docker 配置nginx支持https

端口映射需要加上443端口

docker run --name my-nginx-s -e TZ="Asia/Shanghai" -v /etc/localtime:/etc/localtime:ro -p 80:80 -p 443:443 -d my-nginx-s:1.0

负载均衡

upstream  console.yfjiaoyu.com {
       server   172.xx.xx.01:8989 weight=3;
       server   172.xx.xx.02:8989 weight=3;
}

http重定向或者重写到https

server{
	    listen       80;
        server_name  xxx.com;
        charset utf-8;
        #rewrite ^(.*)$  https://$host$1 permanent;
        rewrite ^/(.*) https://$server_name$request_uri? permanent;
} 

监听443端口,以及部分配置参数

server{
        listen    443;
        server_name   xxx.com;
        charset utf-8;
        ssl                         on;
        ssl_certificate             /etc/nginx/cert/xx.pem;
        ssl_certificate_key         /etc/nginx/cert/xx.key;
        ssl_session_cache           shared:SSL:10m;
        ssl_session_timeout         5m;
        ssl_protocols               SSLv3 TLSv1;
        ssl_ciphers                 HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
        ssl_prefer_server_ciphers   on;
        location /{
    			  proxy_pass        http://xxx.com;
    			  proxy_connect_timeout       5s;
    			  proxy_redirect   off;
    			  #proxy_read_timeout          20s;
    			  client_max_body_size    10m;#文件上传大小限制
    			  proxy_send_timeout 5s;
    			  # 传递真实IP到后端
                 proxy_set_header Host $host:$server_port;
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location ~ .*\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mov)$ {        #指定缓存文件类型
            expires 7d;      #设置浏览器过期时间
            root /nginx/static;                   #所有的缓存文件都会保存在这里html等等,他还会缓存文件夹,所以不用担心覆盖,但是要注意时效性
            proxy_store on;        #开启缓存机制
            proxy_store_access user:rw group:rw all:rw;       #缓存读写规则
            proxy_temp_path /nginx/static;             #存放静态文件的缓存目录
            #include proxy.conf;          # 外联proxy理的详细配置如proxy_set_header， client_max_body_size ....
            proxy_pass        http://xxx.com;
            # 传递真实IP到后端
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

后续

• 部署好重启之后，浏览器访问，有时候会出现The plain HTTP request was sent to HTTPS port错误，并且地址栏后面增加了:443/xx，命令行用curl -I https://xxxx.com查看一下 ,发现如下：
  
  此时只需要配置一下proxy_redirect即可，使其重定向回想要的地址：
  proxy_redirect ~^http://xxx.com:443(.*) http://xxx.com$1;