docker-compose创建nginx并部署ssl证书，阿里云ssl证书

阿里云有免费证书，地址：数字证书管理服务管理控制台 - 概览 (aliyun.com)

免费证书好像要达到什么条件才有，一般域名多肯定有的。

 官方基于nginx的教程：在Nginx或Tengine服务器上安装证书 (aliyun.com)

而我们，是要在docker基础上创建nginx并部署ssl，所以有两个东西不能搞错，文件映射和端口映射。笔者搞的时候就漏了443端口忘记映射所以不能成功卡了挺久。

废话不多说，直接上代码。

docker-compose.yml

version: '3.3'
services:
      nginx:
        image: nginx
        restart: always
        hostname: nginx
        container_name: nginx
        privileged: true
        ports:
          - 80:80
          - 443:443
        volumes:
          - /usr/local/docker-compose/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
          - /usr/local/docker-compose/nginx/conf.d/:/etc/nginx/conf.d/
          - /usr/local/docker-compose/nginx/www/:/usr/share/nginx/html/
          - /usr/local/docker-compose/nginx/logs/:/var/log/nginx/
          - /usr/local/docker-compose/nginx/ssl/:/etc/nginx/ssl/
          - /usr/local/kuaishou/:/usr/local/kuaishou/

ssl.conf,替换其中域名，路径不能错，一定要是容器nginx里的路径

server {
    listen 443 ssl;

    server_name baidu.com;
    root html;
    index index.html index.htm;
    ssl_certificate /etc/nginx/ssl/baidu.com.pem;  
    ssl_certificate_key /etc/nginx/ssl/baidu.com.key; 
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    location / {
        root html;
        index index.html index.htm;
    }
}

小白记得把nginx的配置nginx.conf改一下

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
}