随记-Nginx docker + SSL 配置 - 配置等资源挂宿主机等
笔者动手配置,随手写的笔者,保证可操作
话说现在padmon是不是已经有代替docker的趋势了,谁能告诉我一把?
配置前准备
# 拉取nginx镜像
docker pull nginx #启动(暂时)
docker run -d --name nginx -p 1080:80 nginx #查看镜像
docker ps #进入容器内部
docker exec -it nginx /bin/bash # 找到nginx.conf所在的地址记住后用
find / -name 'nginx.conf' # 这里以/etc/nginx/nginx.conf为例 #退出容器
exit;制作证书
安装openssl
#安装openssl
yum install -y openssl openssl-devel
mkdir /usr/local/nginx/cert -p
制作密钥
cd /usr/local/nginx/cert
openssl genrsa -out nxweb.key 2048 制作证书
openssl req -new -x509 -days 3650 -key nxweb.key -out nxweb.crt
---可以一路回车,也可以和笔者一样填写一些信息---Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:nx
Organizational Unit Name (eg, section) []:nx
Common Name (eg, your name or your server's hostname) []:nianxi.cc
Email Address []:xlnian@nianxi.cc
Jym 也可以去阿里云等站点申请免费证书,自己制作的证书会有“不安全”提示
如果是网站申请,则不需要这一步操作, 直接从平台上下载即可
配置
# 创建外部文件夹
mkdir -p /usr/local/nginx/conf
mkdir -p /usr/local/nginx/logs
mkdir -p /usr/local/nginx/html # 将容器的配置文件 复制到 创建好的文件夹中 docker cp nginx:/etc/nginx/nginx.conf /usr/local/nginx/conf/
docker cp nginx:/etc/nginx/conf.d/ /usr/local/nginx/conf/
docker cp nginx:/usr/share/nginx/html/ /usr/local/nginx/
docker cp nginx:/var/log/nginx /usr/local/nginx/logs安装容器并启动
# 如之前有则则删除
docker stop nginx && docker rm nginx # 安装
docker run -d --name nginx -p 80:80 -p 443:443 \
-v /usr/local/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /usr/local/nginx/conf/conf.d:/etc/nginx/conf.d/ \
-v /usr/local/nginx/logs:/var/log/nginx \
-v /usr/local/nginx/html:/usr/share/nginx/html \
-v /usr/local/nginx/cert:/etc/nginx/cert \
-e TZ=Asia/Shanghai --privileged=true nginx修改nginx.conf配置支持https
可去掉80或再做一个80转发至433的配置
笔者两者都留着
server {listen 80;listen [::]:80;listen 443 ssl;listen [::]:443 ssl;server_name somedomain.cc;root /usr/share/nginx/html;ssl_certificate cert/nxweb.crt;ssl_certificate_key cert/nxweb.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;ssl_prefer_server_ciphers on;location / {index index.html;root /usr/share/nginx/html;error_page 404 /index.html;try_files $uri $uri/ @default;}error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}location @default {rewrite ^.*$ /index.html last;} }重新加载配置
#检验配置文件正确性
docker exec nginx nginx -t #重新加载配置文件
docker exec nginx nginx -s reload测试
浏览器输入对应域名可
