系统是Ubuntu 20.04,会用cerbot处理SSL证书。
参考官方指引:https://directus.io/docs/self-hosting/deploying#docker-compose-examples
安装Nginx参考:
安装Docker参考:
Docker部分
假设当前是在用户目录,创建文件夹:
mkdir -p directus/data/database
cd directus/
mkdir extenisons uploads创建配置文件docker-compose.yml及环境变量文件.env:
touch docker-compose.yml .env编辑docker-compose.yml:
nano docker-compose.yml编辑内容:
services:
database:
image: postgis/postgis:13-master
volumes:
- ./data/database:/var/lib/postgresql/data
environment:
POSTGRES_USER: "${POSTGRES_USER}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_DB: "${POSTGRES_DB}"
healthcheck:
test: ["CMD", "pg_isready", "--host=localhost", "--username=${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
start_interval: 5s
start_period: 30s
restart: unless-stopped
cache:
image: redis:6
healthcheck:
test: ["CMD-SHELL", "[ $$(redis-cli ping) = 'PONG' ]"]
interval: 10s
timeout: 5s
retries: 5
start_interval: 5s
start_period: 30s
restart: unless-stopped
directus:
image: directus/directus:11.7.2
ports:
- 8055:8055
volumes:
- ./uploads:/directus/uploads
- ./extensions:/directus/extensions
depends_on:
database:
condition: service_healthy
cache:
condition: service_healthy
environment:
SECRET: "${SECRET}"
DB_CLIENT: "pg"
DB_HOST: "database"
DB_PORT: "5432"
DB_DATABASE: "${POSTGRES_DB}"
DB_USER: "${POSTGRES_USER}"
DB_PASSWORD: "${POSTGRES_PASSWORD}"
CACHE_ENABLED: "true"
CACHE_AUTO_PURGE: "true"
CACHE_STORE: "redis"
REDIS: "redis://cache:6379"
ADMIN_EMAIL: "${ADMIN_EMAIL}"
ADMIN_PASSWORD: "${ADMIN_PASSWORD}"
PUBLIC_URL: "https://example.com"
restart: unless-stopped高亮部分类似${POSTGRES_USER}这种是引用环境变量,稍后在.env里定义,PUBLIC_URL这是设置要绑定的域名https://example.com,改成自己的域名,提前做好解析。
注意如果服务器是arm64架构(比如甲骨文云的A1 Flex),数据库的镜像要改成postgres:13-alpine:
services:
database:
image: postgres:13-alpine
...按ctrl+o、回车、ctrl+x保存退出。然后编辑.env:
nano .env写入:
POSTGRES_USER=directus
POSTGRES_PASSWORD=0S5Hs7K3o5iBGW9Qz3e2Dg!!
POSTGRES_DB=directus
ADMIN_EMAIL=username@example.com
ADMIN_PASSWORD=w9Qz3e2Dg!
SECRET=a7aed3179fe8fac059d9cdc026e50c86d28c47cf1170b59ba1090f607e28f42c高亮部分自行修改,ADMIN_EMAIL和ADMIN_PASSWORD分别设置的管理员用户登录邮箱和密码,密码和SECRET可以在终端运行下面的命令生成随机密码:
# 生成16位密码,生成后可手动添加一些特殊符号
openssl rand -base64 16
# 生成32位长SECRET
openssl rand -hex 32编辑完保存退出后,运行:
docker compose up -d查看:
docker ps如果有报错,查看日志:
docker logs <container_name>Nginx部分
省事的话直接在/etc/nginx/conf.d/目录下新建一个配置文件:
cd /etc/nginx/conf.d/
sudo nano example.com.conf编辑内容:
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:8055;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}ctrl+o、回车、ctrl+x,保存退出。
测试:
sudo nginx -t使用certbot申请SSL证书:
# 没安装certbot的话运行
sudo apt install certbot python3-certbot-nginx
# 申请证书
sudo certbot --nginx -d example.com申请过程中会让选择是否强制使用https,一般是y,顺利的话会自动更新nginx配置,更新后类似下面这样:
server {
server_name example.com;
location / {
proxy_pass http://localhost:8055;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}然后就可以通过https://example.com访问了。