SSL基础:27:支持https的Nginx镜像(Alpine版)

在这里插入图片描述
前一篇文章介绍了如何使用OpenSSL为nginx服务生成所要使用的证书,这篇文章将继续将运行在普通nginx镜像中的https服务集成到Alpine版本的nginx镜像中。我们将在nginx的alpine镜像的基础之上,安装openssl,然后为此镜像提供一个证书生成工具,并默认配置一个启动即可运行的证书。

下载镜像

下载镜像:docker pull liumiaocn/nginx:alpinessl1.17.6

可以看到普通nginx镜像大小超过达到126MB,而添加了OpenSSL的alpine镜像仅仅23.8MB。

liumiaocn:https liumiao$ docker images |grep nginx
liumiaocn/nginx                                 alpinessl1.17.6                 3ffb2b4f6a12        About an hour ago   23.8MB
nginx                                           latest                          231d40e811cd        3 weeks ago         126MB
liumiaocn:https liumiao$ 

启动nginx服务

liumiaocn:Desktop liumiao$ docker run -d -p 6443:443 --name=nginx liumiaocn/nginx:alpinessl1.17.6
4baa6eb3b90414743f8503519fe05fd6ebfcff4ad4721e64fe9af0cc3461aef1
liumiaocn:Desktop liumiao$ docker ps |grep nginx
4baa6eb3b904        liumiaocn/nginx:alpinessl1.17.6   "nginx -g 'daemon of…"   5 seconds ago       Up 4 seconds        80/tcp, 0.0.0.0:6443->443/tcp   nginx
liumiaocn:Desktop liumiao$ 

设定/etc/hosts

liumiaocn:https liumiao$ sudo vi /etc/hosts
Password:
liumiaocn:https liumiao$ grep devops.com /etc/hosts
127.0.0.1      www.devops.com
liumiaocn:https liumiao$

获取证书并添加至KeyChain Access中

  • 获取证书
liumiaocn:Desktop liumiao$ docker cp nginx:/etc/nginx/ssl/server.crt .
liumiaocn:Desktop liumiao$ ls server.crt
server.crt
liumiaocn:Desktop liumiao$ 
  • 确认证书内容
liumiaocn:Desktop liumiao$ openssl x509 -noout -in server.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:c4:9d:61:15:98:a6:ff:b5:2d:2c:8b:48:aa:35:2a:68:07:95:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=LiaoNing, L=DaLian, O=devops, OU=unicorn, CN=www.devops.com
        Validity
            Not Before: Dec 16 12:28:13 2019 GMT
            Not After : Dec 15 12:28:13 2020 GMT
        Subject: C=CN, ST=LiaoNing, L=DaLian, O=devops, OU=unicorn, CN=www.devops.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cc:b1:5f:34:e0:2e:86:d9:2a:74:7f:13:60:aa:
                    63:98:03:5b:33:00:df:28:fa:bf:0d:40:b7:bb:aa:
                    70:bd:ef:03:2c:58:7d:d9:2f:85:4d:87:18:2f:f2:
                    b4:4d:f3:4f:2d:e7:b3:c8:c7:f3:f5:b6:1a:68:7e:
                    62:09:60:62:97:ec:ad:1a:f5:e7:8e:0e:56:60:c0:
                    68:1f:88:47:9b:0f:97:20:9b:0d:9a:c3:df:f9:11:
                    e9:c8:dc:3c:e1:1c:12:dc:f0:9b:45:ec:e0:2a:b8:
                    bb:40:50:2c:1b:46:b1:7d:a2:8a:76:98:b8:28:6b:
                    4b:7b:5f:7a:23:a4:56:31:f4:a6:b6:fa:64:d8:33:
                    55:47:4e:70:78:4a:6e:3a:2a:50:06:49:ab:0d:75:
                    bb:c5:b6:5c:2c:15:e4:ef:b3:2f:cf:cb:13:a8:8e:
                    4a:07:94:38:5c:60:4c:17:6a:ee:79:ae:ad:7c:70:
                    9b:65:da:af:95:3d:0f:f4:71:60:c5:fc:3d:0b:cb:
                    31:5d:d7:10:0f:3f:ed:52:da:8e:ea:64:70:3a:d4:
                    60:81:d4:e5:ec:fb:04:d6:7a:5c:68:05:50:24:ec:
                    b8:28:66:6e:83:1e:6f:7f:e3:ba:3c:26:db:9a:fe:
                    05:df:77:9e:b7:6b:7d:8f:2f:7f:86:59:d9:21:98:
                    77:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                DirName:/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=unicorn/CN=www.devops.com
                serial:50:E9:ED:3D:13:64:A1:BC:2B:DC:F0:F4:10:34:3E:3C:FD:8B:AA:ED

            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Key Encipherment, Data Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Alternative Name: 
                DNS:www.devops.com
    Signature Algorithm: sha256WithRSAEncryption
         48:41:18:ee:5f:d3:82:87:47:45:29:d3:d4:93:97:28:91:a5:
         20:2f:44:56:79:24:76:6b:e4:9c:06:aa:a1:60:be:af:81:0f:
         29:06:71:e0:1f:68:9e:1d:6b:08:88:c1:72:48:37:b2:4a:df:
         12:90:31:e3:a4:be:a1:e6:1b:e7:0b:df:77:5f:5f:a3:18:c0:
         a0:e7:aa:23:df:52:6d:ca:23:a6:13:09:ea:69:02:11:bc:08:
         37:88:ad:04:f7:6f:21:25:ec:c5:dd:a4:15:5b:af:83:1f:4c:
         95:2d:2c:5e:f5:d4:22:72:16:5f:d2:4e:a0:ea:bc:77:b7:07:
         4e:e2:05:b7:2f:94:dc:7f:a0:ed:90:82:88:c1:18:e3:a2:c9:
         99:8c:a7:91:9f:6a:58:92:9c:87:08:1e:95:85:92:b4:5e:35:
         43:07:31:4f:ad:7b:54:42:05:2a:ea:17:e3:3b:cd:22:7f:c2:
         d0:53:1f:c6:f3:6b:c6:33:cd:61:ca:b7:a0:8a:a2:39:53:58:
         46:5a:b9:07:b7:1c:a9:cb:79:61:0d:b4:e5:a7:4f:d6:b8:bd:
         9c:9a:39:8f:a3:7c:6b:c5:47:27:51:82:40:bb:f6:eb:d1:4f:
         53:ba:10:d4:8f:a6:f6:d3:a6:c5:da:dd:5c:32:ed:4d:b9:77:
         4d:0f:e3:12
liumiaocn:Desktop liumiao$ 
  • 添加至Key Chain Access中
    在这里插入图片描述

结果确认

使用https://www.devops.com:8443/访问,可以看到如下页面信息,说明nginx的https服务已经正常可用。
在这里插入图片描述

淼叔 CSDN认证博客专家 神经网络 TensorFlow NLP
资深架构师,PMP、OCP、CSM、HPE University讲师,EXIN DevOps Professional与DevOps Master认证讲师,曾担任HPE GD China DevOps & Agile Leader,帮助企业级客户提供DevOps咨询培训以及实施指导。熟悉通信和金融领域,有超过十年金融外汇行业的架构设计、开发、维护经验,在十几年的IT从业生涯中拥有了软件开发设计领域接近全生命周期的经验和知识积累,著有企业级DevOps技术与工具实战。
已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 数字20 设计师:CSDN官方博客 返回首页