile
FROM httpd:latest
ENV DEBCONF_NOWARNINGS=yes
RUN apt-get update -y && apt-get install -y lynx
RUN mkdir /usr/local/apache2/key
COPY server.crt /usr/local/apache2/key/
COPY server.key /usr/local/apache2/key/
COPY ssl.conf /usr/local/apache2/conf/extra/
COPY httpd.conf /usr/local/apache2/conf/
RUN echo ServerName $HOSTNAME > /usr/local/apache2/conf/extra/fqdn.conf
ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443

<VirtualHost _default_:443>
  ProxyPreserveHost On
  ProxyPass / http://192.168.2.10:8080/
  ProxyPassReverse / http://192.168.2.10:8080/
  ErrorLog /usr/local/apache2/logs/error.log
  SSLEngine on
  SSLCertificateFile /usr/local/apache2/key/server.crt
  SSLCertificateKeyFile /usr/local/apache2/key/server.key
</VirtualHost>
httpd.conf
#下記追加
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

composeファイル修正

/root/docker-fess2compose-httpd.yaml
services:
  httpd01:
    image: localhost/httpd:1.0.0
    container_name: httpd01
    ports:
      - "443:443"
    networks:
      - esnet
    depends_on:
      - fess01
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "5"
    restart: unless-stopped

networks:
  esnet:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.2.0/24
/root/docker-fess2/compose/compose.yaml
services:
  fess01:
    image: ghcr.io/codelibs/fess
    container_name: fess01
    environment:
      - "ES_HTTP_URL=http://es01:9200"
      - "FESS_DICTIONARY_PATH=${FESS_DICTIONARY_PATH:-/usr/share/elasticsearch/config/dictionary/}"
    networks:
      esnet:
        ipv4_address: 192.168.2.10
    depends_on:
      - es01
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "5"
    restart: unless-stopped
networks:
  esnet:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.2.0/24

コンテナ作成

/usr/bin/docker compose -f /root/docker-fess2/compose/compose-httpd.yaml -f /root/docker-fess2/compose/compose.yaml -f /root/docker-fess2/compose/compose-elasticsearch8.yaml up -d

compose service起動設定

/usr/lib/systemd/system/docker-compose.service
[Unit]
After=docker.service
Description=Docker-Compose
[Service]
ExecStart=/usr/bin/docker compose -f /root/docker-fess2/compose/compose-httpd.yaml -f /root/docker-fess2/compose/compose.yaml -f /root/docker-fess2/compose/compose-elasticsearch8.yaml up -d
Type=simple
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start docker-compose
systemctl enable docker-compose
  • 動作確認
    httpsで下記画面にアクセス出来るか確認(https://xxx.xxx.xxx.xxx)