docker-compose 启动命令
version: '3' services: https-nginx-server: image: nginx ports: - 80:80 container_name: 'https-nginx-server' volumes: - ./conf/nginx.conf:/etc/nginx/nginx.conf - ./conf/conf.d:/etc/nginx/conf.d - ./ssl:/etc/nginx/ssl network_mode: 'host' |
ps: 请事先将映射文件目录创建好
user nginx; error_log /var/log/nginx/error.log warn;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf;
|
利用 ssl 配置自签证书
- 使用openssl生成RSA私钥
openssl genrsa -des3 -out server.key 2048
- 创建证书签名请求CSR文件
openssl req -new -key server.key -out server.csr
- 生成CA证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- 服务器端的key里面的key剥离掉就好了
openssl rsa -in server.key -out server.key.unsecure
server { ssl_certificate /etc/nginx/ssl/server.crt; ssl_session_cache shared:SSL:1m; # 指定密码为openssl支持的格式 #ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式 #charset koi8-r; location / { #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # deny access to .htaccess files, if Apache's document root |