阅读 44

Nginx部署https

步骤一:创建Nginx目录 mkdir -p /home/nginx/www /home/nginx/logs /home/nginx/conf

步骤二:创建配置文件,在 /home/nginx/conf 文件夹下面创建一个叫 nginx.conf 的文件 user nginx; worker_processes 1;

error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid;

events { worker_connections 1024; }

http { include /etc/nginx/mime.types; default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

#gzip  on;

include /etc/nginx/conf.d/*.conf;
复制代码

}

步骤三:创建nginx容器 docker run -d -p 80:80 -p 443:443 --name nginx-server -v /home/nginx/www:/usr/share/nginx/html -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/logs:/var/log/nginx nginx-ssl

命令说明: -p 80:80: 将容器的 80 端口映射到主机的 80 端口。 -p 443:443: 将容器的 80 端口映射到主机的 443 端口。 --name nginx-server:将容器命名为 nginx-server。 -v /home/nginx/www:/usr/share/nginx/html:将我们自己创建的 www 目录挂载到容器的 /usr/share/nginx/html。 -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:将我们自己创建的 nginx.conf 挂载到容器的 /etc/nginx/nginx.conf。 -v /home/nginx/logs:/var/log/nginx:将我们自己创建的 logs 挂载到容器的 /var/log/nginx。

步骤四:配置ssl 在刚刚新建的nginx.conf文件里面插入下面内容,这里需要注意,是在http的目录下面插入。 server { listen 443 ssl; server_name paaa.top www.paaa.top; root /usr/share/nginx/html; ssl_certificate /ssl/1_www.paaa.top_bundle.crt; ssl_certificate_key /ssl/2_www.paaa.top.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:1m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;

location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
}
复制代码

}

server { listen 80; server_name pqoo.top www.paaa.top; rewrite ^ https://hosthost1 permanent; }

步骤五:拷贝证书 进入nginx的docker容器 docker exec -it nginx1.0 bash

docker cp /home/nginx/ssl/1_www.paaa.top_bundle.crt 0801812d0f29:/ssl docker cp /home/nginx/ssl/2_www.paaa.top.key 0801812d0f29:/ssl

由于我们的容器重启之后,里面的数据会全部丢失,所以需要重新生成新的镜像 docker ps -a (找到第一步中开启的容器 cuda8:v1.0对应的ID号 64bf662e18d6) docker commit 64bf662e18d6 wwy/cuda8:v2.0( wwy/cuda8:v2.0为新保存的镜像名字 ) docker images (查看是否有新的镜像生成)

创建完nginx容器之后 重新开启容器: docker start 9f011a1c11a7

完整的配置文件记录一下: user nginx; worker_processes 1;

error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid;

events { worker_connections 1024; }

http { include /etc/nginx/mime.types; default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

#gzip  on;

include /etc/nginx/conf.d/*.conf;

server {
listen       443 ssl;
server_name  paaa.top www.paaa.top;
root         /usr/share/nginx/html;
ssl_certificate      /ssl/1_www.paaa.top_bundle.crt;
ssl_certificate_key  /ssl/2_www.paaa.top.key;
ssl_session_timeout  5m;
ssl_session_cache    shared:SSL:1m;
ssl_ciphers          ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:aNULL:!MD5:!ADH:!RC4;
ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers  on;

location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
}
复制代码

}

server { listen 80; server_name paaa.top www.paaa.top; rewrite ^ https://hosthost1 permanent; } }

文章分类
后端
文章标签