在Docker 上使用 Nginx 配置https及wss

预先创建挂载文件

使用docker启动nginx时候需要提前创建好宿主机的挂载文件，文件会在挂载成功之后自动从nginx的容器中复制默认内容

# 创建配置文件
/mydata/nginx/conf/nginx.conf
# 证书的文件夹 
/mydata/nginx/cert
# 配置项目的配置文件夹
/mydata/nginx/conf.d
# nginx的默认静态文件夹
/mydata/nginx/html
# nginx的日志文件夹
/mydata/nginx/logs

运行并且挂载容器

docker run -p 80:80 -p 443:443  --name nginx01 --restart=always \
-v /mydata/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /mydata/nginx/cert:/etc/nginx/cert \
-v /mydata/nginx/conf.d:/etc/nginx/conf.d \
-v /mydata/nginx/html:/usr/share/nginx/html \
-v /mydata/nginx/logs:/var/log/nginx \
-d -it nginx

nginx.conf文件

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

default.conf文件

server{
	listen 80;
	listen  [::]:80;
       	charset 'utf-8';
      	server_name  域名;
       	rewrite ^(.*) https://$server_name$1 permanent;
       
       	error_page  404 /404.html; 
       	location = /404.html{
       	   root  /usr/share/nginx/html;
       	}
}


server{
       	listen 443 ssl;
       	server_name 域名;
		
		# 配置证书访问路径
       	ssl_certificate  */***.pem;
       	ssl_certificate_key */***.key;

		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  5m;

		ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置

		ssl_ciphers  HIGH:!aNULL:!MD5;
		ssl_prefer_server_ciphers  on;

		# 配置将https和wss协议的转发到服务器地址上去
		location / {
			proxy_pass http://服务器ip地址:端口号;  #通过配置端口指向部署websocker的项目
     		proxy_http_version 1.1;    
     		proxy_set_header Upgrade $http_upgrade;    
     		proxy_set_header Connection "Upgrade";    
     		proxy_set_header X-real-ip $remote_addr;
     		proxy_set_header X-Forwarded-For $remote_addr;
			proxy_read_timeout 600s;			#设置连接自动断开时间
	}
	
	error_page  404 /404.html;             
	location = /404.html {
        	root  /usr/share/nginx/html;
	}
}