随记-nginx docker + SSL 配置 - 配置等资源挂宿主机

随记-Nginx docker + SSL 配置 - 配置等资源挂宿主机等
笔者动手配置，随手写的笔者，保证可操作
话说现在padmon是不是已经有代替docker的趋势了，谁能告诉我一把？

配置前准备

# 拉取nginx镜像 
docker pull nginx #启动(暂时)
docker run -d --name nginx -p 1080:80 nginx 

#查看镜像 
docker ps 

#进入容器内部 
docker exec -it nginx /bin/bash 

# 找到nginx.conf所在的地址记住后用 
find / -name 'nginx.conf' # 这里以/etc/nginx/nginx.conf为例 

#退出容器
exit;

制作证书

安装openssl

#安装openssl
yum install -y openssl openssl-devel
mkdir /usr/local/nginx/cert -p 

制作密钥

cd /usr/local/nginx/cert 
openssl genrsa -out nxweb.key 2048 

制作证书

openssl req -new -x509 -days 3650 -key nxweb.key -out nxweb.crt
---可以一路回车，也可以和笔者一样填写一些信息---

Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:nx 
Organizational Unit Name (eg, section) []:nx 
Common Name (eg, your name or your server's hostname) []:nianxi.cc 
Email Address []:[email protected]

Jym 也可以去阿里云等站点申请免费证书，自己制作的证书会有“不安全”提示
如果是网站申请，则不需要这一步操作, 直接从平台上下载即可

配置

# 创建外部文件夹 
mkdir -p /usr/local/nginx/conf
mkdir -p /usr/local/nginx/logs
mkdir -p /usr/local/nginx/html # 将容器的配置文件 复制到 创建好的文件夹中 

docker cp nginx:/etc/nginx/nginx.conf /usr/local/nginx/conf/ 
docker cp nginx:/etc/nginx/conf.d/ /usr/local/nginx/conf/ 
docker cp nginx:/usr/share/nginx/html/ /usr/local/nginx/ 
docker cp nginx:/var/log/nginx /usr/local/nginx/logs

安装容器并启动

# 如之前有则则删除 
docker stop nginx && docker rm nginx 

# 安装 
docker run -d --name nginx -p 80:80 -p 443:443 \ 
-v /usr/local/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /usr/local/nginx/conf/conf.d:/etc/nginx/conf.d/ \ 
-v /usr/local/nginx/logs:/var/log/nginx \ 
-v /usr/local/nginx/html:/usr/share/nginx/html \ 
-v /usr/local/nginx/cert:/etc/nginx/cert \ 
-e TZ=Asia/Shanghai --privileged=true nginx

修改nginx.conf配置支持https

可去掉80或再做一个80转发至433的配置
笔者两者都留着

server {
    listen       80;
    listen  [::]:80;
    listen 443 ssl;
    listen  [::]:443 ssl;
    server_name  somedomain.cc;
    root   /usr/share/nginx/html;

    ssl_certificate cert/nxweb.crt;
    ssl_certificate_key cert/nxweb.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    location / {
       index  index.html;
       root   /usr/share/nginx/html;
       error_page 404 /index.html;
       try_files $uri $uri/ @default;
    }

     error_page 404 /404.html;
          location = /40x.html {
     }


      error_page 500 502 503 504 /50x.html;
           location = /50x.html {
      }


     location @default {
        rewrite ^.*$ /index.html last;
    }    

}

重新加载配置

#检验配置文件正确性 
docker exec nginx nginx -t 

#重新加载配置文件 
docker exec nginx nginx -s reload

测试

浏览器输入对应域名可