通过docker挂载目录安装nginx和SSL证书的配置
一、通过docker挂载目录安装nginx
1.利用docker拉取nginx镜像
2.创建需要挂载的相应的挂载目录
1 2 3 4 5 6 7
| mkdir ~ nginx/conf
mkdir ~ nginx/conf/conf.d
mkdir ~ nginx/html
mkdir ~ nginx/logs
|
3.创建nginx.conf配置文件
1
| vim /root/nginx/conf/nginx.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
| user nginx; worker_processes 1;
error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid;
events { worker_connections 1024; }
http { include /etc/nginx/mime.types; default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
|
4.创建default.conf配置文件
1
| vim /root/nginx/conf/conf.d/default.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
| server { listen 80;
server_name localhost;
location / { proxy_pass https://www.baidu.com; }
error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
|
以上配置以反向代理到百度为例
5.创建docker容器
1
| docker run -id --name nginx -p 80:80 -p 443:443 -v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf -v $PWD/html:/etc/nginx/html -v $PWD/logs:/var/log/nginx -v $PWD/conf/conf.d:/etc/nginx/conf.d nginx
|
说明:以上命令出了绑定80端口还绑定了443端口,443端口是用来使用ssl证书的,没有可以不用开放
二、Nginx配置SSL证书
1.下载SSL证书
下载Nginx使用的证书,并把名字统一改为ssl.pem
和ssl.key
2.将证书文件上传到Linux服务器
把ssl.pem
和ssl.key
文件上传到/root/nginx/conf/conf.d
目录下
3.修改default.conf配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
| server { listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1;
location / {
proxy_pass https://yourdomain.com; }
error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
server { listen 443 ssl;
server_name yourdomain.com; #需要将yourdomain.com替换成证书绑定的域名。 root html; index index.html index.htm; ssl_certificate /etc/nginx/conf.d/ssl.pem; #需要将ssl.pem替换成已上传的证书文件的名称。 ssl_certificate_key /etc/nginx/conf.d/ssl.key; #需要将ssl.key替换成已上传的证书密钥文件的名称。 ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #表示使用的TLS协议的类型。 ssl_prefer_server_ciphers on; location / {
proxy_pass http://yourdomain.com:8090; } }
|
4.重启docker容器