ssl的证书是通过docker nginx letsencrypt 这篇随笔生成的,下面介绍如何在nginx中添加ssl
这个为全部配置, 需要替换你自己的域名,配置中强制https了
server { listen 80; server_name xxx.cn www.xxx.cn; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name xxx.cn www.xxx.cn; #填写绑定证书的域名 ssl_certificate /etc/letsencrypt/live/xxx.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.cn/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; charset utf-8; access_log /var/log/nginx/xxx.access.log main; error_log /var/log/nginx/xxx.error.log warn; #对 / 所有做负载均衡+反向代理 location / { proxy_pass http://127.0.0.1:83; } #静态文件,nginx自己处理,不去backend请求 location /media { alias /data/xxx/media; } location /static { alias /data/xxx/static; }
location ~ /.well-known{ # https证书自动更新 proxy_pass http://127.0.0.1:88; # certon自动更新接口 } }
ssl_certificate /etc/letsencrypt/live/xxx.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.cn/privkey.pem;
是证书的绝对路径。
另外附上nginx的docker-compose配置
version: '3' services: web: image: nginx container_name: nginx.web restart: always volumes: - ./nginx.conf:/etc/nginx/nginx.conf - ./log/nginx:/var/log/nginx - ./conf.d:/etc/nginx/conf.d - ./ssl:/etc/letsencrypt:ro ports: - "80:80" - "443:443" network_mode: "host"
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
