22:ssh远程访问端口,用于远程连接
80:访问默认端口,所以IP访问时不用加端口号,通常也是http协议的访问端口
443:网络安全端口,通常以https协议访问,常用于跳转
所以我们的思路是
nginx容器监听
80映射80 强路由到 443映射443 代理到其他 8080映射8080 等服务。
第一步
在主机找个文件夹用来挂载到nginx上用来存配置和文件
第二步
拷贝个默认的配置文件,放在config下
第三步
创建容器,加上挂载目录
docker run --name nginx -d -p 80:80 -p 443:443 -v /home/nginx/html:/usr/share/nginx/html -v /home/nginx/config/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/conf.d/:/etc/nginx/conf.d/ -v /home/nginx/logs/:/var/log/nginx/ -v /home/nginx/ssl/:/etc/ssl/ --privileged=true nginx
第四步
把文件copy出来,ssl证书先放进去
docker cp /home/nginx/ nginx:/etc/nginx/
第五步
修改配置文件
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
client_max_body_size 100m;
client_body_buffer_size 64k;
client_header_buffer_size 128k;
large_client_header_buffers 4 128k;
include mime.types;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www..cn;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl; # 1.1版本后这样写
server_name www..cn; #填写绑定证书的域名
ssl_certificate /etc/ssl/.cn_server.crt; # 指定证书的位置,绝对路径
ssl_certificate_key /etc/ssl/.cn_server.key; # 绝对路径,同上
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
location / {
proxy_pass http://:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 128k;
proxy_buffers 2 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
}
location // {
proxy_pass http://:80/;
}
}
include /etc/nginx/conf.d/*.conf;
}
第六步
先测试下在重启容器,
nginx -t
# 没问题restart
docker restart nginx