前言

购买服务器，申请域名，申请证书，下载nginx证书，这些操作我就不说了，百度一大把，我只说一下部署中碰到的问题

问题

我们是docker-compose上部署的后台前台环境，配置https证书，需要在nginx上部署，但是如果在nginx上部署，不一定成功，还需要在docker-compose.yml里配置端口，然后还要开启nginx网络配置，要不然监听不到443端口，还有配置防火墙，打开443端口，反正挺复杂的

标题

首先，要把证书放对位置，一定要看nginx错误日志，很多错误都能在里边看到，我就是因为放错了位置，导致不成功

 server{listen 443 ssl;#对应你的域名server_name app.bravechip.cn;ssl_certificate  /usr/share/nginx/html/cert/app.bravechip.cn.pem;ssl_certificate_key   /usr/share/nginx/html/cert/app.bravechip.cn.key;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;#自定义设置使用的TLS协议的类型以及加密套件（以下为配置示例，请您自行评估是否需要配置）#TLS协议版本越高，HTTPS通信的安全性越高，但是相较于低版本TLS协议，高版本TLS协议对浏览器的兼容性较差。ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;#表示优先使用服务端加密套件。默认开启ssl_prefer_server_ciphers on;location / {root   /usr/share/nginx/html/ring;# root   html;index  index.html index.htm;try_files $uri $uri/ /index.html;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404，两种写法，这里需要在下边配置router# try_files $uri $uri/ @router;}location /ChipletRing {alias   /usr/share/nginx/html/RingQRCode;# root   html;index  index.html index.htm;try_files $uri $uri/ /ChipletRing/index.html;}                 }server {listen       80;server_name  app.bravechip.cn;
#autoindex    on; #启用目录浏览rewrite ^(.*)$ https://$host$1;location / {root   /usr/share/nginx/html/ring;# root   html;index  index.html index.htm;try_files $uri $uri/ /index.html;}location /ChipletRing {alias   /usr/share/nginx/html/RingQRCode;# root   html;index  index.html index.htm;try_files $uri $uri/ /ChipletRing/index.html;}# location @router{#    rewrite ^.*$ /index.html last;#}#error_page  404              /404.html;# redirect server error pages to the static page /50x.html#error_page   500 502 503 504  /50x.html;location = /50x.html {root   /usr/share/nginx/html;}
}
}

这样配置好，你用netstat -ano ，会发现，nginx的端口监听有可能是空的，没有监听80和443，现在就要配置docker-compose.yml

#version: "3.9"
services:redis:image: bitnami/redis:7.2.2hostname: rediscontainer_name: redisrestart: always     # 开机自动重启privileged: trueports:- 6379:6379environment:REDIS_PASSWORD: xxxxTZ: Asia/Shanghaivolumes:- type: volumesource: redis-datatarget: /bitnami/redis/datavolume: { }mysql:image: mysql:latesthostname: mysqlrestart: alwaysprivileged: true #设置容器的权限为rootcontainer_name: mysqlvolumes:- /root/mysql/log:/var/log/mysql- /root/mysql/data:/var/lib/mysql- /root/mysql/conf.d:/etc/mysql/conf.d- /etc/localtime:/etc/localtime:ro# - ./my.cnf:/etc/mysql/my.cnfenvironment:MYSQL_ROOT_PASSWORD: xxxxports:- "3306:3306"nginx:image: nginx:latest    # 镜像名称container_name: nginx     # 容器名字restart: always     # 开机自动重启ports:- 80:80- 443:443privileged: truenetworks:- webnetvolumes:   # 目录映射（宿主机:容器内）- /root/nginx/nginx.conf:/etc/nginx/nginx.conf- /root/nginx/conf.d/:/etc/nginx/conf.d/- /root/nginx/html/:/usr/share/nginx/html/- /root/nginx/logs/:/var/log/nginx/ring:image: ring:1.0.0container_name: ring     # 容器名字restart: always     # 开机自动重启privileged: truedepends_on:- mysql- redisports:- 8080:8080environment:MYSQL_USER_NAME: rootMYSQL_PWD: xxxxMYSQL_DB_NAME: ring_xxxMYSQL_HOST: xxxxMYSQL_PORT: 3306REDIS_HOST: xxxxREDIS_PORT: 6379REDIS_PWD: xxxSERVER_PORT: 8080UPLOAD_PATH: /home/ring/uploadPath/volumes:- /root/ring/uploadPath/:/home/ring/uploadPath/
volumes:redis-data:name: media_service_redis-data
networks:webnet:driver: bridge

重点是两个，第一，nginx配置80和443端口，第二是配置networks
然后是打开防火墙，centos7上怎么打开防火墙，可以看这篇文章
nginx配置阿里云https的坑
以下文章是一些参考：
阿里云nginx配置https踩坑(配置完后访问显示无法访问此网站)
Linux防火墙报错：Failed to start firewalld.service Unit is masked

FirewallD is not running 原因与解决方法

解决 WARNING: Published ports are discarded when using host network mode 问题