1.首先确保Linux环境上已经安装了docker(可参考Linux安装Docker-CSDN博客)
2.通过docker 安装nginx(可参考Linux 环境安装Nginx—源码和Dokcer两种安装方式-CSDN博客)
3.安装SSL证书
3.1 在宿主机中创建证书目录并上传证书(主要是xxx.pem和xxx.key文件)
在nginx目录下创建cert/目录(/home/data/nginx/cert/),将证书放在cert/目录下
3.2修改Nginx配置文件(nginx.conf),修改与证书相关的配置内容
#user nobody;
worker_processes auto;#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 65535;use epoll;multi_accept on;accept_mutex off;
}http {include mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for" "$host"';sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;client_max_body_size 10m;upstream javaServerHost {server 服务器ip:端口;}server {listen 80 ssl;# 这里加上sslserver_name 你的域名;if ($request_method = 'OPTIONS') {return 200;}#https证书ssl_certificate "xxx.pem";#证书全路径ssl_certificate_key "xxx.key";#证书全路径ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:1m;#fastcgi_param HTTPS on;#fastcgi_param HTTPS_SCHEME https;#endadd_header Access-Control-Allow-Origin '*';add_header Access-Control-Allow-Headers '*';add_header Access-Control-Allow-Methods 'GET,POST,OPTIONS,PUT,DELETE';#将所有HTTP请求通过rewrite指令重定向到HTTPS。#rewrite ^(.*) https://$server_name$1 permanent;#rewrite ^(.*)$ https://$host$1 permanent;#return 301 https://$host$request_uri;location / {root /home/data/web/;try_files $uri $uri/index.html =404;}location /api {rewrite ^/api/(.*)$ /$1 break;proxy_pass http://javaServerHost;proxy_redirect off;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_set_header X_Real_IP $remote_addr;proxy_set_header Host $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_read_timeout 300;proxy_send_timeout 300;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}}
}
3.3修改启动nginx脚本,重启nginx
port=8006if [ -z $1 ]; thenecho 使用默认端口8006
elseport=$1echo 使用指定端口$1
fidocker rm -f 容器名称docker run -d \
--name 容器名称 \
--ulimit nofile=65535:65535 \
--ulimit nproc=65535:65535 \
-v /home/data/xxx/web/:/home/data/web/ \
-v /home/data/xxx/nginx.conf:/etc/nginx/nginx.conf \
-v /home/data/xxx/nginx_cert/:/etc/nginx/cert/ \
-p $port:80 \
-e TZ=Asiz/Shanghai \
--restart=always \
nginx
说明:/home/data/xxx/web/:/home/data/web/ 前者是服务器主机路径,后者是docker容器路径
使用:docker exec -it 容器名 /bin/bash 进入前容器
docker logs 容器名 查看日志
3.4验证SSL证书是否安装成功