docker nginx配置ssl http跳转https

注意：请打开443端口，ssl使用443端口。
ssl证书公司下载nginx配置文件（我是用的阿里云ssl证书），
然后服务器新建目录：
mkdir -p /root/binarydance/ssl，
mkdir -p /root/binarydance/conf/conf.d
mkdir -p /root/binarydance/conf
然后把.pem、.key文件拷贝进创建的目录。

/root/binarydance/ssl/如下：

/root/binarydance/ssl/9054326_tgz.binarydance.top.pem
/root/binarydance/ssl/9054326_tgz.binarydance.top.key

/root/binarydance/conf/nginx.conf（挂载容器外部的宿主机）：

• 宿主机/root/binarydance/conf/conf.d映射到容器内部/etc/nginx/conf.d：
  include /etc/nginx/conf.d/*.conf;

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid    /var/run/nginx.pid;


events {
  worker_connections 1024;
}


http {
  include    /etc/nginx/mime.types;
  default_type application/octet-stream;
  client_max_body_size 20m;
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
           '$status $body_bytes_sent "$http_referer" '
           '"$http_user_agent" "$http_x_forwarded_for"';

  access_log /var/log/nginx/access.log main;

  sendfile    on;
  #tcp_nopush   on;

  keepalive_timeout 65;
  #gzip on;
  #开启gzip压缩
  gzip on;
  #http的协议版本
  gzip_http_version 1.0;
  #IE版本1-6不支持gzip压缩，关闭
  gzip_disable 'MSIE[1-6].';
  #需要压缩的文件格式 text/html默认会压缩，不用添加
  gzip_types text/css text/javascript application/javascript image/jpeg image/jpg image/png image/gif;
  #设置压缩缓冲区大小，此处设置为4个8K内存作为压缩结果流缓存
  gzip_buffers 4 8k;
  #压缩文件最小大小
  gzip_min_length 1k;
  #压缩级别1-9
  gzip_comp_level 9;
  #给响应头加个vary，告知客户端能否缓存
  gzip_vary on;
  #反向代理时使用
  gzip_proxied off;
  
  #宿主机/root/binarydance/conf/conf.d映射的容器内部/etc/nginx/conf.d
  include /etc/nginx/conf.d/*.conf;
}

/root/binarydance/conf/conf.d/default.conf（挂载容器外部的宿主机）：

#配置https
server {
        #ssl监听443端口
        listen       443 ssl;
        server_name  tgz.binarydance.top;
        charset utf-8;

        #ssl的.pem、.key文件
        ssl on;
        ssl_certificate      /etc/nginx/ssl/9054326_tgz.binarydance.top.pem;
        ssl_certificate_key  /etc/nginx/ssl/9054326_tgz.binarydance.top.key;
        ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;

        location / {
            #后端服务：本机ip+本机端口
            proxy_pass http://154.8.232.150:8888;
            proxy_http_version 1.1;
            proxy_read_timeout   3600s;
            #启用支持websocket连接
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }
#配置http
server {
	      listen 80;
	      server_name tgz.binarydance.top;
	      charset utf-8;
	      #http跳转https
	      return 301 https://$server_name$request_uri;
}

启动docker nginx容器：

docker run -p 80:80 -p 443:443 --name nginx \
-v /root/binarydance/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /root/binarydance/conf/conf.d:/etc/nginx/conf.d \
-v /root/binarydance/ssl/9054326_tgz.binarydance.top.pem:/etc/nginx/ssl/9054326_tgz.binarydance.top.pem \
-v /root/binarydance/ssl/9054326_tgz.binarydance.top.key:/etc/nginx/ssl/9054326_tgz.binarydance.top.key \
-e TZ=Asia/Shanghai \
-d nginx