$ sudo docker-compose up -d --scale php=2 WARNING: The "php" service is using the custom container name "app_server". Docker requires each container to have a unique name. Remove the custom name to scale the service. Creating app_server ... done Creating app_server ...
ERROR: for app_server Cannot create container for service php: Conflict. The container name "/app_server" is already in use by container "b4655b49084b30c3fe62bc26b87b997d2f4c6f2bc436594925d7560bxxxxxxxx". You have to remove (or rename) that container to be able to reuse that name.
ERROR: for php Cannot create container for service php: Conflict. The container name "/app_server" is already in use by container "b4655b49084b30c3fe62bc26b87b997d2f4c6f2bc436594925d7560bxxxxxxxx". You have to remove (or rename) that container to be able to reuse that name. ERROR: Encountered errors while bringing up the project.
# cgi-fcgi Missing application pathname Missing -connect <connName> Usage: cgi-fcgi -f <cmdPath> , or cgi-fcgi -connect <connName> <appPath> [<nServers>] , or cgi-fcgi -start -connect <connName> <appPath> [<nServers>] , or cgi-fcgi -bind -connect <connName> , where <connName> is either the pathname of a UNIX domain socket or (if -bind is given) a hostName:portNumber specification or (if -start is given) a :portNumber specification (uses local host).
mkdir /etc/nginx/server_certificates cd /etc/nginx/server_certificates
CA(Certification Authority)鍵を作成する
1 2 3 4 5 6 7
$ openssl genrsa -des3 -out server.key 4096 Generating RSA private key, 4096 bit long modulus (2 primes) ................................++++ ..++++ e is 65537 (0x010001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
CA(Certification Authority)証明書を作成する
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
$ openssl req -new -x509 -days 365 -key server.key -out server.crt Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []:Shibuya Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example, Inc. Organizational Unit Name (eg, section) []:Infra Common Name (e.g. server FQDN or YOUR name) []: Email Address []:
location / { root /usr/share/nginx/html; index index.html index.htm; }
クライアント認証
クライアント認証に使用するファイルの保存場所を作成する
1 2
mkdir /etc/nginx/client_certificates cd /etc/nginx/client_certificates
CA(Certification Authority)鍵を作成する
1 2 3 4 5 6 7
$ openssl genrsa -des3 -out ca.key 4096 Generating RSA private key, 4096 bit long modulus (2 primes) .........................................................................++++ ......++++ e is 65537 (0x010001) Enter pass phrase for ca.key: Verifying - Enter pass phrase for ca.key:
CA(Certification Authority)証明書を作成する
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt Enter pass phrase for ca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []:Shibuya-ku Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example, Inc. Organizational Unit Name (eg, section) []:Development section Common Name (e.g. server FQDN or YOUR name) []: Email Address []:
クライアント証明書を作成する
1 2 3 4 5 6 7
$ openssl genrsa -des3 -out user.key 4096 Generating RSA private key, 4096 bit long modulus (2 primes) ......................................................................................................................++++ .........................................................................................................................................................................................................++++ e is 65537 (0x010001) Enter pass phrase for user.key: Verifying - Enter pass phrase for user.key:
$ openssl req -new -key user.key -out user.csr Enter pass phrase for user.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Tokyo Locality Name (eg, city) []:Shibuya Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example, Inc. Organizational Unit Name (eg, section) []:Customer Support Common Name (e.g. server FQDN or YOUR name) []: Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
CSR(Certificate Signing Request)に署名する
1 2 3 4 5
$ openssl x509 -req -days 365 -in user.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out user.crt Signature ok subject=C = JP, ST = Tokyo, L = Shibuya, O = "Example, Inc.", OU = Customer Support Getting CA Private Key Enter pass phrase for ca.key:
PKCS(Public Key Cryptography Standards)を作成する
1 2 3 4
$ openssl pkcs12 -export -out user.pfx -inkey user.key -in user.crt -certfile ca.crt Enter pass phrase for user.key: Enter Export Password: Verifying - Enter Export Password: