Compose常用字段
Compose常用命令
compose实例
搭建nginx且配置ssl认证
目标数据结构
编辑yml文件: vim /root/compose_nginx/docker-compose.yml
version : '3'
services :
nginx :
hostname : nginx
build :
context : ./nginx
dockerfile : Dockerfile
ports:
- 2288:80
- 2299:443
networks:
- cluster
volumes:
- ./wwwroot:/usr/local/nginx/html
networks:
cluster:
构建网页文件:echo "this is mogu web" > ./wwwroot/index.htm
构建nginx.conf文件
server {
listen 443 ssl;
server_name www.mogu.com;
charset utf-8;
access_log logs/www.mogu.com.access.log;
ssl_certificate /home/nginx/zhengshu/server.crt;
ssl_certificate_key /usr/local/CA/local.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
创建生成CA证书的存放路径并进入: mkdir -p /home/nginx/zhengshu cd /home/nginx/zhengshu/
生成私钥: openssl genrsa -des3 -out server.key 2048
查看私钥: openssl rsa -text -in server.key 或直接cat
删除私钥密码 :openssl rsa -in server.key -out server.key
生成CSR请求文件 : openssl req -new -key server.key -out server.csr
查看CSR文件内容 :openssl req -text -in server.csr
生成CA证书 :openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
将证书生成的CA文件和私钥文件全都位移到nginx目录下 :mv server.key /opt/nginx_compose/nginx mv server.crt /opt/nginx_compose/nginx
创建Dockerfile文件并生成镜像 docker build -t nginx:ssssl
FROM centos:7
MAINTAINER this is nginx image <nginx>
RUN yum -y install openssl openssl-devel
RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make;useradd -M -s /sbin/nologin nginx
ADD nginx-1.12.2.tar.gz /usr/local/src/
WORKDIR /usr/local/src/nginx-1.12.2
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module \
--with-http_ssl_module;make -j 4 && make install
ENV PATH /usr/local/nginx/sbin:$PATH
ADD nginx.conf /usr/local/nginx/conf/
ADD server.crt /home/nginx/zhengshu/server.crt
ADD server.key /home/nginx/zhengshu/server.key
RUN chmod 777 -R /usr/local/nginx/html/
EXPOSE 80
EXPOSE 443
VOLUME [ "/usr/local/nginx/html/" ]
CMD [ "/usr/local/nginx/sbin/nginx","-g","daemon off;" ]
启动镜像指定为主机模式(绝对不是我想偷懒)docker run -d nginx:ssssl
访问结果