AWS ECS生产Docker部署 [英] AWS ECS Production Docker Deployment
问题描述
我最近开始在自己的个人网站上使用Docker.因此,我的网站设计基本上是
I've recently started using Docker for my own personal website. So the design my website is basically
Nginx->前端->后端->数据库
当前,数据库是使用AWS RDS托管的.所以我们可以暂时忽略它.
Currently, the database is hosted using AWS RDS. So we can leave that out for now.
所以这是我的问题
-
我目前将我的应用程序划分到不同的存储库中.前端和后端.
I currently have my application separated into different repository. Frontend and Backend respectively.
- 我应在何处存储"root" docker-compose.yml文件.我无法决定将其存储在前端/后端存储库中.
在docker-compose.yml文件中,nginx服务可以从我的前端服务中挂载没有任何端口的卷并提供该目录吗?
In a docker-compose.yml file, Can the nginx serve mount a volume from my frontend service without any ports and serve that directory?
我已经尝试了很多天,但是我似乎无法在我的ECS Cluster中使用我的3层应用程序使用Docker部署适当的产品.有什么我可以参考的好例子nginx.conf吗?
I have been trying for so many days but I can't seem to deploy a proper production with Docker with my 3 tier application in ECS Cluster. Is there any good example nginx.conf that I can refer to?
我如何自动对我的域进行SSL?
How do I auto-SSL my domain?
谢谢你们!
推荐答案
我的"root" docker-compose.yml文件应存储在哪里.
Where should I store my 'root' docker-compose.yml file.
许多组织使用顶级存储库,该存储库用于存储与基础架构相关的元数据,例如CloudFormation模板和docker-compose.yml文件.所以会是这样.因此,开发人员首先克隆顶层仓库,理想情况下,该仓库包含子模块或工具,用于下拉每个子组件或微服务的子仓库.
Many orgs use a top level repo which is used for storing infrastructure related metadata such as CloudFormation templates, and docker-compose.yml files. So it would be something like. So devs clone the top level repo first, and that repo ideally contains either submodules or tooling for pulling down the sub repos for each sub component or microservice.
在docker-compose.yml文件中,nginx服务可以从我的前端服务中挂载没有任何端口的卷并提供该目录吗?
In a docker-compose.yml file, Can the nginx serve mount a volume from my frontend service without any ports and serve that directory?
是的,您可以执行此操作,但这将很危险,并且磁盘将成为瓶颈.如果您打算从前端服务中获取内容并由Nginx提供内容,则应通过端口将前端服务链接到Nginx服务器,然后将Nginx设置为应用程序容器前面的反向代理.您还可以配置Nginx将内容从前端服务器缓存到磁盘卷(如果内容太多而无法容纳在内存中).代替使用磁盘作为通信链接,这将是一种更安全的方法.以下是如何在AWS ECS上配置此类反向代理的示例:
Yes you could do this but it would be dangerous and the disk would be a bottleneck. If your intention is to get content from the frontend service, and have it served by Nginx then you should link your frontend service via a port to your Nginx server, and setup your Nginx as a reverse proxy in front of your application container. You can also configure Nginx to cache the content from your frontend server to a disk volume (if it is too much content to fit in memory). This will be a safer way instead of using the disk as the communication link. Here is an example of how to configure such a reverse proxy on AWS ECS: https://github.com/awslabs/ecs-nginx-reverse-proxy/tree/master/reverse-proxy
在ECS群集中,我似乎无法在我的3层应用程序中使用Docker部署适当的产品.有什么可以参考的好例子nginx.conf吗?
I can't seem to deploy a proper production with Docker with my 3 tier application in ECS Cluster. Is there any good example nginx.conf that I can refer to?
我最后一个答案中的链接包含一个应该有用的示例nginx.conf,以及一个示例任务定义,用于在Amazon ECS上部署彼此链接的应用程序容器和nginx容器.
The link in my last answer contains a sample nginx.conf that should be helpful, as well as a sample task definition for deploying an application container as well as a nginx container, linked to each other, on Amazon ECS.
如何自动对我的域进行SSL加密?
How do I auto-SSL my domain?
如果您使用的是AWS,获得SSL的最佳方法是使用Application Load Balancer(ALB)的内置SSL终止功能.AWS ECS与ALB集成为一种将Web流量获取到您的容器的方式.ALB还与Amazon证书管理器( https://aws.amazon.com/certificate-manager/)此服务将为您提供免费的SSL证书,该证书会自动更新.这样,您不必担心SSL证书会再次过期,因为它只是在您的ALB中自动更新和更新的.
If you are on AWS the best way to get SSL is to use the built in SSL termination capabilities of the Application Load Balancer (ALB). AWS ECS integrates with ALB as a way to get web traffic to your containers. ALB also integrates with Amazon certificate manager (https://aws.amazon.com/certificate-manager/) This service will give you a free SSL certificate which automatically updates. This way you don't have to worry about your SSL certificate expiring ever again, because its just automatically renewed and updated in your ALB.
这篇关于AWS ECS生产Docker部署的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
