1. 首先将证书拷贝到容器中:
kubectl cp ./nginx.pem 容器名:/usr/local/nginx -n namespace
kubectl cp ./nginx-key.pem 容器名:/usr/local/nginx -n namespace
2.然后将nginx.conf配置文件拷贝到容器中:
kubectl cp ./nginx.conf 容器名:/usr/local/nginx -n namespace
3. 再在容器中的配置文件nginx.conf中,加入反向代理:
server {
listen 443 ssl; //监听的端口
server_name localhost; //你的域名
ssl on;
ssl_certificate /etc/nginx/bingodev-ssl/nginx.pem;
ssl_certificate_key /etc/nginx/bingodev-ssl/nginx-key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost:24000; //映射的端口
}
}
nginx -t
nginx -s reload
- 通过curl判断https是否可以访问
curl https://localhost:443 -k