Dockerで全文検索システム構築(httpd+SSL+FESS)
内容
下記設定の備忘録です。
- DockerでFESS/httpdを構築
- httpdのimage修正(リバースプロキシ・SSL化)
- Docker composeで起動設定
環境
- AlmaLinux release 8.4
- Docker 20.10.14
- FESS 14.0.1
- Apache 2.4.53
手順
dockerインストール
yum -y install yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum erase podman buildah
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker
docker info
compose v2インストール
DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose
chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose
docker compose version
カーネルパラメータ設定
- FESSの起動に必要です
/etc/sysctl.conf
vim
vm.max_map_count=262144
sysctl -p
イメージダウンロード
- FESSイメージダウンロード
yum -y install git
cd ~
git clone https://github.com/codelibs/docker-fess.git
cd docker-fess/compose
- httpdイメージダウンロード
docker pull httpd
自己証明書作成
- host側で作成します
cd /root/fess_image2
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp -p server.key server.key.org
openssl rsa -in server.key -out server.key
cp /etc/pki/tls/openssl.cnf openssl_san.cnf
openssl_san.cnf
[ req ]
req_extensions = v3_req #コメント解除
[ usr_cert ]
authorityKeyIdentifier=keyid,issuer:always #:alwaysを追加
[ v3_req ]
subjectAltName=IP:xx.xx.xx.xx #追加
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -sha256 -extensions v3_req -extfile openssl_san.cnf
httpdコンテナimage修正
docker build -f ./Dockerfile -t localhost/httpd:1.0.0 .
Dockerfile
FROM httpd:latest
ENV DEBCONF_NOWARNINGS=yes
RUN apt-get update -y && apt-get install -y lynx
RUN mkdir /usr/local/apache2/key
COPY server.crt /usr/local/apache2/key/
COPY server.key /usr/local/apache2/key/
COPY ssl.conf /usr/local/apache2/conf/extra/
COPY httpd.conf /usr/local/apache2/conf/
RUN echo ServerName $HOSTNAME > /usr/local/apache2/conf/extra/fqdn.conf
ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost _default_:443>
ProxyPreserveHost On
ProxyPass / http://192.168.2.10:8080/
ProxyPassReverse / http://192.168.2.10:8080/
ErrorLog /usr/local/apache2/logs/error.log
SSLEngine on
SSLCertificateFile /usr/local/apache2/key/server.crt
SSLCertificateKeyFile /usr/local/apache2/key/server.key
</VirtualHost>
httpd.conf
#下記追加
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
composeファイル修正
/root/docker-fess2compose-httpd.yaml
services:
httpd01:
image: localhost/httpd:1.0.0
container_name: httpd01
ports:
- "443:443"
networks:
- esnet
depends_on:
- fess01
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
restart: unless-stopped
networks:
esnet:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.2.0/24
/root/docker-fess2/compose/compose.yaml
services:
fess01:
image: ghcr.io/codelibs/fess
container_name: fess01
environment:
- "ES_HTTP_URL=http://es01:9200"
- "FESS_DICTIONARY_PATH=${FESS_DICTIONARY_PATH:-/usr/share/elasticsearch/config/dictionary/}"
networks:
esnet:
ipv4_address: 192.168.2.10
depends_on:
- es01
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
restart: unless-stopped
networks:
esnet:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.2.0/24
コンテナ作成
/usr/bin/docker compose -f /root/docker-fess2/compose/compose-httpd.yaml -f /root/docker-fess2/compose/compose.yaml -f /root/docker-fess2/compose/compose-elasticsearch8.yaml up -d
compose service起動設定
/usr/lib/systemd/system/docker-compose.service
[Unit]
After=docker.service
Description=Docker-Compose
[Service]
ExecStart=/usr/bin/docker compose -f /root/docker-fess2/compose/compose-httpd.yaml -f /root/docker-fess2/compose/compose.yaml -f /root/docker-fess2/compose/compose-elasticsearch8.yaml up -d
Type=simple
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start docker-compose
systemctl enable docker-compose
- 動作確認
httpsで下記画面にアクセス出来るか確認(https://xxx.xxx.xxx.xxx)
yum -y install yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum erase podman buildah
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker
docker info
DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose
chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose
docker compose version
/etc/sysctl.conf
vim
vm.max_map_count=262144
sysctl -p
yum -y install git
cd ~
git clone https://github.com/codelibs/docker-fess.git
cd docker-fess/compose
docker pull httpd
cd /root/fess_image2
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp -p server.key server.key.org
openssl rsa -in server.key -out server.key
cp /etc/pki/tls/openssl.cnf openssl_san.cnf
openssl_san.cnf
[ req ]
req_extensions = v3_req #コメント解除
[ usr_cert ]
authorityKeyIdentifier=keyid,issuer:always #:alwaysを追加
[ v3_req ]
subjectAltName=IP:xx.xx.xx.xx #追加
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -sha256 -extensions v3_req -extfile openssl_san.cnf
docker build -f ./Dockerfile -t localhost/httpd:1.0.0 .
Dockerfile
FROM httpd:latest
ENV DEBCONF_NOWARNINGS=yes
RUN apt-get update -y && apt-get install -y lynx
RUN mkdir /usr/local/apache2/key
COPY server.crt /usr/local/apache2/key/
COPY server.key /usr/local/apache2/key/
COPY ssl.conf /usr/local/apache2/conf/extra/
COPY httpd.conf /usr/local/apache2/conf/
RUN echo ServerName $HOSTNAME > /usr/local/apache2/conf/extra/fqdn.conf
ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost _default_:443>
ProxyPreserveHost On
ProxyPass / http://192.168.2.10:8080/
ProxyPassReverse / http://192.168.2.10:8080/
ErrorLog /usr/local/apache2/logs/error.log
SSLEngine on
SSLCertificateFile /usr/local/apache2/key/server.crt
SSLCertificateKeyFile /usr/local/apache2/key/server.key
</VirtualHost>
httpd.conf
#下記追加
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
/root/docker-fess2compose-httpd.yaml
services:
httpd01:
image: localhost/httpd:1.0.0
container_name: httpd01
ports:
- "443:443"
networks:
- esnet
depends_on:
- fess01
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
restart: unless-stopped
networks:
esnet:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.2.0/24
/root/docker-fess2/compose/compose.yaml
services:
fess01:
image: ghcr.io/codelibs/fess
container_name: fess01
environment:
- "ES_HTTP_URL=http://es01:9200"
- "FESS_DICTIONARY_PATH=${FESS_DICTIONARY_PATH:-/usr/share/elasticsearch/config/dictionary/}"
networks:
esnet:
ipv4_address: 192.168.2.10
depends_on:
- es01
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
restart: unless-stopped
networks:
esnet:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.2.0/24
/usr/bin/docker compose -f /root/docker-fess2/compose/compose-httpd.yaml -f /root/docker-fess2/compose/compose.yaml -f /root/docker-fess2/compose/compose-elasticsearch8.yaml up -d
/usr/lib/systemd/system/docker-compose.service
[Unit]
After=docker.service
Description=Docker-Compose
[Service]
ExecStart=/usr/bin/docker compose -f /root/docker-fess2/compose/compose-httpd.yaml -f /root/docker-fess2/compose/compose.yaml -f /root/docker-fess2/compose/compose-elasticsearch8.yaml up -d
Type=simple
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start docker-compose
systemctl enable docker-compose
httpsで下記画面にアクセス出来るか確認(https://xxx.xxx.xxx.xxx)
Author And Source
この問題について(Dockerで全文検索システム構築(httpd+SSL+FESS)), 我々は、より多くの情報をここで見つけました https://qiita.com/Toru_Kubota/items/2c8a6f83baa4d599d435著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .