Preparation
Create program storage directory
sudo mkdir -p /home/docker/codimd
pull image
Pull the MariaDB database image
sudo docker pull linuxserver/mariadb:latest
Pull the Codimd mirror
sudo docker pull linuxserver/codimd:latest
Pulled two images, one database and one target program.
write docker-compose
Go to the target folder
cd /home/docker/codimd
Write docker-compose file
sudo vim docker-compose.yml
Write the following to the file
version: "3"
services:
mariadb:
image: linuxserver/mariadb:latest
container_name: codimd_mariadb
restart: always
volumes:
- ./db/config:/config
environment:
- MYSQL_ROOT_PASSWORD=testpassword
- MYSQL_DATABASE=codimd
- MYSQL_USER=codimd
- MYSQL_PASSWORD=testpassword
- PGID=1000
- PUID=1000
- TZ=Aisa/Shanghai
codimd:
image: linuxserver/codimd:latest
container_name: codimd
restart: always
depends_on:
- mariadb
volumes:
- ./codimd/config:/config
environment:
- DB_HOST=mariadb
- DB_USER=codimd
- DB_PASS=testpassword
- DB_NAME=codimd
- DB_PORT=3306
- PGID=1000
- PUID=1000
- TZ=Aisa/Shanghai
ports:
- "4525:3000"
数据库密码You can change according to your own needs, use heretestpassword
start compose
sudo docker-compose up -d
If you don't see red, the startup is successful.
open port
open system server port
I am here in the Ubuntu system, using the built-in UFW firewall
sudo ufw allow 4525 comment "Codimd在线Markdown"
Open Server Security Group Port
Open the security group of the server, set the inbound direction rule, add a rule for port 4525, and select TCP as the protocol.
Test Results
Open the browser http://IP:4525
Add domain name resolution
Open the domain name provider and add a record
- Record Type: A
- Host record: md
- Parsing request source: default
- Record value: IP address of own server
- TTL: 10 minutes
Add Nginx reverse proxy
sudo vim /usr/local/nginx/conf/conf.d/conf.default
Put the following content into the file
# Codimd在线Markdown
server {
listen 80;
server_name md.hikki.site;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name md.hikki.site;
ssl_certificate cert/md.hikki.site/cert.pem;
ssl_certificate_key cert/md.hikki.site/key.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#表示使用的加密套件的类型。
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型,您需要自行评估是否配置TLSv1.1协议。
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:4525;
}
}
Add SSL
Adding SSL mainly refers to this site: https://blog.hikki.site/2e63f4a4.html
All the following operations need to be performed under administrator privileges
Apply for domain name certificate
acme.sh --issue --dns dns_ali -d md.hikki.site
Create a certificate storage directory
mkdir -p /usr/local/nginx/conf/cert/md.hikki.site/
install certificate
acme.sh --install-cert -d md.hikki.site --key-file /usr/local/nginx/conf/cert/md.hikki.site/key.pem --fullchain-file /usr/local/nginx/conf/cert/md.hikki.site/cert.pem --reloadcmd "/usr/local/nginx/sbin/nginx -s reload"
access test
Visit https://md.hikki.site successfully.
close port
Domain name resolution has been configured above as a reverse proxy, so that port access is not required, and the port can be closed, reducing the number of exposed ports on the server and improving server security.
close system ports
I am here in the Ubuntu system, using the built-in UFW firewall
sudo ufw delete 4525
Close server security group port
Open the security group of the server, set the inbound direction rule, and delete the inbound port just added.