docker nginx https配置【openssl】

docker-compose 启动命令

docker-compose.yml
version: '3'
services:
        https-nginx-server:
                image: nginx
                ports:
                        - 80:80
                container_name: 'https-nginx-server'
                volumes:
                        - ./conf/nginx.conf:/etc/nginx/nginx.conf
                        - ./conf/conf.d:/etc/nginx/conf.d
                        - ./ssl:/etc/nginx/ssl
                network_mode: 'host'

 

ps: 请事先将映射文件目录创建好 

nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

利用 ssl 配置自签证书

  •  使用openssl生成RSA私钥
openssl genrsa -des3 -out server.key 2048
  • 创建证书签名请求CSR文件
openssl req -new -key server.key -out server.csr
  • 生成CA证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • 服务器端的key里面的key剥离掉就好了
openssl rsa -in server.key -out server.key.unsecure

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

default.conf

server {
    #listen       80;
    listen       443 ssl;
    server_name  www.hncy.com;

    ssl_certificate      /etc/nginx/ssl/server.crt;
    ssl_certificate_key    /etc/nginx/ssl/server.key.unsecure;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    # 指定密码为openssl支持的格式
    ssl_protocols  SSLv2 SSLv3 TLSv1.2;

    #ssl_ciphers  HIGH:!aNULL:!MD5;  # 密码加密方式
    ssl_prefer_server_ciphers  on;   # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}

你可能感兴趣的:(nginx)