ローカル環境開発を acme.sh + docker compose で実現する
色々試しつつも、最終的に落ち着いた。次のような感じ。
localhost.sandbox.directoryの証明書を acme.sh で取得localhost.sandbox.directoryの A レコードに 127.0.0.1 をセットする- 証明書は nginx のコンテナに volume mount する
1. acme.sh で証明書を取得
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
❯ ~/.acme.sh/acme.sh --issue -k ec-256 -d 'localhost.sandbox.directory' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please # ↑で取得した TXT レコードを localhost.sandbox.directory に設定する ❯ ~/.acme.sh/acme.sh --renew --ecc -k ec-256 -d 'localhost.sandbox.directory' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
2. docker-compose で証明書をマウント
❯ cp -a ~/.acme.sh/localhost.sandbox.directory.in_ecc/* nginx/certs/
❯ cat docker-compose.yml
version: '3'
services:
web:
image: nginx:1.21.0
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./nginx/certs:/etc/nginx/certs
ports:
- "8443:443"
depends_on:
- php
links:
- php
php:
image: php:7-fpm
volumes:
- ./app:/app
❯ cat nginx/default.conf
server {
index index.php index.html;
listen 443 ssl;
server_name localhost.sandbox.directory;
ssl_certificate /etc/nginx/certs/fullchain.cer;
ssl_certificate_key /etc/nginx/certs/localhost.sandbox.directory.key;
root /app;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
