使用Docker安装的nginx配置HTTPS证书

创建容器 ,启动docker后台运行

docker run -p 80:80 --name five-nginx -p 443:443 -v /data/nginx/cert:/etc/nginx/cert -v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /data/nginx/html:/usr/share/nginx/html -v /data/nginx/log:/var/log/nginx -d nginx

配置nginx文件

/data/nginx/conf/nginx.conf
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
  
    server {
  		listen 80;
  		server_name www;
  		return 301 https://$host$request_uri;
  	}
  	server {
  		listen 443;
  		server_name www.;
  		 
  		ssl on;
  		index index.html;
  		ssl_certificate   /etc/nginx/cert/1637167_www..pem;
  		ssl_certificate_key  /etc/nginx/cert/1637167_www..key;
  		ssl_session_timeout 5m;
  		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  		ssl_prefer_server_ciphers on;
  	 
  		location / {
  			proxy_set_header X-Forwarded-Host $host;
  			proxy_set_header X-Forwarded-Proto $scheme;
  			proxy_set_header X-Real-IP $remote_addr;
  			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  			proxy_set_header Host $http_host;
  			proxy_redirect off;
  			expires off;
  			sendfile off;
  			proxy_pass http://www..work;
  		}
  		
  #		location /xsp/ {		#路由访问路径server1到集群1
  #           proxy_set_header X-Forwarded-Host $host;
  #			proxy_set_header X-Forwarded-Proto $scheme;
  #			proxy_set_header X-Real-IP $remote_addr;
  #			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  #			proxy_set_header Host $http_host;
  #			proxy_redirect off;
  #			expires off;
  #			sendfile off;
  #			proxy_pass http://upstream_xsp;
  #        }
  	  }

    upstream www.ylbx.work{
       server 127.0.0.1:8080;
    }
}

把cert阿里云中下载的crt,key放入指定的目录cert中。

/data/nginx/cert/

使用Docker安装的nginx配置HTTPS证书_第1张图片

你可能感兴趣的:(Linux)