Docker配置Nginx支持SSL

1.Docker中拉取Nginx

1
docker pull nginx

2.宿主机中创建配置目录

cd /home
mkdir -p nginx/{ssl,logs}

说明:

ssl放域名对应证书

logs放nginx日志

3.复制默认配置文件

docker run --name nginx -p 80:80 -d nginx
docker cp nginx:/etc/nginx/conf.d /home/nginx
docker rm -f nginx

此时宿主机中conf.d文件夹具有了配置文件default.conf

4.修改配置文件

cd /home/nginx/conf.d
vim default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
server {
        listen 80;
        server_name www.abc.com.cn;
        rewrite ^(.*) https://$server_name$1 permanent;
}
     
server {
        listen 443;
        server_name www.abc.com.cn;
 
       access_log /var/log/nginx/abc.log;
       error_log /var/log/nginx/abc.log debug;
  
        ssl on;
        ssl_certificate  /etc/nginx/ssl/abc.com.cn_bundle.pem;
        ssl_certificate_key /etc/nginx/ssl/abc.com.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
  
        location / {
               proxy_set_header   X-Real-IP         $remote_addr;
               proxy_set_header   Host              $http_host;
               proxy_set_header   X-Forwarded-For       $proxy_add_x_forwarded_for;
               root   /usr/share/nginx/html;
               try_files $uri $uri/ /index.html;
        }
 
        location /api {
            proxy_pass http://192.168.0.1:9090;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
           
            # 支持websocket  
            proxy_http_version  1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
}

  

5.启动docker

docker run --name webrtc_nginx -p 443:443 -p 80:80 
-v /home/arrow/web:/usr/share/nginx/html
-v /home/nginx/conf.d:/etc/nginx/conf.d
-v /home/nginx/logs:/var/log/nginx/
-v /home/nginx/ssl:/etc/nginx/ssl/
--privileged=true -d --restart=always nginx

 

 

 

posted @   卓扬  阅读(503)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· DeepSeek 开源周回顾「GitHub 热点速览」
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
点击右上角即可分享
微信分享提示