docker 里tomcat + let's encrypt

先用docker建let's encrypt

sudo docker run --rm -p 80:80 -p 443:443 -v /etc/letsencrypt:/etc/letsencrypt quay.io/letsencrypt/letsencrypt auth --standalone -m email@domain --agree-tos -d example.com

此时已经生成let's encrypt 的证书

 

然后建立tomcat 这里用 openjdk 8 8.5版本

sudo docker   run -d -p 8443:8443 -p 8080:8080 -v /etc/letsencrypt:/etc/letsencrypt  --name my-tomcat-1 tomcat:8.5.57-jdk8-openjdk

 

然后进入container 修改tomcat的配置

 

sudo docker exec -i -t  containerID /bin/bash

 

进去后进入tomcat的配置文件夹

cd /usr/local/tomcat/conf/

然后修改server.xml

nano server.xml

 

在下面位置把注释去掉，并把example.com 换成你自己的域名

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<!-- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />-->
<Certificate certificateFile="/etc/letsencrypt/live/example.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/example.com/privkey.pem"
certificateChainFile="/etc/letsencrypt/live/example.com/chain.pem" />
</SSLHostConfig>
</Connector>

 

然后出来后重启一次docker

sudo docker restart containerID

搞定

 8443 就是https 端口