注意:请打开443端口,ssl使用443端口。
ssl证书公司下载nginx配置文件(我是用的阿里云ssl证书),
然后服务器新建目录:
mkdir -p /root/binarydance/ssl
,
mkdir -p /root/binarydance/conf/conf.d
mkdir -p /root/binarydance/conf
然后把.pem、.key文件拷贝进创建的目录。
/root/binarydance/ssl/如下:
/root/binarydance/ssl/9054326_tgz.binarydance.top.pem
/root/binarydance/ssl/9054326_tgz.binarydance.top.key
/root/binarydance/conf/nginx.conf(挂载容器外部的宿主机):
- 宿主机/root/binarydance/conf/conf.d映射到容器内部/etc/nginx/conf.d:
include /etc/nginx/conf.d/*.conf;
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 20m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#开启gzip压缩
gzip on;
#http的协议版本
gzip_http_version 1.0;
#IE版本1-6不支持gzip压缩,关闭
gzip_disable 'MSIE[1-6].';
#需要压缩的文件格式 text/html默认会压缩,不用添加
gzip_types text/css text/javascript application/javascript image/jpeg image/jpg image/png image/gif;
#设置压缩缓冲区大小,此处设置为4个8K内存作为压缩结果流缓存
gzip_buffers 4 8k;
#压缩文件最小大小
gzip_min_length 1k;
#压缩级别1-9
gzip_comp_level 9;
#给响应头加个vary,告知客户端能否缓存
gzip_vary on;
#反向代理时使用
gzip_proxied off;
#宿主机/root/binarydance/conf/conf.d映射的容器内部/etc/nginx/conf.d
include /etc/nginx/conf.d/*.conf;
}
/root/binarydance/conf/conf.d/default.conf(挂载容器外部的宿主机):
#配置https
server {
#ssl监听443端口
listen 443 ssl;
server_name tgz.binarydance.top;
charset utf-8;
#ssl的.pem、.key文件
ssl on;
ssl_certificate /etc/nginx/ssl/9054326_tgz.binarydance.top.pem;
ssl_certificate_key /etc/nginx/ssl/9054326_tgz.binarydance.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
#后端服务:本机ip+本机端口
proxy_pass http://154.8.232.150:8888;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
#启用支持websocket连接
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
#配置http
server {
listen 80;
server_name tgz.binarydance.top;
charset utf-8;
#http跳转https
return 301 https://$server_name$request_uri;
}
启动docker nginx容器:
docker run -p 80:80 -p 443:443 --name nginx \
-v /root/binarydance/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /root/binarydance/conf/conf.d:/etc/nginx/conf.d \
-v /root/binarydance/ssl/9054326_tgz.binarydance.top.pem:/etc/nginx/ssl/9054326_tgz.binarydance.top.pem \
-v /root/binarydance/ssl/9054326_tgz.binarydance.top.key:/etc/nginx/ssl/9054326_tgz.binarydance.top.key \
-e TZ=Asia/Shanghai \
-d nginx