1.首先确保Linux环境上已经安装了docker(可参考VMware使用和Linux安装Docker_wmware直接部署linux和安装docker后-CSDN博客
2.通过docker 安装nginx(可参考Linux 环境安装Nginx—源码和Dokcer-CSDN博客)
3.安装SSL证书
3.1 在宿主机中创建证书目录并上传证书(主要是xxx.pem和xxx.key文件)
在nginx目录下创建cert/目录(/home/data/nginx/cert/),将证书放在cert/目录下
3.2修改Nginx配置文件(nginx.conf),修改与证书相关的配置内容
#user nobody;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 65535;
use epoll;
multi_accept on;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$host"';
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
client_max_body_size 10m;
upstream javaServerHost {
server 服务器ip:端口;
}
server {
listen 80 ssl;# 这里加上ssl
server_name 你的域名;
if ($request_method = 'OPTIONS') {
return 200;
}
#https证书
ssl_certificate "xxx.pem";#证书全路径
ssl_certificate_key "xxx.key";#证书全路径
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
#fastcgi_param HTTPS on;
#fastcgi_param HTTPS_SCHEME https;
#end
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Headers '*';
add_header Access-Control-Allow-Methods 'GET,POST,OPTIONS,PUT,DELETE';
#将所有HTTP请求通过rewrite指令重定向到HTTPS。
#rewrite ^(.*) https://$server_name$1 permanent;
#rewrite ^(.*)$ https://$host$1 permanent;
#return 301 https://$host$request_uri;
location / {
root /home/data/web/;
try_files $uri $uri/index.html =404;
}
location /api {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://javaServerHost;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X_Real_IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}3.3修改启动nginx脚本,重启nginx
port=8006
if [ -z $1 ]; then
echo 使用默认端口8006
else
port=$1
echo 使用指定端口$1
fi
docker rm -f 容器名称
docker run -d \
--name 容器名称 \
--ulimit nofile=65535:65535 \
--ulimit nproc=65535:65535 \
-v /home/data/xxx/web/:/home/data/web/ \
-v /home/data/xxx/nginx.conf:/etc/nginx/nginx.conf \
-v /home/data/xxx/nginx_cert/:/etc/nginx/cert/ \
-p $port:80 \
-e TZ=Asiz/Shanghai \
--restart=always \
nginx说明:/home/data/xxx/web/:/home/data/web/ 前者是服务器主机路径,后者是docker容器路径
使用:docker exec -it 容器名 /bin/bash 进入前容器
docker logs 容器名 查看日志
3.4验证SSL证书是否安装成功
