引言
在nginx默认的设置中,它只会监听80端口,这意味我们并不能使用https协议,这个时候就算我们的域名申请了SSL证书,我们的网站也是会被显示为不安全网站,于是我们手动将SSL证书部署到我们的服务器上。
具体步骤
首先从云服务商域名部分申请免费的SSL证书,时效为一年,下载nginx使用证书,并上传到我们的docker挂载目录的/var/lib/docker/volumes/nginx_conf/_data目录下
cd /var/lib/docker/volumes/nginx_conf/_data/
mkdir ssl
使用stp工具上传证书到ssl文件夹下
进入我们的docker挂载目录 /var/lib/docker/volumes/nginx_conf/_data/conf.d, 找到default.conf文件
vim default.conf
编辑
# port 443 ssl
server {
listen 443 ssl; # Litsen https 443 need to add ssl certificate
server_name www.YourDomainName.cn; # Your domain name
ssl_certificate /etc/nginx/ssl/YourDomainName.cn_bundle.crt; # The route of certificate
ssl_certificate_key /etc/nginx/ssl/YourDomainName.cn.key; # The route of certificate_key
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://www.YourDomainName.cn:9999; # The route of Dai Li Lu Jing
}
# error page
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html/cat;
}
# location /cat/ {
# alias /usr/share/nginx/html/cat/;
# }
error_page 500 /500.html;
location = /500.html {
root /usr/share/nginx/html/cat;
}
error_page 502 /502.html;
location = /502.html {
root /usr/share/nginx/html/cat;
}
error_page 503 /503.html;
location = /503.html {
root /usr/share/nginx/html/cat;
}
error_page 504 /504.html;
location = /504.html {
root /usr/share/nginx/html/cat;
}
}
# port 80
server {
listen 80;
listen [::]:80;
server_name www.YourDomainName.cn;
#access_log /var/log/nginx/host.access.log main;
location / {
# root /usr/share/nginx/html; # default index, stored for back-up. Must make the line "index" actively with itself.
# root /usr/share/nginx/html/cat;
# index index.html index.htm; # default index.htm page
proxy_pass http://www.YourDomainName.cn:9999;
}
# error page
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html/cat;
}
# location /cat/ {
# alias /usr/share/nginx/html/cat/;
# }
error_page 500 /500.html;
location = /500.html {
root /usr/share/nginx/html/cat;
}
error_page 502 /502.html;
location = /502.html {
root /usr/share/nginx/html/cat;
}
error_page 503 /503.html;
location = /503.html {
root /usr/share/nginx/html/cat;
}
error_page 504 /504.html;
location = /504.html {
root /usr/share/nginx/html/cat;
}
# redirect server error pages to the static page /50x.html
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
进入容器测试是否成功
docker exec -it nginx bash
nginx -t
此时若出现
[warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in
删除ssl on即可
重启nginx,成功
docker restart nginx